Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2021-46925 |
Description:
Nessus Plugin ID 234545 with High Severity
Synopsis
The remote SUSE host is missing one or more security updates.
Description
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1293-1 advisory. The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-46925: Fixed kernel panic caused by race of smc_sock (bsc#1220466). - CVE-2021-47645: media: staging: media: zoran: calculate the right buffer number for zoran_reap_stat_com (bsc#1237767). - CVE-2021-47648: gpu: host1x: Fix a memory leak in 'host1x_remove()' (bsc#1237725). - CVE-2022-49046: i2c: dev: check return value when calling dev_set_name() (bsc#1237842). - CVE-2022-49051: net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (bsc#1237903). - CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237918). - CVE-2022-49059: nfc: nci: add flush_workqueue to prevent uaf (bsc#1238007). - CVE-2022-49074: irqchip/gic-v3: Fix GICR_CTLR.RWP polling (bsc#1237728). - CVE-2022-49075: btrfs: fix qgroup reserve overflow the qgroup limit (bsc#1237733). - CVE-2022-49084: qede: confirm skb is allocated before using (bsc#1237751). - CVE-2022-49107: ceph: fix memory leak in ceph_readdir when note_last_dentry returns error (bsc#1237973). - CVE-2022-49109: ceph: fix inode reference leak...
CVSS: MEDIUM (4.7)
April 17th, 2025 (2 days ago)
|
|
CVE-2025-2197 |
Description: Browser is affected by type confusion vulnerability, successful exploitation of this vulnerability may affect service availability.
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
April 17th, 2025 (2 days ago)
|
|
CVE-2025-3615 |
Description: The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form-submission.js script in all versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.03%
April 17th, 2025 (2 days ago)
|
|
CVE-2025-3295 |
Description: The WP Editor plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to read arbitrary files on the affected site's server which may reveal sensitive information.
CVSS: MEDIUM (4.9) EPSS Score: 0.04%
April 17th, 2025 (2 days ago)
|
|
🚨 Marked as known exploited on April 17th, 2025 (2 days ago).
Description: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting SonicWall Secure Mobile Access (SMA) 100 Series gateways to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The high-severity vulnerability, tracked as CVE-2021-20035 (CVSS score: 7.2), relates to a case of operating system command injection
CVSS: MEDIUM (6.5)
April 17th, 2025 (2 days ago)
|
|
CVE-2025-43717 |
Description: In PEAR HTTP_Request2 before 2.7.0, multiple files in the tests directory, notably tests/_network/getparameters.php and tests/_network/postparameters.php, reflect any GET or POST parameters, leading to XSS.
CVSS: MEDIUM (5.4) EPSS Score: 0.03%
April 17th, 2025 (2 days ago)
|
|
CVE-2025-31339 |
Description: An unrestricted upload of file with dangerous type vulnerability in the course management function of Wisdom Master Pro versions 5.0 through 5.2 allows remote authenticated users to craft a malicious file.
CVSS: MEDIUM (5.3) EPSS Score: 0.15%
April 17th, 2025 (2 days ago)
|
|
CVE-2025-31338 |
Description: A missing authorization vulnerability in the retrieve teacher Information function of Wisdom Master Pro versions 5.0 through 5.2 allows remote attackers to obtain partial user data by accessing the API functionality.
CVSS: MEDIUM (6.9) EPSS Score: 0.14%
April 17th, 2025 (2 days ago)
|
|
CVE-2025-43704 |
Description: Arctera/Veritas Data Insight before 7.1.2 can send cleartext credentials when configured to use HTTP Basic Authentication to a Dell Isilon OneFS server.
CVSS: MEDIUM (4.7) EPSS Score: 0.01%
April 16th, 2025 (3 days ago)
|
|
CVE-2025-24911 |
Description: Overview
Â
XML documents optionally contain a Document Type Definition (DTD), which, among other features, enables the definition of XML entities. It is possible to define an entity by providing a substitution string in the form of a URI. Once the content of the URI is read, it is fed back into the application that is processing the XML. This application may echo back the data (e.g. in an error message), thereby exposing the file contents. (CWE-611)
Â
Description
Â
Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.2, including 9.3.x and 8.3.x, do not correctly protect Data Access XMLParserFactoryProducer against out-of-band XML External Entity Reference.
Â
Impact
Â
By submitting an XML file that defines an external entity with a file:// URI, an attacker can cause the processing application to read the contents of a local file. Using URIs with other schemes such as http://, the attacker can force the application to make outgoing requests to servers that the attacker cannot reach directly, which can be used to bypass firewall restrictions or hide the source of attacks such as port scanning.
CVSS: MEDIUM (4.9) EPSS Score: 0.04%
April 16th, 2025 (3 days ago)
|