Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-30474
Amazon Linux 2 : apache-commons-vfs (ALAS-2025-2819)
Description: Nessus Plugin ID 234529 with Medium Severity Synopsis The remote Amazon Linux 2 host is missing a security update. Description The version of apache-commons-vfs installed on the remote host is prior to 2.0-11. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2819 advisory. Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Commons VFS. The FtpFileObject class can throw an exception when a file is not found, revealing the original URI in its message, which may include a password. The fix is to mask the password in the exception messageThis issue affects Apache Commons VFS: before 2.10.0. Users are recommended to upgrade to version 2.10.0, which fixes the issue. (CVE-2025-30474)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Run 'yum update apache-commons-vfs' to update your system. Read more at https://www.tenable.com/plugins/nessus/234529

EPSS Score: 0.05%

Source: Tenable Plugins
April 17th, 2025 (3 days ago)

CVE-2024-54551
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : webkit2gtk3 (SUSE-SU-2025:1331-1)
Description: Nessus Plugin ID 234539 with Critical Severity Synopsis The remote SUSE host is missing one or more security updates. Description The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1331-1 advisory. - Update to version 2.48.1 - CVE-2024-54551: improper memory handling may lead to a denial-of-service when processing certain web content (bsc#1240962) - CVE-2025-24208: permissions issue may lead to a cross-site scripting attack when loading a malicious iframe (bsc#1240961) - CVE-2025-24209: buffer overflow may lead to crash when processing maliciously crafted web content (bsc#1240964) - CVE-2025-24213: type confusion issue may lead to memory corruption (bsc#1240963) - CVE-2025-24216: improper memory handling may lead to an unexpected crash when processing certain web content (bsc#1240986) - CVE-2025-24264: improper memory handling may lead to unexpected crash when processing certain web content (bsc#1240987) - CVE-2025-30427: use-after-free issue may lead to an unexpected Safari crash when processing maliciously crafted web content (bsc#1240958)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. ...

EPSS Score: 0.17%

Source: Tenable Plugins
April 17th, 2025 (3 days ago)

CVE-2025-23392
SUSE SLES15 Security Update : Multi-Linux Manager 4.3: Server (SUSE-SU-2025:1321-1)
Description: Nessus Plugin ID 234541 with Medium Severity Synopsis The remote SUSE host is missing a security update. Description The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:1321-1 advisory. spacewalk-java: - Version 4.3.85-0: * CVE-2025-23392: Filter user input in systems list page. (bsc#1239826)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected packages. Read more at https://www.tenable.com/plugins/nessus/234541
Source: Tenable Plugins
April 17th, 2025 (3 days ago)

CVE-2025-1860
openSUSE 15 Security Update : perl-Data-Entropy (openSUSE-SU-2025:0123-1)
Description: Nessus Plugin ID 234542 with Critical Severity Synopsis The remote openSUSE host is missing a security update. Description The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2025:0123-1 advisory. Updated to 0.8.0 (0.008): see /usr/share/doc/packages/perl-Data-Entropy/Changes Version 0.008; 2025-03-27: * Use Crypt::URandom to seed the default algorithm with cryptographically secure random bytes instead of the builtin rand() function (boo#1240395, CVE-2025-1860). * This module has been marked as deprecated. * A security policy was added. * Remove use of Module::Build. * Updated maintainer information.Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected perl-Data-Entropy package. Read more at https://www.tenable.com/plugins/nessus/234542

EPSS Score: 0.03%

Source: Tenable Plugins
April 17th, 2025 (3 days ago)

CVE-2024-8176
SUSE SLES12 Security Update : expat (SUSE-SU-2025:1295-1)
Description: Nessus Plugin ID 234543 with High Severity Synopsis The remote SUSE host is missing a security update. Description The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:1295-1 advisory. - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContextTenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected expat, libexpat-devel, libexpat1 and / or libexpat1-32bit packages. Read more at https://www.tenable.com/plugins/nessus/234543
Source: Tenable Plugins
April 17th, 2025 (3 days ago)

CVE-2024-12088
SUSE SLES12 Security Update : rsync (SUSE-SU-2025:1330-1)
Description: Nessus Plugin ID 234544 with Medium Severity Synopsis The remote SUSE host is missing a security update. Description The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:1330-1 advisory. - Fixed bwlimit=0 option broken by CVE-2024-12088 fix (bsc#1239649).Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected rsync package. Read more at https://www.tenable.com/plugins/nessus/234544
Source: Tenable Plugins
April 17th, 2025 (3 days ago)

CVE-2024-54551
SUSE SLES12 Security Update : webkit2gtk3 (SUSE-SU-2025:1325-1)
Description: Nessus Plugin ID 234546 with Medium Severity Synopsis The remote SUSE host is missing one or more security updates. Description The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1325-1 advisory. - Update to version 2.48.1 - CVE-2024-54551: improper memory handling may lead to a denial-of-service when processing certain web content (bsc#1240962) - CVE-2025-24208: permissions issue may lead to a cross-site scripting attack when loading a malicious iframe (bsc#1240961) - CVE-2025-24209: buffer overflow may lead to crash when processing maliciously crafted web content (bsc#1240964) - CVE-2025-24213: type confusion issue may lead to memory corruption (bsc#1240963) - CVE-2025-24216: improper memory handling may lead to an unexpected crash when processing certain web content (bsc#1240986) - CVE-2025-24264: improper memory handling may lead to unexpected crash when processing certain web content (bsc#1240987) - CVE-2025-30427: use-after-free issue may lead to an unexpected Safari crash when processing maliciously crafted web content (bsc#1240958) - CVE-2024-44192: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1239863) - CVE-2024-54467: a malicious website may exfiltrate data cross-origin due to a cookie management issue (bsc#1239864)Tenable has extracted the prec...

EPSS Score: 0.17%

Source: Tenable Plugins
April 17th, 2025 (3 days ago)
Unmasking the new XorDDoS controller and infrastructure
Description: Cisco Talos observed the ongoing global spread of the XorDDoS malware, predominantly targeting the United States, with evidence suggesting Chinese-speaking operators are using sophisticated tools to orchestrate widespread attacks.
Source: Cisco Talos Blog
April 17th, 2025 (3 days ago)
Blockchain Offers Security Benefits – But Don't Neglect Your Passwords
Description: Blockchain is best known for its use in cryptocurrencies like Bitcoin, but it also holds significant applications for online authentication. As businesses in varying sectors increasingly embrace blockchain-based security tools, could the technology one day replace passwords? How blockchain works  Blockchain is a secure way to maintain, encrypt, and exchange digital records of transactions.
Source: TheHackerNews
April 17th, 2025 (3 days ago)
🏴‍☠️ Qilin has just published a new victim : universalwindow.com
Description: Universal Window and Door, LLC engages in the design, manufacture, and supply of custom window solutions for historic restoration and new commercial construction projects. The company offers steel replica, historic, projected/casement, double ...
Source: Ransomware.live
April 17th, 2025 (3 days ago)