TencentOS Server 3: gimp:2.8 (TSSA-2026:0324)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0324 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CVE-2021-0324

Product: AndroidVersions: Android SoCAndroid ID: A-175402462...

CVE-1999-0324

ppl program in HP-UX allows local users to create root files through symlinks...

EUVD-2026-0324

This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...

CVE-2025-0324

creationtimestamp| type| source ---|---|--- 2025-06-02 08:59:30+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqmfwa36fse2 2025-06-02 09:01:34+00:00| seen| Telegram/VQ0FQ5ZLin3xUorKYhfcFNtdNKkFwfxKkGrKdLfMt-CdeI0 2025-06-02...

CVE-2025-0324

The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges...

CVE-2020-0324

In libsonivox, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-136660304...

CVE-2013-0324

Cross-site scripting XSS vulnerability in the Rendered links formatter in the Menu Reference module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the "Administer menus and menu items" permission to inject arbitrary web script or HTML via the menu link title...

RockyLinux 9 : rsync (RLSA-2025:0324)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:0324 advisory. rsync: Info Leak via Uninitialized Stack Contents CVE-2024-12085 Tenable has extracted the preceding description block directly from the RockyLinux security...

CVE-2022-0324

There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory write that would cause dhcp6relay to crash. Dhcp6relay is a critical process and could cause dhcp...

RHSA-2025:0324

creationtimestamp| type| source ---|---|--- 2025-01-29 10:10:09+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/3368 2025-02-26 14:25:20+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/5493...

Mageia: Security Advisory (MGASA-2024-0324)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Photon OS 4.0: Vim PHSA-2023-4.0-0324

An update of the vim package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-4.0-0324. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid20324...

CVE-2024-0324

CVE-2024-0324 affects the WordPress plugin User Profile Builder (Profile Builder) up to version 3.10.8. The root cause is a missing capability check in the wppb_two_factor_authentication_settings_update function, allowing unauthenticated attackers to enable/disable 2FA for arbitrary user roles in...

CVE-2024-0324 User Profile Builder <= 3.10.8 - Missing Authorization to Plugin Settings Change via wppb_two_factor_authentication_settings_update

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wppbtwofactorauthenticationsettingsupdate' function in all versions up to, and including...

WordPress Profile Builder Plugin <= 3.10.8 is vulnerable to Broken Access Control

Software Profile Builder Type Plugin Vulnerable versions = 3.10.8 Fixed in 3.10.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0324 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID c4fb0e8879d0 Credits kodaichodai Required...

Attacks, Vulnerabilities and Actors 11 September to 17 September 2023

For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, a total of eight attacks were executed, along with eleven vulnerabilities discovered, and two different adversaries...

Storm-0324 Exploits Microsoft Teams Chats Deploying JSSLoader

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Storm-0324 is a financially motivated threat actor with a history of operations dating back to 2016. This actor has a specialization in facilitating ransomware deployments and providing access to...

Microsoft Warns of New Phishing Campaign Targeting Corporations via Teams Messages

Microsoft is warning of a new phishing campaign undertaken by an initial access broker that involves using Teams messages as lures to infiltrate corporate networks. The tech giant's Threat Intelligence team is tracking the cluster under the name Storm-0324, which is also known by the monikers TA5...

Malware distributor Storm-0324 facilitates ransomware access

The threat actor that Microsoft tracks as Storm-0324 is a financially motivated group known to gain initial access using email-based initial infection vectors and then hand off access to compromised networks to other threat actors. These handoffs frequently lead to ransomware deployment. Beginnin...