Tenable Sensor Proxy < 1.4.0 Multiple Vulnerabilities (TNS-2026-15)

According to its self-reported version, the Tenable Sensor Proxy running on the remote host is prior to 1.4.0. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2026-15 advisory. - When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed...

CVE-2026-24989

creationtimestamp| type| source ---|---|--- 2026-04-09 09:30:07+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mj2ioqvs7d2h...

TencentOS Server 4: nginx (TSSA-2024:0615)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0615 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

CVE-2023-24989

A vulnerability has been identified in Tecnomatix Plant Simulation All versions V2201.0006. The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the...

CVE-2021-24989

The Accept Donations with PayPal WordPress plugin before 1.3.4 does not have CSRF check in place and does not ensure that the post to be deleted belongs to the plugin, allowing attackers to make a logged in admin delete arbitrary posts from the blog...

CVE-2025-24989

An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. This vulnerability has already been mitigated in the service and all affected customers have been notified. This update...

CVE-2025-24989

An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. This vulnerability has already been mitigated in the service and all affected customers have been notified. This update...

CVE-2025-24989

creationtimestamp| type| source ---|---|--- 2025-02-19 22:21:30+00:00| seen| https://bsky.app/profile/cti-news.bsky.social/post/3liksqx4pw62m 2025-02-20 01:48:28+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114033695623711760 2025-02-20 02:16:44+00:00| seen|...

CVE-2025-24989 Microsoft Power Pages Elevation of Privilege Vulnerability

...

KLA80251 PE vulnerability in Microsoft Dynamics

An elevation of privilege vulnerability was found in Microsoft Dynamics. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2025-24989 Related products Microsoft-Power-Platform CVE list CVE-2025-24989 critical Solution Install necessary updates from the KB...

CVE-2024-24989

creationtimestamp| type| source ---|---|--- 2024-02-15 08:01:48+00:00| seen| https://t.me/ctinow/185301 2024-02-15 11:21:23+00:00| seen| https://t.me/ctinow/185420 2024-02-15 20:06:50+00:00| seen| https://t.me/habrcomnews/25246 2024-02-16 07:21:25+00:00| seen| https://t.me/habrcomnews/25253...

FreeBSD : nginx-devel -- Multiple Vulnerabilities in HTTP/3 (c97a4ecf-cc25-11ee-b0ee-0050569f0b83)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the c97a4ecf-cc25-11ee-b0ee-0050569f0b83 advisory. - When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed...

CVE-2024-24989 vulnerabilities

Vulnerabilities for packages: nginx-mainline...

CVE-2024-24989 vulnerabilities

Vulnerabilities for packages: nginx-mainline...

NULL pointer dereference in HTTP/3

NULL pointer dereference in HTTP/3 Severity: major CVE-2024-24989 Not vulnerable: 1.25.4+ Vulnerable: 1.25.3...

CVE-2024-24989

CVE-2024-24989 affects NGINX Plus and NGINX Open Source when configured with the HTTP/3 QUIC module. The underlying issue is in the HTTP/3 QUIC module, which can cause NGINX worker processes to terminate, yielding a denial-of-service condition. The vulnerability is tied to the HTTP/3 QUIC module ...

K000138444: NGINX HTTP/3 QUIC vulnerability CVE-2024-24989

Security Advisory Description When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. CVE-2024-24989 Note : The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information,...

CVE-2022-24989

TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. Shell metacharacters can be placed in raidtype because popen is used without any sanitization...

CVE-2022-24989

TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. Shell metacharacters can be placed in raidtype because popen is used without any sanitization...

CVE-2022-24989

CVE-2022-24989 affects TerraMaster NAS/TOS up to version 4.2.30, enabling remote code execution as root via PHP Object Instantiation in the api.php?mobile/createRaid endpoint. The exploit relies on unsanitized input in the raidtype parameter (Shell metacharacters) and can be chained with credenti...