CyberAlerts.io | Known Exploited Vulnerabilities (KEV)

CyberAlerts provides a trusted catalog of vulnerabilities known to be exploited in the wild, drawing from many sources, including CISA KEV. Organizations can use this catalog to better prioritize and manage vulnerabilities in response to real-world threat activity. Further information here.

Displaying vulnerabilities 1 - 10 of 77 in total

CVE-2025-24054

Description: External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.

CVSS: MEDIUM (6.5)

EPSS Score: 0.12%

April 17th, 2025 (3 days ago)

CVE-2025-27363

Description: An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.

CVSS: HIGH (8.1)

EPSS Score: 5.37%

SSVC Exploitation: none

April 17th, 2025 (3 days ago)

CVE-2025-31201

Description: This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.

CVSS: MEDIUM (6.8)

EPSS Score: 0.5%

SSVC Exploitation: none

April 17th, 2025 (3 days ago)

CVE-2025-31200

Description: A memory corruption issue was addressed with improved bounds checking. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.

CVSS: HIGH (7.5)

EPSS Score: 0.45%

SSVC Exploitation: none

April 17th, 2025 (4 days ago)

CVE-2025-3248

Description: Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.

CVSS: CRITICAL (9.8)

EPSS Score: 80.22%

April 13th, 2025 (7 days ago)

CVE-2025-3102

Description: The SureTriggers: All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to administrative account creation due to a missing empty value check on the 'secret_key' value in the 'autheticate_user' function in all versions up to, and including, 1.0.78. This makes it possible for unauthenticated attackers to create administrator accounts on the target website when the plugin is installed and activated but not configured with an API key.

CVSS: HIGH (8.1)

EPSS Score: 0.15%

April 11th, 2025 (10 days ago)

CVE-2024-36401

Description: GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions. The GeoTools library API that GeoServer calls evaluates property/attribute names for feature types in a way that unsafely passes them to the commons-jxpath library which can execute arbitrary code when evaluating XPath expressions. This XPath evaluation is intended to be used only by complex feature types (i.e., Application Schema data stores) but is incorrectly being applied to simple feature types as well which makes this vulnerability apply to **ALL** GeoServer instances. No public PoC is provided but this vulnerability has been confirmed to be exploitable through WFS GetFeature, WFS GetPropertyValue, WMS GetMap, WMS GetFeatureInfo, WMS GetLegendGraphic and WPS Execute requests. This vulnerability can lead to executing arbitrary code. Versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2 contain a patch for the issue. A workaround exists by removing the `gt-complex-x.y.jar` file from the GeoServer where `x.y` is the GeoTools version (e.g., `gt-complex-31.1.jar` if running GeoServer 2.25.1). This will remove the vulnerable code from GeoServer but may break some GeoServer functionality or prevent GeoServer from deplo...

CVSS: CRITICAL (9.8)

EPSS Score: 94.42%

SSVC Exploitation: active

April 10th, 2025 (10 days ago)

CVE-2024-58136

Description: Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025.

CVSS: CRITICAL (9.0)

EPSS Score: 0.07%

April 10th, 2025 (11 days ago)

CVE-2025-29824

Description: Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

CVSS: HIGH (7.8)

EPSS Score: 4.44%

SSVC Exploitation: active

April 8th, 2025 (12 days ago)

CVE-2025-30406

Description: Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, which enables threat actors (who know the machineKey) to serialize a payload for server-side deserialization to achieve remote code execution. NOTE: the CentreStack admin can manually delete the machineKey defined in portal\web.config. According to Huntress: "It is very important to note that this weakness also affects Gladinet Triofox, up to version 16.4.10317.56372. By default, previous versions of the Triofox software have the same hardcoded cryptographic keys in their configuration file, and can be easily abused for remote code execution." See references.

CVSS: CRITICAL (9.8)

EPSS Score: 58.51%

April 8th, 2025 (12 days ago)