CyberAlerts Known Exploited Vulnerabilities (KEV)

CyberAlerts provides a trusted catalog of vulnerabilities known to be exploited in the wild, drawing from many sources, including CISA KEV. Organizations can use this catalog to better prioritize and manage vulnerabilities in response to real-world threat activity. Further information here.

Free API Access!

Show Not In CISA KEV

Displaying vulnerabilities 91 - 100 of 104 in total

CVE-2025-24085	A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia... Description: A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2. CVSS: HIGH (7.8) EPSS Score: 0.21% January 28th, 2025 (4 months ago)
CVE-2025-23006	Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and... Description: Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands. CVSS: CRITICAL (9.8) EPSS Score: 1.37% January 24th, 2025 (4 months ago)
CVE-2024-50603	An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements... Description: An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements used in an OS command, an unauthenticated attacker is able to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloud_type for list_flightpath_destination_instances, or src_cloud_type for flightpath_connection_test. CVSS: CRITICAL (10.0) EPSS Score: 92.43% January 13th, 2025 (4 months ago)
CVE-2024-12686	Command Injection vulnerability in Remote Support(RS) & Privilege Remote Access (PRA) Description: A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user. CVSS: MEDIUM (6.6) EPSS Score: 6.18% January 13th, 2025 (4 months ago)
CVE-2025-0282	A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons... Description: A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution. CVSS: CRITICAL (9.0) EPSS Score: 15.33% January 8th, 2025 (4 months ago)
CVE-2024-41713	A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated... Description: A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to view, corrupt, or delete users' data and system configurations. CVSS: LOW (0.0) EPSS Score: 95.44% January 7th, 2025 (4 months ago)
CVE-2024-55550	Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to... Description: Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access level, and the disclosure is limited to non-sensitive system information. This vulnerability does not allow file modification or privilege escalation. CVSS: LOW (0.0) EPSS Score: 42.72% January 7th, 2025 (4 months ago)
CVE-2024-3393	PAN-OS: Firewall Denial of Service (DoS) in DNS Security Using a Specially Crafted Packet Description: A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode. CVSS: HIGH (8.7) EPSS Score: 0.78% December 27th, 2024 (5 months ago)
CVE-2024-12356	Command Injection Vulnerability in Remote Support(RS) & Privileged Remote Access (PRA) Description: A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user. CVSS: CRITICAL (9.8) EPSS Score: 1.3% December 19th, 2024 (5 months ago)
CVE-2024-49138	Windows Common Log File System Driver Elevation of Privilege Vulnerability Description: Windows Common Log File System Driver Elevation of Privilege Vulnerability CVSS: HIGH (7.8) EPSS Score: 0.05% December 10th, 2024 (5 months ago)