-bab6d4ce.png)
CyberAlerts provides a trusted catalog of vulnerabilities known to be exploited in the wild, drawing from many sources, including CISA KEV. Organizations can use this catalog to better prioritize and manage vulnerabilities in response to real-world threat activity. Further information here.
Displaying vulnerabilities 11 - 20 of 131 in total
CVE-2024-38812 |
Description: The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
CVSS: CRITICAL (9.8) EPSS Score: 58.01% SSVC Exploitation: active
June 10th, 2025 (about 1 month ago)
|
|
CVE-2025-32433 |
Description: Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.
CVSS: CRITICAL (10.0) EPSS Score: 37.73%
June 9th, 2025 (about 1 month ago)
|
|
CVE-2024-42009 |
Description: A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.
EPSS Score: 49.7% SSVC Exploitation: none
June 9th, 2025 (about 1 month ago)
|
|
CVE-2025-49113 |
Description: Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
CVSS: CRITICAL (9.9) EPSS Score: 81.3%
June 5th, 2025 (about 1 month ago)
|
|
CVE-2025-21479 |
Description: Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
CVSS: HIGH (8.6) EPSS Score: 3.29%
June 3rd, 2025 (about 1 month ago)
|
|
CVE-2025-5419 |
Description: Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS: HIGH (8.8) EPSS Score: 0.5%
June 3rd, 2025 (about 1 month ago)
|
|
CVE-2025-48930 |
Description: The TeleMessage service through 2025-05-05 stores certain cleartext information in memory, even though memory content may be accessible to an adversary through various avenues, as exploited in the wild in May 2025.
CVSS: LOW (2.8) EPSS Score: 0.01%
May 28th, 2025 (about 1 month ago)
|
|
CVE-2025-48929 |
Description: The TeleMessage service through 2025-05-05 implements authentication through a long-lived credential (e.g., not a token with a short expiration time) that can be reused at a later date if discovered by an adversary, as exploited in the wild in May 2025.
CVSS: MEDIUM (4.0) EPSS Score: 0.04%
May 28th, 2025 (about 1 month ago)
|
|
CVE-2025-48928 |
Description: The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025.
CVSS: MEDIUM (4.0) EPSS Score: 0.02% SSVC Exploitation: none
May 28th, 2025 (about 1 month ago)
|
|
CVE-2025-48927 |
Description: The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025.
CVSS: MEDIUM (5.3) EPSS Score: 0.04% SSVC Exploitation: none
May 28th, 2025 (about 1 month ago)
|