-bab6d4ce.png)
CyberAlerts provides a trusted catalog of vulnerabilities known to be exploited in the wild, drawing from many sources, including CISA KEV. Organizations can use this catalog to better prioritize and manage vulnerabilities in response to real-world threat activity. Further information here.
Displaying vulnerabilities 21 - 30 of 118 in total
CVE-2025-4427 |
Description: An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.
CVSS: MEDIUM (5.3) EPSS Score: 76.69%
May 13th, 2025 (23 days ago)
|
|
CVE-2025-30400 |
Description: Use after free in Windows DWM allows an authorized attacker to elevate privileges locally.
CVSS: HIGH (7.8) EPSS Score: 4.24%
May 13th, 2025 (23 days ago)
|
|
CVE-2025-32701 |
Description: Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVSS: HIGH (7.8) EPSS Score: 4.24%
May 13th, 2025 (23 days ago)
|
|
CVE-2025-32706 |
Description: Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVSS: HIGH (7.8) EPSS Score: 10.51%
May 13th, 2025 (23 days ago)
|
|
CVE-2025-30397 |
Description: Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.
CVSS: HIGH (7.5) EPSS Score: 10.87%
May 13th, 2025 (23 days ago)
|
|
CVE-2025-32709 |
Description: Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVSS: HIGH (7.8) EPSS Score: 4.28%
May 13th, 2025 (23 days ago)
|
|
CVE-2024-48766 |
Description: NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and because of factors related to strpos and directory traversal, as exploited in the wild in May 2025. This is related to components/logs.php.
CVSS: HIGH (8.6) EPSS Score: 71.92%
May 13th, 2025 (23 days ago)
|
|
CVE-2024-46506 |
Description: NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement, as exploited in the wild in May 2025. This is related to settings.php and util.php.
CVSS: CRITICAL (10.0) EPSS Score: 47.74%
May 13th, 2025 (23 days ago)
|
|
CVE-2025-47729 |
Description: The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL (aka Archive Signal) app users, which is different functionality than described in the TeleMessage "End-to-End encryption from the mobile phone through to the corporate archive" documentation, as exploited in the wild in May 2025.
CVSS: LOW (1.9) EPSS Score: 8.55%
May 8th, 2025 (28 days ago)
|
|
CVE-2025-27007 |
Description: Incorrect Privilege Assignment vulnerability in Brainstorm Force SureTriggers allows Privilege Escalation.This issue affects SureTriggers: from n/a through 1.0.82.
CVSS: CRITICAL (9.8) EPSS Score: 17.88% SSVC Exploitation: none
May 7th, 2025 (29 days ago)
|