CyberAlerts provides a trusted catalog of vulnerabilities known to be exploited in the wild, drawing from many sources, including CISA KEV. Organizations can use this catalog to better prioritize and manage vulnerabilities in response to real-world threat activity. Further information here.
Displaying vulnerabilities 31 - 40 of 132 in total
CVE-2025-42999 |
Description: SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.
CVSS: CRITICAL (9.1) EPSS Score: 14.71%
May 15th, 2025 (2 months ago)
|
CVE-2025-4664 |
Description: Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
CVSS: MEDIUM (4.3) EPSS Score: 0.06%
May 15th, 2025 (2 months ago)
|
CVE-2025-4632 |
Description: Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority.
CVSS: CRITICAL (9.8) EPSS Score: 57.86%
May 14th, 2025 (2 months ago)
|
CVE-2025-32756 |
Description: A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiVoice versions 7.2.0, 7.0.0 through 7.0.6, 6.4.0 through 6.4.10, FortiRecorder versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.5, 6.4.0 through 6.4.5, FortiMail versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.4, 7.2.0 through 7.2.7, 7.0.0 through 7.0.8, FortiNDR versions 7.6.0, 7.4.0 through 7.4.7, 7.2.0 through 7.2.4, 7.0.0 through 7.0.6, FortiCamera versions 2.1.0 through 2.1.3, 2.0 all versions, 1.1 all versions, allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie.
CVSS: CRITICAL (9.6) EPSS Score: 8.83%
May 14th, 2025 (2 months ago)
|
CVE-2025-4427 |
Description: An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.
CVSS: MEDIUM (5.3) EPSS Score: 82.26%
May 13th, 2025 (2 months ago)
|
CVE-2025-30400 |
Description: Use after free in Windows DWM allows an authorized attacker to elevate privileges locally.
CVSS: HIGH (7.8) EPSS Score: 4.24%
May 13th, 2025 (2 months ago)
|
CVE-2025-32701 |
Description: Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVSS: HIGH (7.8) EPSS Score: 4.24%
May 13th, 2025 (2 months ago)
|
CVE-2025-32706 |
Description: Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVSS: HIGH (7.8) EPSS Score: 10.51%
May 13th, 2025 (2 months ago)
|
CVE-2025-30397 |
Description: Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.
CVSS: HIGH (7.5) EPSS Score: 30.91%
May 13th, 2025 (2 months ago)
|
CVE-2025-32709 |
Description: Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVSS: HIGH (7.8) EPSS Score: 4.28%
May 13th, 2025 (2 months ago)
|