CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CyberAlerts.io | Known Exploited Vulnerabilities (KEV)

CyberAlerts provides a trusted catalog of vulnerabilities known to be exploited in the wild, drawing from many sources, including CISA KEV. Organizations can use this catalog to better prioritize and manage vulnerabilities in response to real-world threat activity. Further information here.

Displaying vulnerabilities 31 - 40 of 132 in total

CVE-2025-42999

Description: SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.

CVSS: CRITICAL (9.1)

EPSS Score: 14.71%

May 15th, 2025 (2 months ago)

CVE-2025-4664

Description: Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

CVSS: MEDIUM (4.3)

EPSS Score: 0.06%

May 15th, 2025 (2 months ago)

CVE-2025-4632

Description: Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority.

CVSS: CRITICAL (9.8)

EPSS Score: 57.86%

May 14th, 2025 (2 months ago)

CVE-2025-32756

Description: A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiVoice versions 7.2.0, 7.0.0 through 7.0.6, 6.4.0 through 6.4.10, FortiRecorder versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.5, 6.4.0 through 6.4.5, FortiMail versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.4, 7.2.0 through 7.2.7, 7.0.0 through 7.0.8, FortiNDR versions 7.6.0, 7.4.0 through 7.4.7, 7.2.0 through 7.2.4, 7.0.0 through 7.0.6, FortiCamera versions 2.1.0 through 2.1.3, 2.0 all versions, 1.1 all versions, allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie.

CVSS: CRITICAL (9.6)

EPSS Score: 8.83%

May 14th, 2025 (2 months ago)

CVE-2025-4427

Description: An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.

CVSS: MEDIUM (5.3)

EPSS Score: 82.26%

May 13th, 2025 (2 months ago)

CVE-2025-30400

Description: Use after free in Windows DWM allows an authorized attacker to elevate privileges locally.

CVSS: HIGH (7.8)

EPSS Score: 4.24%

May 13th, 2025 (2 months ago)

CVE-2025-32701

Description: Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

CVSS: HIGH (7.8)

EPSS Score: 4.24%

May 13th, 2025 (2 months ago)

CVE-2025-32706

Description: Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

CVSS: HIGH (7.8)

EPSS Score: 10.51%

May 13th, 2025 (2 months ago)

CVE-2025-30397

Description: Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.

CVSS: HIGH (7.5)

EPSS Score: 30.91%

May 13th, 2025 (2 months ago)

CVE-2025-32709

Description: Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVSS: HIGH (7.8)

EPSS Score: 4.28%

May 13th, 2025 (2 months ago)