CyberAlerts provides a trusted catalog of vulnerabilities known to be exploited in the wild, drawing from many sources, including CISA KEV. Organizations can use this catalog to better prioritize and manage vulnerabilities in response to real-world threat activity. Further information here.
Displaying vulnerabilities 41 - 50 of 130 in total
CVE-2025-47729 |
Description: The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL (aka Archive Signal) app users, which is different functionality than described in the TeleMessage "End-to-End encryption from the mobile phone through to the corporate archive" documentation, as exploited in the wild in May 2025.
CVSS: LOW (1.9) EPSS Score: 8.55%
May 8th, 2025 (about 2 months ago)
|
CVE-2025-27007 |
Description: Incorrect Privilege Assignment vulnerability in Brainstorm Force SureTriggers allows Privilege Escalation.This issue affects SureTriggers: from n/a through 1.0.82.
CVSS: CRITICAL (9.8) EPSS Score: 17.88% SSVC Exploitation: none
May 7th, 2025 (about 2 months ago)
|
CVE-2024-6047 |
Description: Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.
CVSS: CRITICAL (9.8) EPSS Score: 75.4% SSVC Exploitation: active
May 7th, 2025 (about 2 months ago)
|
CVE-2024-11120 |
Description: Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports.
CVSS: CRITICAL (9.8) EPSS Score: 54.56% SSVC Exploitation: active
May 7th, 2025 (about 2 months ago)
|
CVE-2025-34028 |
Description: A path traversal vulnerability in Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files, which, when expanded by the target server, result in Remote Code Execution.
A PoC exists for this vulnerability.
This issue affects Command Center Innovation Release: 11.38.
CVSS: CRITICAL (10.0) EPSS Score: 63.86%
May 2nd, 2025 (about 2 months ago)
|
CVE-2024-38475 |
Description: Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure.
Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained.
EPSS Score: 0.04%
May 1st, 2025 (2 months ago)
|
CVE-2023-44221 |
Description: Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability.
CVSS: LOW (0.0) EPSS Score: 0.14%
May 1st, 2025 (2 months ago)
|
CVE-2025-3928 |
Description: Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms.
CVSS: HIGH (8.8) EPSS Score: 15.08%
April 28th, 2025 (2 months ago)
|
CVE-2025-42599 |
Description: Active! mail 6 BuildInfo: 6.60.05008561 and earlier contains a stack-based buffer overflow vulnerability. Receiving a specially crafted request created and sent by a remote unauthenticated attacker may lead to arbitrary code execution and/or a denial-of-service (DoS) condition.
CVSS: CRITICAL (9.8) EPSS Score: 13.86%
April 28th, 2025 (2 months ago)
|
CVE-2025-1976 |
Description: Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6.
CVSS: HIGH (8.6) EPSS Score: 1.79%
April 28th, 2025 (2 months ago)
|