CyberAlerts Known Exploited Vulnerabilities (KEV)

CyberAlerts provides a trusted catalog of vulnerabilities known to be exploited in the wild, drawing from many sources, including CISA KEV. Organizations can use this catalog to better prioritize and manage vulnerabilities in response to real-world threat activity. Further information here.

Free API Access!

Show Not In CISA KEV

Displaying vulnerabilities 51 - 60 of 90 in total

CVE-2024-57968	Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during... Description: Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during web browsing by other users). upload.aspx can be used for this. CVSS: CRITICAL (9.9) EPSS Score: 0.05% March 10th, 2025 (2 months ago)
CVE-2024-50302	HID: core: zero-initialize the report buffer Description: In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report. CVSS: MEDIUM (5.5) EPSS Score: 0.23% SSVC Exploitation: active March 4th, 2025 (2 months ago)
CVE-2025-22225	VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel... Description: VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox. CVSS: HIGH (8.2) EPSS Score: 8.45% March 4th, 2025 (2 months ago)
CVE-2025-22226	VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with... Description: VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process. CVSS: HIGH (7.1) EPSS Score: 8.35% March 4th, 2025 (2 months ago)
CVE-2025-22224	VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor... Description: VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. CVSS: CRITICAL (9.3) EPSS Score: 24.22% March 4th, 2025 (2 months ago)
CVE-2024-4885	WhatsUp Gold GetFileWithoutZip Directory Traversal Remote Code Execution Vulnerability Description: In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole privileges. CVSS: CRITICAL (9.8) EPSS Score: 93.68% SSVC Exploitation: active March 3rd, 2025 (2 months ago)
CVE-2024-49035	Partner.Microsoft.Com Elevation of Privilege Vulnerability Description: An improper access control vulnerability in Partner.Microsoft.com allows an a unauthenticated attacker to elevate privileges over a network. CVSS: HIGH (8.7) EPSS Score: 0.19% February 25th, 2025 (2 months ago)
CVE-2024-20953	Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Export). The supported version that is affected is 9.3.6. Easily... Description: Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Export). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in takeover of Oracle Agile PLM. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). CVSS: HIGH (8.8) EPSS Score: 4.2% February 24th, 2025 (3 months ago)
CVE-2025-24989	Microsoft Power Pages Elevation of Privilege Vulnerability Description: An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. This vulnerability has already been mitigated in the service and all affected cusomters have been notified. This update addressed the registration control bypass. Affected customers have been given instructions on reviewing their sites for potential exploitation and clean up methods. If you've not been notified this vulnerability does not affect you. CVSS: HIGH (8.2) EPSS Score: 25.72% February 21st, 2025 (3 months ago)
CVE-2025-0111	PAN-OS: Authenticated File Read Vulnerability in the Management Web Interface Description: An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access software. CVSS: HIGH (7.1) EPSS Score: 2.94% February 20th, 2025 (3 months ago)