CyberAlerts Known Exploited Vulnerabilities (KEV)

CyberAlerts provides a trusted catalog of vulnerabilities known to be exploited in the wild, drawing from many sources, including CISA KEV. Organizations can use this catalog to better prioritize and manage vulnerabilities in response to real-world threat activity. Further information here.

Free API Access!

Show Not In CISA KEV

Displaying vulnerabilities 61 - 70 of 77 in total

CVE-2024-53104	media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format Description: In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming. CVSS: LOW (0.0) EPSS Score: 0.04% February 4th, 2025 (2 months ago)
CVE-2024-41710	A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1... Description: A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter sanitization during the boot process. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system. CVSS: HIGH (7.2) EPSS Score: 1.18% January 30th, 2025 (3 months ago)
CVE-2024-40891	A post-authentication command injection vulnerability in the management commands of the legacy DSL CPE Zyxel... Description: A post-authentication command injection vulnerability in the management commands of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an authenticated attacker to execute operating system (OS) commands on an affected device via Telnet. CVSS: HIGH (8.8) EPSS Score: 4.13% January 29th, 2025 (3 months ago)
CVE-2025-24085	A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia... Description: A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2. CVSS: HIGH (7.8) EPSS Score: 0.21% January 28th, 2025 (3 months ago)
CVE-2025-23006	Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and... Description: Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands. CVSS: CRITICAL (9.8) EPSS Score: 1.37% January 24th, 2025 (3 months ago)
CVE-2024-12686	Command Injection vulnerability in Remote Support(RS) & Privilege Remote Access (PRA) Description: A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user. CVSS: MEDIUM (6.6) EPSS Score: 6.18% January 13th, 2025 (3 months ago)
CVE-2024-50603	An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements... Description: An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements used in an OS command, an unauthenticated attacker is able to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloud_type for list_flightpath_destination_instances, or src_cloud_type for flightpath_connection_test. CVSS: CRITICAL (10.0) EPSS Score: 92.43% January 13th, 2025 (3 months ago)
CVE-2025-0282	A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons... Description: A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution. CVSS: CRITICAL (9.0) EPSS Score: 15.33% January 8th, 2025 (3 months ago)
CVE-2024-55550	Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to... Description: Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access level, and the disclosure is limited to non-sensitive system information. This vulnerability does not allow file modification or privilege escalation. CVSS: LOW (0.0) EPSS Score: 42.72% January 7th, 2025 (3 months ago)
CVE-2024-41713	A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated... Description: A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to view, corrupt, or delete users' data and system configurations. CVSS: LOW (0.0) EPSS Score: 95.44% January 7th, 2025 (3 months ago)