-bab6d4ce.png)
CyberAlerts provides a trusted catalog of vulnerabilities known to be exploited in the wild, drawing from many sources, including CISA KEV. Organizations can use this catalog to better prioritize and manage vulnerabilities in response to real-world threat activity. Further information here.
Displaying vulnerabilities 71 - 80 of 115 in total
CVE-2025-24991 |
Description: Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally.
CVSS: MEDIUM (5.5) EPSS Score: 2.97% SSVC Exploitation: active
March 11th, 2025 (3 months ago)
|
|
CVE-2025-25181 |
Description: A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter.
CVSS: MEDIUM (5.8) EPSS Score: 0.05%
March 10th, 2025 (3 months ago)
|
|
CVE-2024-13159 |
Description: Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
March 10th, 2025 (3 months ago)
|
|
CVE-2024-13161 |
Description: Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
March 10th, 2025 (3 months ago)
|
|
CVE-2024-13160 |
Description: Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
March 10th, 2025 (3 months ago)
|
|
CVE-2024-57968 |
Description: Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during web browsing by other users). upload.aspx can be used for this.
CVSS: CRITICAL (9.9) EPSS Score: 0.05%
March 10th, 2025 (3 months ago)
|
|
CVE-2025-22225 |
Description: VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.
CVSS: HIGH (8.2) EPSS Score: 8.45%
March 4th, 2025 (3 months ago)
|
|
CVE-2025-22226 |
Description: VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.
CVSS: HIGH (7.1) EPSS Score: 8.35%
March 4th, 2025 (3 months ago)
|
|
CVE-2025-22224 |
Description: VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
CVSS: CRITICAL (9.3) EPSS Score: 24.22%
March 4th, 2025 (3 months ago)
|
|
CVE-2024-50302 |
Description: In the Linux kernel, the following vulnerability has been resolved:
HID: core: zero-initialize the report buffer
Since the report buffer is used by all kinds of drivers in various ways, let's
zero-initialize it during allocation to make sure that it can't be ever used
to leak kernel memory via specially-crafted report.
CVSS: MEDIUM (5.5) EPSS Score: 0.23% SSVC Exploitation: active
March 4th, 2025 (3 months ago)
|