CyberAlerts Known Exploited Vulnerabilities (KEV)

CyberAlerts provides a trusted catalog of vulnerabilities known to be exploited in the wild, drawing from many sources, including CISA KEV. Organizations can use this catalog to better prioritize and manage vulnerabilities in response to real-world threat activity. Further information here.

Free API Access!

Show Not In CISA KEV

Displaying vulnerabilities 81 - 90 of 90 in total

CVE-2025-0282	A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons... Description: A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution. CVSS: CRITICAL (9.0) EPSS Score: 15.33% January 8th, 2025 (4 months ago)
CVE-2024-55550	Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to... Description: Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access level, and the disclosure is limited to non-sensitive system information. This vulnerability does not allow file modification or privilege escalation. CVSS: LOW (0.0) EPSS Score: 42.72% January 7th, 2025 (4 months ago)
CVE-2024-41713	A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated... Description: A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to view, corrupt, or delete users' data and system configurations. CVSS: LOW (0.0) EPSS Score: 95.44% January 7th, 2025 (4 months ago)
CVE-2024-3393	PAN-OS: Firewall Denial of Service (DoS) in DNS Security Using a Specially Crafted Packet Description: A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode. CVSS: HIGH (8.7) EPSS Score: 0.78% December 27th, 2024 (5 months ago)
CVE-2024-12356	Command Injection Vulnerability in Remote Support(RS) & Privileged Remote Access (PRA) Description: A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user. CVSS: CRITICAL (9.8) EPSS Score: 1.3% December 19th, 2024 (5 months ago)
CVE-2024-49138	Windows Common Log File System Driver Elevation of Privilege Vulnerability Description: Windows Common Log File System Driver Elevation of Privilege Vulnerability CVSS: HIGH (7.8) EPSS Score: 0.05% December 10th, 2024 (5 months ago)
CVE-2024-51378	getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and... Description: getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected. CVSS: CRITICAL (10.0) EPSS Score: 23.11% December 4th, 2024 (5 months ago)
CVE-2024-11667	A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series... Description: A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50(W) series firmware versions V5.10 through V5.38, and USG20(W)-VPN series firmware versions V5.10 through V5.38 could allow an attacker to download or upload files via a crafted URL. CVSS: HIGH (7.5) EPSS Score: 18.85% December 3rd, 2024 (5 months ago)
CVE-2024-11680	ProjectSend Unauthenticated Configuration Modification Description: ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration. Successful exploitation allows attackers to create accounts, upload webshells, and embed malicious JavaScript. CVSS: CRITICAL (9.8) EPSS Score: 46.82% December 3rd, 2024 (5 months ago)
CVE-2023-45727	Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and... Description: Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing malformed XML data, arbitrary files on the server containing account information may be read by the attacker. CVSS: LOW (0.0) EPSS Score: 23.62% December 3rd, 2024 (5 months ago)