CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
🚨 Marked as known exploited on July 16th, 2025 (about 24 hours ago).
Description: GreyNoise has observed active exploitation attempts against CVE-2025-5777 (CitrixBleed 2), a memory overread vulnerability in Citrix NetScaler. Exploitation began on June 23 — nearly two weeks before a public proof-of-concept was released on July 4.
CVSS: CRITICAL (9.3) EPSS Score: 5.12%
July 16th, 2025 (about 24 hours ago)
|
CVE-2025-49831 |
🚨 Marked as known exploited on July 15th, 2025 (2 days ago).
Description: An attacker of Secrets Manager, Self-Hosted installations that route traffic from Secrets Manager to AWS through a misconfigured network device can reroute authentication requests to a malicious server under the attacker’s control. CyberArk believes there to be very few installations where this issue can be actively exploited, though Secrets Manager, Self-Hosted (formerly Conjur Enterprise) prior to versions 13.5.1 and 13.6.1 and Conjur OSS prior to version 1.22.1 may be affected. Conjur OSS version 1.22.1 and Secrets Manager, Self-Hosted versions 13.5.1 and 13.6.1 fix the issue.
CVSS: CRITICAL (9.1) EPSS Score: 0.06% SSVC Exploitation: none
July 15th, 2025 (2 days ago)
|
|
CVE-2025-47812 |
🚨 Marked as known exploited on July 14th, 2025 (3 days ago).
Description: CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
CVE-2025-47812 Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CVSS: CRITICAL (10.0) EPSS Score: 83.38%
July 14th, 2025 (3 days ago)
|
|
🚨 Marked as known exploited on July 11th, 2025 (6 days ago).
Description: The U.S. Cybersecurity & Infrastructure Security Agency has confirmed active exploitation of the CitrixBleed 2 vulnerability (CVE-2025-5777) in Citrix NetScaler ADC and Gateway and is giving federal agencies one day to apply fixes. [...]
CVSS: CRITICAL (9.3) EPSS Score: 5.12%
July 11th, 2025 (6 days ago)
|
|
🚨 Marked as known exploited on July 11th, 2025 (6 days ago).
Description: A recently disclosed maximum-severity security flaw impacting the Wing FTP Server has come under active exploitation in the wild, according to Huntress.
The vulnerability, tracked as CVE-2025-47812 (CVSS score: 10.0), is a case of improper handling of null ('\0') bytes in the server's web interface, which allows for remote code execution. It has been addressed in version 7.4.4.
"The user and
CVSS: CRITICAL (10.0) EPSS Score: 83.38%
July 11th, 2025 (6 days ago)
|
|
CVE-2025-47812 |
🚨 Marked as known exploited on July 11th, 2025 (6 days ago).
Description: In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default). This is thus a remote code execution vulnerability that guarantees a total server compromise. This is also exploitable via anonymous FTP accounts.
CVSS: CRITICAL (10.0) EPSS Score: 83.38% SSVC Exploitation: none
July 10th, 2025 (7 days ago)
|
|
🚨 Marked as known exploited on July 8th, 2025 (10 days ago).
Description: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
The list of flaws is as follows -
CVE-2014-3931 (CVSS score: 9.8) - A buffer overflow vulnerability in Multi-Router Looking Glass (MRLG) that could allow remote attackers to cause an
CVSS: CRITICAL (9.8)
July 8th, 2025 (10 days ago)
|
|
CVE-2014-3931 |
🚨 Marked as known exploited on July 7th, 2025 (10 days ago).
Description: CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
CVE-2014-3931 Multi-Router Looking Glass (MRLG) Buffer Overflow Vulnerability
CVE-2016-10033 PHPMailer Command Injection Vulnerability
CVE-2019-5418 Rails Ruby on Rails Path Traversal Vulnerability
CVE-2019-9621 Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CVSS: CRITICAL (9.8)
July 7th, 2025 (10 days ago)
|
|
🚨 Marked as known exploited on June 27th, 2025 (20 days ago).
Description: Frequently asked questions about recent Citrix NetScaler ADC and Gateway vulnerabilities that have reportedly been exploited in the wild, including CVE-2025-5777 known as CitrixBleed 2.BackgroundTenable’s Research Special Operations (RSO) team has compiled this blog to answer Frequently Asked Questions (FAQ) regarding CVE-2025-5777 and CVE-2025-6543, two Citrix NetScaler ADC and Gateway vulnerabilities that have reportedly been exploited in the wild.FAQWhat vulnerabilities have been exploited?As of the publication of this blog on June 27, active exploitation has been reported for the following CVEs:CVEDescriptionCVSSv4SeverityCVE-2025-5777Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability (“CitrixBleed 2”)9.3CriticalCVE-2025-6543Citrix NetScaler ADC and Gateway Denial of Service (DoS) Vulnerability9.2CriticalWhat is CVE-2025-5777 (CitrixBleed 2)CVE-2025-5777 is an out-of-bounds read vulnerability affecting Citrix NetScaler ADC and Gateway. Successful exploitation of this vulnerability would allow an attacker to read memory on an affected device, giving the attacker access to sensitive data including session tokens. These session tokens can be used to bypass multi-factor authentication (MFA) and allow the attacker to take over an authenticated session.Source: Kevin BeaumontWhy is CVE-2025-5777 being called CitrixBleed 2?The moniker CitrixBleed 2 was given to CVE-2025-5777 by security researcher Kevin Beaumont, who observed that this vulnerability is very simi...
CVSS: CRITICAL (9.3) EPSS Score: 5.12%
June 27th, 2025 (20 days ago)
|
|
🚨 Marked as known exploited on June 26th, 2025 (22 days ago).
Description: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added three security flaws, each impacting AMI MegaRAC, D-Link DIR-859 router, and Fortinet FortiOS, to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The list of vulnerabilities is as follows -
CVE-2024-54085 (CVSS score: 10.0) - An authentication bypass by spoofing
CVSS: CRITICAL (10.0)
June 26th, 2025 (22 days ago)
|