Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-30259
The WhatsApp cloud service before late 2024 did not block certain crafted PDF content that can defeat a sandbox protection mechanism and...
🚨 Marked as known exploited on March 20th, 2025 (29 days ago).
Description: The WhatsApp cloud service before late 2024 did not block certain crafted PDF content that can defeat a sandbox protection mechanism and consequently allow remote access to messaging applications by third parties, as exploited in the wild in 2024 for installation of Android malware associated with BIGPRETZEL.

CVSS: LOW (3.5)

EPSS Score: 0.03%

Source: CVE
March 20th, 2025 (29 days ago)

CVE-2024-55550
Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to...
🚨 Marked as known exploited on January 7th, 2025 (3 months ago).
Description: Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access level, and the disclosure is limited to non-sensitive system information. This vulnerability does not allow file modification or privilege escalation.

CVSS: LOW (0.0)

EPSS Score: 42.72%

Source: CVE
December 11th, 2024 (4 months ago)

CVE-2024-41713
A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated...
🚨 Marked as known exploited on January 7th, 2025 (3 months ago).
Description: A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to view, corrupt, or delete users' data and system configurations.

CVSS: LOW (0.0)

EPSS Score: 95.44%

Source: CVE
December 11th, 2024 (4 months ago)

CVE-2024-53104
media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format
🚨 Marked as known exploited on February 4th, 2025 (2 months ago).
Description: In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 3rd, 2024 (5 months ago)

CVE-2023-45727
Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and...
🚨 Marked as known exploited on December 3rd, 2024 (5 months ago).
Description: Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing malformed XML data, arbitrary files on the server containing account information may be read by the attacker.

CVSS: LOW (0.0)

EPSS Score: 23.62%

Source: CVE
December 3rd, 2024 (5 months ago)