Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-48930 |
🚨 Marked as known exploited on May 28th, 2025 (5 days ago).
Description: The TeleMessage service through 2025-05-05 stores certain cleartext information in memory, even though memory content may be accessible to an adversary through various avenues, as exploited in the wild in May 2025.
CVSS: LOW (2.8) EPSS Score: 0.01%
May 28th, 2025 (5 days ago)
|
|
CVE-2025-47729 |
🚨 Marked as known exploited on May 8th, 2025 (25 days ago).
Description: The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL (aka Archive Signal) app users, which is different functionality than described in the TeleMessage "End-to-End encryption from the mobile phone through to the corporate archive" documentation, as exploited in the wild in May 2025.
CVSS: LOW (1.9) EPSS Score: 8.55%
May 8th, 2025 (25 days ago)
|
|
🚨 Marked as known exploited on May 1st, 2025 (about 1 month ago).
Description: SonicWall has revealed that two now-patched security flaws impacting its SMA100 Secure Mobile Access (SMA) appliances have been exploited in the wild.
The vulnerabilities in question are listed below -
CVE-2023-44221 (CVSS score: 7.2) - Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to
CVSS: LOW (0.0)
May 1st, 2025 (about 1 month ago)
|
|
🚨 Marked as known exploited on April 29th, 2025 (about 1 month ago).
Description: Written by: Casey Charrier, James Sadowski, Clement Lecigne, Vlad Stolyarov
Executive Summary
Google Threat Intelligence Group (GTIG) tracked 75 zero-day vulnerabilities exploited in the wild in 2024, a decrease from the number we identified in 2023 (98 vulnerabilities), but still an increase from 2022 (63 vulnerabilities). We divided the reviewed vulnerabilities into two main categories: end-user platforms and products (e.g., mobile devices, operating systems, and browsers) and enterprise-focused technologies, such as security software and appliances.Â
Vendors continue to drive improvements that make some zero-day exploitation harder, demonstrated by both dwindling numbers across multiple categories and reduced observed attacks against previously popular targets. At the same time, commercial surveillance vendors (CSVs) appear to be increasing their operational security practices, potentially leading to decreased attribution and detection.
We see zero-day exploitation targeting a greater number and wider variety of enterprise-specific technologies, although these technologies still remain a smaller proportion of overall exploitation when compared to end-user technologies. While the historic focus on the exploitation of popular end-user technologies and their users continues, the shift toward increased targeting of enterprise-focused products will require a wider and more diverse set of vendors to increase proactive security measures in order to reduce future zero-day expl...
CVSS: LOW (0.0)
April 29th, 2025 (about 1 month ago)
|
|
CVE-2025-30259 |
🚨 Marked as known exploited on March 20th, 2025 (2 months ago).
Description: The WhatsApp cloud service before late 2024 did not block certain crafted PDF content that can defeat a sandbox protection mechanism and consequently allow remote access to messaging applications by third parties, as exploited in the wild in 2024 for installation of Android malware associated with BIGPRETZEL.
CVSS: LOW (3.5) EPSS Score: 0.03%
March 20th, 2025 (2 months ago)
|
|
CVE-2024-55550 |
🚨 Marked as known exploited on January 7th, 2025 (5 months ago).
Description: Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access level, and the disclosure is limited to non-sensitive system information. This vulnerability does not allow file modification or privilege escalation.
CVSS: LOW (0.0) EPSS Score: 42.72%
December 11th, 2024 (6 months ago)
|
|
CVE-2024-41713 |
🚨 Marked as known exploited on January 7th, 2025 (5 months ago).
Description: A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to view, corrupt, or delete users' data and system configurations.
CVSS: LOW (0.0) EPSS Score: 95.44%
December 11th, 2024 (6 months ago)
|
|
CVE-2024-53104 |
🚨 Marked as known exploited on February 4th, 2025 (4 months ago).
Description: In the Linux kernel, the following vulnerability has been resolved:
media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format
This can lead to out of bounds writes since frames of this type were not
taken into account when calculating the size of the frames buffer in
uvc_parse_streaming.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 3rd, 2024 (6 months ago)
|
|
CVE-2023-45727 |
🚨 Marked as known exploited on December 3rd, 2024 (6 months ago).
Description: Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing malformed XML data, arbitrary files on the server containing account information may be read by the attacker.
CVSS: LOW (0.0) EPSS Score: 23.62%
December 3rd, 2024 (6 months ago)
|
|
CVE-2023-44221 |
🚨 Marked as known exploited on May 1st, 2025 (about 1 month ago).
Description: Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability.
CVSS: LOW (0.0) EPSS Score: 0.14%
December 3rd, 2024 (6 months ago)
|