Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
🚨 Marked as known exploited on April 15th, 2025 (about 6 hours ago).
Description: A recently disclosed security flaw in Gladinet CentreStack also impacts its Triofox remote access and collaboration solution, according to Huntress, with seven different organizations compromised to date.
Tracked as CVE-2025-30406 (CVSS score: 9.0), the vulnerability refers to the use of a hard-coded cryptographic key that could expose internet-accessible servers to remote code execution attacks
CVSS: CRITICAL (9.8)
April 15th, 2025 (about 6 hours ago)
|
|
🚨 Marked as known exploited on April 14th, 2025 (about 18 hours ago).
Description: A threat actor posted about the zero-day exploit on the same day that Fortinet published a warning about known vulnerabilities under active exploitation.
April 14th, 2025 (about 18 hours ago)
|
|
🚨 Marked as known exploited on April 11th, 2025 (4 days ago).
Description: A newly disclosed high-severity security flaw impacting OttoKit (formerly SureTriggers) has come under active exploitation within a few hours of public disclosure.
The vulnerability, tracked as CVE-2025-3102 (CVSS score: 8.1), is an authorization bypass bug that could permit an attacker to create administrator accounts under certain conditions and take control of susceptible websites.
"The
CVSS: HIGH (8.1) EPSS Score: 0.13%
April 11th, 2025 (4 days ago)
|
|
🚨 Marked as known exploited on April 10th, 2025 (5 days ago).
Description: Hackers started exploiting a high-severity flaw that allows bypassing authentication in the OttoKit (formerly SureTriggers) plugin for WordPress just hours after public disclosure. [...]
April 10th, 2025 (5 days ago)
|
CVE-2022-21658 |
🚨 Marked as known exploited on April 10th, 2025 (5 days ago).
Description: As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
1. EXECUTIVE SUMMARY
CVSS v4 9.1
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: SIDIS Prime
Vulnerabilities: Race Condition Enabling Link Following, Improper Validation of Integrity Check Value, Unchecked Input for Loop Condition, Expected Behavior Violation, Incorrect Provision of Specified Functionality, Heap-based Buffer Overflow, Cleartext Transmission of Sensitive Information, Use After Free, NULL Pointer Dereference, Exposure of Sensitive Information to an Unauthorized Actor, Out-of-bounds Write, Improper Input Validation, Uncontrolled Resource Consumption
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to execute unauthorized deletions, cause denial of service, corrupt application state, leak sensitive information, or potentially execute remote code.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Siemens reports that the following products are affected:
SIDIS Prime: All versions before V4.0.700
3.2 VULNERABILITY OVERVIEW
3.2.1 RACE CONDITION ENABLING LINK FOLLOWING CWE-363
Rust is a multi-paradigm, general-purpose programming language designed for performance and safety,...
CVSS: HIGH (7.3)
April 10th, 2025 (5 days ago)
|
|
CVE-2025-3102 |
🚨 Marked as known exploited on April 11th, 2025 (4 days ago).
Description: The SureTriggers: All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to administrative account creation due to a missing empty value check on the 'secret_key' value in the 'autheticate_user' function in all versions up to, and including, 1.0.78. This makes it possible for unauthenticated attackers to create administrator accounts on the target website when the plugin is installed and activated but not configured with an API key.
CVSS: HIGH (8.1) EPSS Score: 0.13%
April 10th, 2025 (5 days ago)
|
|
CVE-2024-58136 |
🚨 Marked as known exploited on April 10th, 2025 (5 days ago).
Description: Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025.
CVSS: CRITICAL (9.0) EPSS Score: 0.05%
April 10th, 2025 (5 days ago)
|
|
CVE-2024-53197 |
🚨 Marked as known exploited on April 10th, 2025 (5 days ago).
Description: CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2024-53197 Linux Kernel Out-of-Bounds Access Vulnerability
CVE-2024-53150 Linux Kernel Out-of-Bounds Read Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
April 9th, 2025 (6 days ago)
|
|
🚨 Marked as known exploited on April 10th, 2025 (5 days ago).
Description: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting Gladinet CentreStack to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
The vulnerability, tracked as CVE-2025-30406 (CVSS score: 9.0), concerns a case of a hard-coded cryptographic key that could be abused to achieve remote
EPSS Score: 35.89%
April 9th, 2025 (6 days ago)
|
|
🚨 Marked as known exploited on April 10th, 2025 (5 days ago).
Description: Microsoft has released security fixes to address a massive set of 126 flaws affecting its software products, including one vulnerability that it said has been actively exploited in the wild.
Of the 126 vulnerabilities, 11 are rated Critical, 112 are rated Important, and two are rated Low in severity. Forty-nine of these vulnerabilities are classified as privilege escalation, 34 as remote code
April 9th, 2025 (6 days ago)
|