Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
đ¨ Marked as known exploited on May 9th, 2025 (26 days ago).
Description: In this special edition of the Cybersecurity Snapshot, we bring you some of the most valuable guidance offered by the U.K. National Cyber Security Centre (NCSC) in the past 18 months. Check out best practices, recommendations and insights on protecting your AI systems, APIs and mobile devices, as well as on how to prep for post-quantum cryptography, and more.In case you missed it, here are six NCSC recommendations to help your organization fine-tune its cybersecurity strategy and operations.1 - How to migrate to quantum-resistant cryptographyIs your organization planning to adopt cryptography that can resist attacks from future quantum computers? If so, you might want to check out the NCSCâs âTimelines for migration to post-quantum (PQC) cryptography,â a white paper aimed at helping organizations plan their migration to quantum-resistant cryptography.âMigration to PQC can be viewed as any large technology transition. In the guidance, we describe the key steps in such a transition, and illustrate some of the cryptography and PQC-specific elements required at each stage of the programme,â reads a companion blog. At a high-level, the NCSC proposes these three key milestones:By 2028Define the organizationâs migration goals.Assess which services and infrastructure need to have their cryptography upgraded to PQC.Draft an initial migration plan that includes, for example, the highest priority migration steps; the necessary investment; and what youâll need from your suppliers.By 2...
CVSS: CRITICAL (9.0)
May 9th, 2025 (26 days ago)
|
CVE-2024-6047 |
đ¨ Marked as known exploited on May 7th, 2025 (27 days ago).
Description: CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2024-6047 GeoVision Devices OS Command Injection Vulnerability
CVE-2024-11120 GeoVision Devices OS Command Injection Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CVSS: CRITICAL (9.8) EPSS Score: 75.4%
May 7th, 2025 (27 days ago)
|
|
đ¨ Marked as known exploited on May 7th, 2025 (28 days ago).
Description: A second security flaw impacting the OttoKit (formerly SureTriggers) WordPress plugin has come under active exploitation in the wild.
The vulnerability, tracked as CVE-2025-27007 (CVSS score: 9.8), is a privilege escalation bug impacting all versions of the plugin prior to and including version 1.0.82.Â
"This is due to the create_wp_connection() function missing a capability check and
CVSS: CRITICAL (9.8) EPSS Score: 17.88%
May 7th, 2025 (28 days ago)
|
|
CVE-2024-6047 |
đ¨ Marked as known exploited on May 7th, 2025 (28 days ago).
Description: Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.
CVSS: CRITICAL (9.8) EPSS Score: 75.4% SSVC Exploitation: active
May 7th, 2025 (28 days ago)
|
|
CVE-2024-11120 |
đ¨ Marked as known exploited on May 7th, 2025 (28 days ago).
Description: Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports.
CVSS: CRITICAL (9.8) EPSS Score: 54.56% SSVC Exploitation: active
May 7th, 2025 (28 days ago)
|
|
đ¨ Marked as known exploited on May 6th, 2025 (29 days ago).
Description: A recently disclosed critical security flaw impacting the open-source Langflow platform has been added to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), citing evidence of active exploitation.
The vulnerability, tracked as CVE-2025-3248, carries a CVSS score of 9.8 out of a maximum of 10.0.
"Langflow contains a missing
CVSS: CRITICAL (9.8) EPSS Score: 90.92%
May 6th, 2025 (29 days ago)
|
|
CVE-2025-3248 |
đ¨ Marked as known exploited on May 5th, 2025 (29 days ago).
Description: CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2025-3248 Langflow Missing Authentication Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CVSS: CRITICAL (9.8) EPSS Score: 90.92%
May 5th, 2025 (29 days ago)
|
|
đ¨ Marked as known exploited on May 5th, 2025 (29 days ago).
Description: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a maximum-severity security flaw impacting Commvault Command Center to its Known Exploited Vulnerabilities (KEV) catalog, a little over a week after it was publicly disclosed.
The vulnerability in question is CVE-2025-34028 (CVSS score: 10.0), a path traversal bug that affects 11.38 Innovation Release, from versions
CVSS: CRITICAL (10.0) EPSS Score: 63.86%
May 5th, 2025 (29 days ago)
|
|
CVE-2025-27920 |
đ¨ Marked as known exploited on May 19th, 2025 (15 days ago).
Description: Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access.
CVSS: CRITICAL (9.8) EPSS Score: 61.11%
May 5th, 2025 (30 days ago)
|
|
CVE-2025-34028 |
đ¨ Marked as known exploited on May 2nd, 2025 (about 1 month ago).
Description: CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2025-34028 Commvault Command Center Path Traversal Vulnerability
CVE-2024-58136 Yiiframework Yii Improper Protection of Alternate Path Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CVSS: CRITICAL (10.0) EPSS Score: 63.86%
May 2nd, 2025 (about 1 month ago)
|