Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-22224
Over 37,000 VMware ESXi servers vulnerable to ongoing attacks
🚨 Marked as known exploited on April 10th, 2025 (9 days ago).
Description: Over 37,000 internet-exposed VMware ESXi instances are vulnerable to CVE-2025-22224, a critical out-of-bounds write flaw that is actively exploited in the wild. [...]

CVSS: CRITICAL (9.3)

EPSS Score: 24.22%

Source: BleepingComputer
March 6th, 2025 (about 1 month ago)

CVE-2025-1316
Edimax IC-7100 IP Camera OS Command Injection
🚨 Marked as known exploited on March 17th, 2025 (about 1 month ago).
Description: Edimax IC-7100 does not properly neutralize requests. An attacker can create specially crafted requests to achieve remote code execution on the device

CVSS: CRITICAL (9.3)

EPSS Score: 50.61%

Source: CVE
March 5th, 2025 (about 2 months ago)

CVE-2025-22224
VMware Security Flaws Exploited in the Wild—Broadcom Releases Urgent Patches
🚨 Marked as known exploited on April 10th, 2025 (9 days ago).
Description: Broadcom has released security updates to address three actively exploited security flaws in VMware ESXi, Workstation, and Fusion products that could lead to code execution and information disclosure. The list of vulnerabilities is as follows - CVE-2025-22224 (CVSS score: 9.3) - A Time-of-Check Time-of-Use (TOCTOU) vulnerability that leads to an out-of-bounds write, which a malicious actor with

CVSS: CRITICAL (9.3)

EPSS Score: 24.22%

Source: TheHackerNews
March 4th, 2025 (about 2 months ago)

CVE-2025-22224
VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor...
🚨 Marked as known exploited on March 4th, 2025 (about 2 months ago).
Description: VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

CVSS: CRITICAL (9.3)

EPSS Score: 24.22%

Source: CVE
March 4th, 2025 (about 2 months ago)

CVE-2024-4885
WhatsUp Gold GetFileWithoutZip Directory Traversal Remote Code Execution Vulnerability
🚨 Marked as known exploited on March 3rd, 2025 (about 2 months ago).
Description: In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold.  The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole privileges.

CVSS: CRITICAL (9.8)

EPSS Score: 93.68%

SSVC Exploitation: active

Source: CVE
March 3rd, 2025 (about 2 months ago)

CVE-2024-57968
Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during...
🚨 Marked as known exploited on March 10th, 2025 (about 1 month ago).
Description: Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during web browsing by other users). upload.aspx can be used for this.

CVSS: CRITICAL (9.9)

EPSS Score: 0.05%

Source: CVE
February 4th, 2025 (2 months ago)

CVE-2024-50603
An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements...
🚨 Marked as known exploited on January 13th, 2025 (3 months ago).
Description: An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements used in an OS command, an unauthenticated attacker is able to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloud_type for list_flightpath_destination_instances, or src_cloud_type for flightpath_connection_test.

CVSS: CRITICAL (10.0)

EPSS Score: 92.43%

Source: CVE
January 28th, 2025 (3 months ago)

CVE-2025-23006
Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and...
🚨 Marked as known exploited on January 24th, 2025 (3 months ago).
Description: Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands.

CVSS: CRITICAL (9.8)

EPSS Score: 1.37%

Source: CVE
January 25th, 2025 (3 months ago)

CVE-2024-13161
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote...
🚨 Marked as known exploited on March 10th, 2025 (about 1 month ago).
Description: Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

Source: CVE
January 25th, 2025 (3 months ago)

CVE-2024-13160
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote...
🚨 Marked as known exploited on March 10th, 2025 (about 1 month ago).
Description: Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

Source: CVE
January 25th, 2025 (3 months ago)