Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-27007 |
🚨 Marked as known exploited on May 7th, 2025 (28 days ago).
Description: Incorrect Privilege Assignment vulnerability in Brainstorm Force SureTriggers allows Privilege Escalation.This issue affects SureTriggers: from n/a through 1.0.82.
CVSS: CRITICAL (9.8) EPSS Score: 17.88% SSVC Exploitation: none
May 1st, 2025 (about 1 month ago)
|
|
CVE-2025-31324 |
🚨 Marked as known exploited on April 28th, 2025 (about 1 month ago).
Description: CVE-2025-31324 is a maximum severity bug that attackers exploited weeks before SAP released a patch for it.
CVSS: CRITICAL (10.0) EPSS Score: 78.65%
April 28th, 2025 (about 1 month ago)
|
|
🚨 Marked as known exploited on April 28th, 2025 (about 1 month ago).
Description: A critical SAP NetWeaver zero-day vulnerability (CVE-2025-31324) that allows for full SAP server compromise is being actively exploited in the wild.
CVSS: CRITICAL (10.0) EPSS Score: 78.65%
April 28th, 2025 (about 1 month ago)
|
|
CVE-2025-32432 |
🚨 Marked as known exploited on April 26th, 2025 (about 1 month ago).
Description: Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is a high-impact, low-complexity attack vector. This issue has been patched in versions 3.9.15, 4.14.15, and 5.6.17, and is an additional fix for CVE-2023-41892.
CVSS: CRITICAL (10.0) EPSS Score: 76.27% SSVC Exploitation: none
April 25th, 2025 (about 1 month ago)
|
|
🚨 Marked as known exploited on April 25th, 2025 (about 1 month ago).
Description: SAP has released out-of-band patch to address CVE-2025-31324, a critical zero-day vulnerability in SAP NetWeaver that has been exploited by threat actors. Organizations are strongly encouraged to apply patches as soon as possible.BackgroundOn April 22, ReliaQuest published details of their investigation of exploit activity in SAP NetWeaver servers. Initially it was unclear if their discovery was a new vulnerability or the abuse of CVE-2017-9844, a vulnerability that could lead to a denial-of-service (DoS) condition or arbitrary code execution. ReliaQuest reported their findings to SAP and on April 24, SAP disclosed CVE-2025-31324, a critical missing authorization check vulnerability with the highest severity CVSS score of 10.0.CVEDescriptionCVSSv3VPRCVE-2025-31324SAP NetWeaver Unauthenticated File Upload Vulnerability10.08.1*Please note: Tenable’s Vulnerability Priority Rating (VPR) scores are calculated nightly. This blog post was published on April 25 and reflects VPR at that time.AnalysisCVE-2025-31324 is an unauthenticated file upload vulnerability affecting the Metadata Uploader component of SAP NetWeaver Visual Composer. Successful exploitation of this vulnerability could allow an unauthenticated attacker to upload malicious files which can be used by an attacker to achieve code execution. The flaw is the result of missing authorization checks to the “/developmentserver/metadatauploader” endpoint. According to ReliaQuest, this vulnerability has been exploited in the ...
CVSS: CRITICAL (10.0) EPSS Score: 78.65%
April 25th, 2025 (about 1 month ago)
|
|
CVE-2025-31324 |
🚨 Marked as known exploited on April 25th, 2025 (about 1 month ago).
Description: SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.
CVSS: CRITICAL (10.0) EPSS Score: 78.65%
April 24th, 2025 (about 1 month ago)
|
|
CVE-2024-21762 |
🚨 Marked as known exploited on April 24th, 2025 (about 1 month ago).
Description: A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests
CVSS: CRITICAL (9.8) EPSS Score: 92.52% SSVC Exploitation: active
April 24th, 2025 (about 1 month ago)
|
|
CVE-2025-34028 |
🚨 Marked as known exploited on May 2nd, 2025 (about 1 month ago).
Description: A path traversal vulnerability in Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files, which, when expanded by the target server, result in Remote Code Execution.
A PoC exists for this vulnerability.
This issue affects Command Center Innovation Release: 11.38.
CVSS: CRITICAL (10.0) EPSS Score: 63.86%
April 22nd, 2025 (about 1 month ago)
|
|
CVE-2025-42599 |
🚨 Marked as known exploited on April 28th, 2025 (about 1 month ago).
Description: Active! mail 6 BuildInfo: 6.60.05008561 and earlier contains a stack-based buffer overflow vulnerability. Receiving a specially crafted request created and sent by a remote unauthenticated attacker may lead to arbitrary code execution and/or a denial-of-service (DoS) condition.
CVSS: CRITICAL (9.8) EPSS Score: 13.86%
April 18th, 2025 (about 2 months ago)
|
|
🚨 Marked as known exploited on April 15th, 2025 (about 2 months ago).
Description: A recently disclosed security flaw in Gladinet CentreStack also impacts its Triofox remote access and collaboration solution, according to Huntress, with seven different organizations compromised to date.
Tracked as CVE-2025-30406 (CVSS score: 9.0), the vulnerability refers to the use of a hard-coded cryptographic key that could expose internet-accessible servers to remote code execution attacks
CVSS: CRITICAL (9.8) EPSS Score: 65.56%
April 15th, 2025 (about 2 months ago)
|