Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-13159
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote...
🚨 Marked as known exploited on March 10th, 2025 (about 1 month ago).
Description: Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

Source: CVE
January 25th, 2025 (3 months ago)

CVE-2024-53704
An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.
🚨 Marked as known exploited on February 18th, 2025 (about 2 months ago).
Description: An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

Source: CVE
January 10th, 2025 (3 months ago)

CVE-2025-0282
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons...
🚨 Marked as known exploited on January 8th, 2025 (3 months ago).
Description: A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.

CVSS: CRITICAL (9.0)

EPSS Score: 15.33%

Source: CVE
January 9th, 2025 (3 months ago)

CVE-2024-21413
Microsoft Outlook Remote Code Execution Vulnerability
🚨 Marked as known exploited on February 6th, 2025 (2 months ago).
Description: Microsoft Outlook Remote Code Execution Vulnerability

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

Source: CVE
January 1st, 2025 (4 months ago)

CVE-2024-12356
Command Injection Vulnerability in Remote Support(RS) & Privileged Remote Access (PRA)
🚨 Marked as known exploited on December 19th, 2024 (4 months ago).
Description: A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.

CVSS: CRITICAL (9.8)

EPSS Score: 1.3%

Source: CVE
December 18th, 2024 (4 months ago)

CVE-2024-51378
getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and...
🚨 Marked as known exploited on December 4th, 2024 (5 months ago).
Description: getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected.

CVSS: CRITICAL (10.0)

EPSS Score: 23.11%

Source: CVE
December 4th, 2024 (5 months ago)

CVE-2024-11680
ProjectSend Unauthenticated Configuration Modification
🚨 Marked as known exploited on December 3rd, 2024 (5 months ago).
Description: ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration. Successful exploitation allows attackers to create accounts, upload webshells, and embed malicious JavaScript.

CVSS: CRITICAL (9.8)

EPSS Score: 46.82%

Source: CVE
November 27th, 2024 (5 months ago)