Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-32363 |
Description: mediDOK before 2.5.18.43 allows remote attackers to achieve remote code execution on a target system via deserialization of untrusted data.
CVSS: CRITICAL (9.8) EPSS Score: 0.37%
May 14th, 2025 (24 days ago)
|
|
CVE-2025-4641 |
Description: Improper Restriction of XML External Entity Reference vulnerability in bonigarcia webdrivermanager WebDriverManager on Windows, MacOS, Linux (XML parsing components modules) allows Data Serialization External Entities Blowup. This vulnerability is associated with program files src/main/java/io/github/bonigarcia/wdm/WebDriverManager.java.
This issue affects webdrivermanager: from 1.0.0 before 6.0.2.
CVSS: CRITICAL (9.3) EPSS Score: 0.07%
May 14th, 2025 (24 days ago)
|
|
CVE-2025-4638 |
Description: A vulnerability exists in the inftrees.c component of the zlib library, which is bundled within the PointCloudLibrary (PCL). This issue may allow context-dependent attackers to cause undefined behavior by exploiting improper pointer arithmetic.
Since version 1.14.0, PCL by default uses a zlib installation from the system, unless the user sets WITH_SYSTEM_ZLIB=FALSE. So this potential vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib.
CVSS: CRITICAL (9.2) EPSS Score: 0.05%
May 14th, 2025 (24 days ago)
|
|
CVE-2025-32756 |
đ¨ Marked as known exploited on May 14th, 2025 (24 days ago).
Description: CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2025-32756 Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CVSS: CRITICAL (9.6) EPSS Score: 8.83%
May 14th, 2025 (24 days ago)
|
|
đ¨ Marked as known exploited on May 14th, 2025 (24 days ago).
Description: Samsung has released software updates to address a critical security flaw in MagicINFO 9 Server that has been actively exploited in the wild.
The vulnerability, tracked as CVE-2025-4632 (CVSS score: 9.8), has been described as a path traversal flaw.
"Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to
CVSS: CRITICAL (9.8) EPSS Score: 57.86%
May 14th, 2025 (24 days ago)
|
|
CVE-2025-32756 |
Description: Fortinet FortiFone, FortiVoice, FortiNDR and FortiMail contain a stack-based overflow vulnerability that may allow a remote unauthenticated attacker to execute arbitrary code or commands via crafted HTTP requests.
CVSS: CRITICAL (9.6) EPSS Score: 8.83%
May 14th, 2025 (24 days ago)
|
|
CVE-2025-47781 |
Description: Rallly is an open-source scheduling and collaboration tool. Versions up to and including 3.22.1 of the application features token based authentication. When a user attempts to login to the application, they insert their email and a 6 digit code is sent to their email address to complete the authentication. A token that consists of 6 digits only presents weak entropy however and when coupled with no token brute force protection, makes it possible for an unauthenticated attacker with knowledge of a valid email address to successfully brute force the token within 15 minutes (token expiration time) and take over the account associated with the targeted email address. All users on the Rallly applications are impacted. As long as an attacker knows the user's email address they used to register on the app, they can systematically take over any user account. For the authentication mechanism to be safe, the token would need to be assigned a complex high entropy value that cannot be bruteforced within reasonable time, and ideally rate limiting the /api/auth/callback/email endpoint to further make brute force attempts unreasonable within the 15 minutes time. As of time of publication, no patched versions are available.
CVSS: CRITICAL (9.8) EPSS Score: 0.08%
May 14th, 2025 (24 days ago)
|
|
CVE-2025-47777 |
Description: 5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Versions prior to 0.11.1 are vulnerable to stored cross-site scripting in chatbot responses due to insufficient sanitization. This, in turn, can lead to Remote Code Execution (RCE) via unsafe Electron protocol handling and exposed Electron APIs. All users of 5ire client versions prior to patched releases, particularly those interacting with untrusted chatbots or pasting external content, are affected. Version 0.11.1 contains a patch for the issue.
CVSS: CRITICAL (9.6) EPSS Score: 0.29% SSVC Exploitation: none
May 14th, 2025 (24 days ago)
|
|
CVE-2024-10865 |
Reflected Cross-Site Scripting vulnerability has been discovered in OpenText Advanced Authentication
Description: Improper Input validation leads to XSS or Cross-site Scripting vulnerability in OpenText Advance Authentication. This issue affects Advance Authentication version before 6.5.
CVSS: CRITICAL (9.4) EPSS Score: 0.06% SSVC Exploitation: none
May 14th, 2025 (24 days ago)
|
|
đ¨ Marked as known exploited on May 14th, 2025 (24 days ago).
Description: Fortinet has observed threat actors exploiting CVE-2025-32756, a critical zero-day arbitrary code execution vulnerability which affects multiple Fortinet products including FortiVoice, FortiMail, FortiNDR, FortiRecorder and FortiCamera.BackgroundOn May 13th, Fortinet published a security advisory (FG-IR-25-254) for CVE-2025-32756, a critical arbitrary code execution vulnerability affecting multiple Fortinet products.CVEDescriptionCVSSv3CVE-2025-32756An arbitrary code execution vulnerability in FortiVoice, FortiMail, FortiNDR, FortiRecorder and FortiCamera9.6AnalysisCVE-2025-32756 is an arbitrary code execution vulnerability affecting multiple Fortinet products including FortiVoice, FortiMail, FortiNDR, FortiRecorder and FortiCamera. A remote unauthenticated attacker can send crafted HTTP requests in order to create a stack-based overflow condition which would allow for the execution of arbitrary code. This vulnerability was discovered by the Fortinet Product Security Team who observed threat activity involving a device running FortiVoice.According to Fortinet, the threat actors operations included scanning the network, erasing system crashlogs and enabling âfcgi debuggingâ which is used to log authentication attempts, including SSH logins. The âfcgi debuggingâ option is not enabled by default and the Fortinet advisory recommends reviewing the setting as one possible indicator of compromise (IoC).Historical Exploitation of Fortinet DevicesFortinet vulnerabilities have histo...
CVSS: CRITICAL (9.6) EPSS Score: 8.83%
May 14th, 2025 (24 days ago)
|