Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-1316 |
đ¨ Marked as known exploited on March 17th, 2025 (about 1 month ago).
Description: Edimax IC-7100 does not properly neutralize requests. An attacker can create specially crafted requests to achieve remote code execution on the device
CVSS: CRITICAL (9.3) EPSS Score: 50.61%
March 5th, 2025 (about 2 months ago)
|
|
CVE-2025-27510 |
Description: conda-forge-metadata provides programatic access to conda-forge's metadata. conda-forge-metadata uses an optional dependency - "conda-oci-mirror" which was neither present on the PyPi repository nor registered by any entity. If conda-oci-mirror is taken over by a threat actor, it can result in remote code execution.
CVSS: CRITICAL (9.3) EPSS Score: 0.25%
March 4th, 2025 (about 2 months ago)
|
|
CVE-2025-22224 |
Description: Broadcom published an advisory for three flaws in several VMware products that were exploited in the wild as zero-days. Organizations are advised to apply the available patches.BackgroundOn March 4, Broadcom published an advisory (VMSA-2025-0004) for three zero-day vulnerabilities across multiple VMware products:CVEDescriptionCVSSv3CVE-2025-22224VMware ESXi and Workstation Heap-Overflow Vulnerability9.3CVE-2025-22225VMware ESXi Arbitrary Write Vulnerability8.2CVE-2025-22226VMware ESXi, Workstation and Fusion Information Disclosure Vulnerability7.1In addition to its advisory, Broadcom published a frequently asked questions (FAQ) document for these vulnerabilities: VMSA-2025-0004: Questions & Answers.AnalysisCVE-2025-22224 is a TOCTOU (Time-of-Check Time-of-Use) vulnerability in VMWare ESXi and Workstation. A local, authenticated attacker with admin privileges could exploit this vulnerability to gain code execution on the virtual-machine executable (VMX) process.CVE-2025-22225 is an arbitrary write vulnerability in VMware ESXi. A local, authenticated attacker with requisite privileges could exploit this vulnerability through the VMX process to escape the sandbox.CVE-2025-22226 is an information-disclosure vulnerability in VMware ESXi, Workstation and Fusion. An authenticated, local attacker with admin privileges could exploit this vulnerability to cause the VMX process to leak contents from memory.Exploited in the wild as zero-daysAccording to Broadcom, these vulnerabilities...
CVSS: CRITICAL (9.3) EPSS Score: 24.22%
March 4th, 2025 (about 2 months ago)
|
|
CVE-2025-1260 |
Description: On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue can result in unexpected configuration/operations being applied to the switch.
CVSS: CRITICAL (9.1) EPSS Score: 0.05%
March 4th, 2025 (about 2 months ago)
|
|
CVE-2025-27507 |
Description: The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. ZITADEL's Admin API contains Insecure Direct Object Reference (IDOR) vulnerabilities that allow authenticated users, without specific IAM roles, to modify sensitive settings. While several endpoints are affected, the most critical vulnerability lies in the ability to manipulate LDAP configurations. Customers who do not utilize LDAP for authentication are not at risk from the most severe aspects of this vulnerability. However, upgrading to the patched version to address all identified issues is strongly recommended. This vulnerability is fixed in 2.71.0, 2.70.1, ,2.69.4, 2.68.4, 2.67.8, 2.66.11, 2.65.6, 2.64.5, and 2.63.8.
CVSS: CRITICAL (9.0) EPSS Score: 0.1%
March 4th, 2025 (about 2 months ago)
|
|
CVE-2025-22224 |
Description: CVE-2025-22224: VMware ESXi, Workstation, and Fusion updates address multiple vulnerabilities
CVSS: CRITICAL (9.3) EPSS Score: 24.22%
March 4th, 2025 (about 2 months ago)
|
|
CVE-2024-11957 |
Description: Improper verification of the digital signature in ksojscore.dll in Kingsoft WPS Office in versions equal or less than 12.1.0.18276
on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.2.0.16909 to mitigate CVE-2024-7262 was not restrictive enough.
CVSS: CRITICAL (9.3) EPSS Score: 0.01%
March 4th, 2025 (about 2 months ago)
|
|
CVE-2025-22224 |
đ¨ Marked as known exploited on April 10th, 2025 (11 days ago).
Description: Broadcom has released security updates to address three actively exploited security flaws in VMware ESXi, Workstation, and Fusion products that could lead to code execution and information disclosure.
The list of vulnerabilities is as follows -
CVE-2025-22224 (CVSS score: 9.3) - A Time-of-Check Time-of-Use (TOCTOU) vulnerability that leads to an out-of-bounds write, which a malicious actor with
CVSS: CRITICAL (9.3) EPSS Score: 24.22%
March 4th, 2025 (about 2 months ago)
|
|
CVE-2025-22224 |
Description: VMware ESXi and Workstation contain a time-of-check time-of-use (TOCTOU) race condition vulnerability that leads to an out-of-bounds write. Successful exploitation enables an attacker with local administrative privileges on a virtual machine to execute code as the virtual machine's VMX process running on the host.
CVSS: CRITICAL (9.3) EPSS Score: 24.22%
March 4th, 2025 (about 2 months ago)
|
|
CVE-2025-22224 |
đ¨ Marked as known exploited on March 4th, 2025 (about 2 months ago).
Description: VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
CVSS: CRITICAL (9.3) EPSS Score: 24.22%
March 4th, 2025 (about 2 months ago)
|