Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2021-32030 |
đ¨ Marked as known exploited on June 2nd, 2025 (4 days ago).
Description: CISA added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
CVE-2021-32030 ASUS Routers Improper Authentication Vulnerability
CVE-2023-39780Â ASUS RT-AX55 Routers OS Command Injection Vulnerability
CVE-2024-56145Â Craft CMS Code Injection Vulnerability
CVE-2025-3935Â ConnectWise ScreenConnect Improper Authentication Vulnerability
CVE-2025-35939 Craft CMS External Control of Assumed-Immutable Web Parameter Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
Please share your thoughts with us thro...
CVSS: CRITICAL (9.8)
June 2nd, 2025 (4 days ago)
|
|
CVE-2025-5086 |
Description: A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025ĂÂ could lead to a remote code execution.
CVSS: CRITICAL (10.0) EPSS Score: 0.34%
June 2nd, 2025 (4 days ago)
|
|
CVE-2021-32030 |
Description: ASUS Lyra Mini and ASUS GT-AC2900 devices contain an improper authentication vulnerability that allows an attacker to gain unauthorized access to the administrative interface. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
CVSS: CRITICAL (9.8)
June 2nd, 2025 (4 days ago)
|
|
CVE-2024-22406 |
Description: Shopware is an open headless commerce platform. The Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the âaggregationsâ object. The ânameâ field in this âaggregationsâ object is vulnerable SQL-injection and can be exploited using time-based SQL-queries. This issue has been addressed and users are advised to update to Shopware 6.5.7.4. For older versions of 6.1, 6.2, 6.3 and 6.4 corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.
CVSS: CRITICAL (9.3) EPSS Score: 0.31% SSVC Exploitation: none
June 2nd, 2025 (4 days ago)
|
|
CVE-2024-22317 |
Description: IBM App Connect Enterprise 11.0.0.1 through 11.0.0.24 and 12.0.1.0 through 12.0.11.0 could allow a remote attacker to obtain sensitive information or cause a denial of service due to improper restriction of excessive authentication attempts. IBM X-Force ID: 279143.
CVSS: CRITICAL (9.1) EPSS Score: 0.07% SSVC Exploitation: none
June 2nd, 2025 (4 days ago)
|
|
CVE-2024-0643 |
Description: Unrestricted upload of dangerous file types in the C21 Live Encoder and Live Mosaic product, version 5.3. This vulnerability allows a remote attacker to upload different file extensions without any restrictions, resulting in a full system compromise.
CVSS: CRITICAL (10.0) EPSS Score: 0.32% SSVC Exploitation: none
June 2nd, 2025 (4 days ago)
|
|
CVE-2024-0642 |
Description: Inadequate access control in the C21 Live Encoder and Live Mosaic product, version 5.3. This vulnerability allows a remote attacker to access the application as an administrator user through the application endpoint, due to lack of proper credential management.
CVSS: CRITICAL (9.8) EPSS Score: 0.28% SSVC Exploitation: none
June 2nd, 2025 (4 days ago)
|
|
CVE-2025-37093 |
Description: An authentication bypass vulnerability exists in HPE StoreOnce Software.
CVSS: CRITICAL (9.8) EPSS Score: 0.06%
June 2nd, 2025 (4 days ago)
|
|
CVE-2025-1750 |
Description: An SQL injection vulnerability exists in the delete function of DuckDBVectorStore in run-llama/llama_index version v0.12.19. This vulnerability allows an attacker to manipulate the ref_doc_id parameter, enabling them to read and write arbitrary files on the server, potentially leading to remote code execution (RCE).
CVSS: CRITICAL (9.8) EPSS Score: 0.26%
June 2nd, 2025 (4 days ago)
|
|
CVE-2025-0324 |
Description: The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges.
CVSS: CRITICAL (9.4) EPSS Score: 0.04%
June 2nd, 2025 (4 days ago)
|