Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2021-30661
Linux Distros Unpatched Vulnerability : CVE-2021-30661
🚨 Marked as known exploited on April 10th, 2025 (9 days ago).
Description: Nessus Plugin ID 223935 with High Severity Synopsis The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched. Description The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.1, iOS 12.5.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30661)Note that Nessus relies on the presence of the package as reported by the vendor. Solution There is no known solution at this time. Read more at https://www.tenable.com/plugins/nessus/223935

CVSS: HIGH (8.8)

Source: Tenable Plugins
March 5th, 2025 (about 1 month ago)

CVE-2025-22226
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with...
🚨 Marked as known exploited on March 4th, 2025 (about 2 months ago).
Description: VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.

CVSS: HIGH (7.1)

EPSS Score: 8.35%

Source: CVE
March 4th, 2025 (about 2 months ago)

CVE-2025-22225
VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel...
🚨 Marked as known exploited on March 4th, 2025 (about 2 months ago).
Description: VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.

CVSS: HIGH (8.2)

EPSS Score: 8.45%

Source: CVE
March 4th, 2025 (about 2 months ago)

CVE-2024-43093
Google Patches Two Actively Exploited Zero-Day Flaws in Android
🚨 Marked as known exploited on April 10th, 2025 (9 days ago).
Description: Google has released a security update for Android, addressing two zero-day vulnerabilities that were being actively exploited in targeted attacks. The flaws, tracked as CVE-2024-43093 and CVE-2024-50302, were fixed in the latest March 2025 Android Security Bulletin, with Google urging users to apply the latest patches as soon as possible. The update comes after Amnesty … The post Google Patches Two Actively Exploited Zero-Day Flaws in Android appeared first on CyberInsider.

CVSS: HIGH (7.8)

Source: CyberInsider
March 4th, 2025 (about 2 months ago)

CVE-2024-48248
NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via getImageByPath to /c/router (this may lead to...
🚨 Marked as known exploited on March 19th, 2025 (about 1 month ago).
Description: NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via getImageByPath to /c/router (this may lead to remote code execution across the enterprise because PhysicalDiscovery has cleartext credentials).

CVSS: HIGH (8.6)

EPSS Score: 90.8%

Source: CVE
March 4th, 2025 (about 2 months ago)

CVE-2025-24989
Microsoft Power Pages Elevation of Privilege Vulnerability
🚨 Marked as known exploited on February 21st, 2025 (about 2 months ago).
Description: An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. This vulnerability has already been mitigated in the service and all affected cusomters have been notified. This update addressed the registration control bypass. Affected customers have been given instructions on reviewing their sites for potential exploitation and clean up methods. If you've not been notified this vulnerability does not affect you.

CVSS: HIGH (8.2)

EPSS Score: 25.72%

Source: CVE
February 20th, 2025 (about 2 months ago)

CVE-2024-20953
Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Export). The supported version that is affected is 9.3.6. Easily...
🚨 Marked as known exploited on February 24th, 2025 (about 2 months ago).
Description: Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Export). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in takeover of Oracle Agile PLM. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

CVSS: HIGH (8.8)

EPSS Score: 4.2%

Source: CVE
February 14th, 2025 (2 months ago)

CVE-2025-0111
PAN-OS: Authenticated File Read Vulnerability in the Management Web Interface
🚨 Marked as known exploited on February 20th, 2025 (about 2 months ago).
Description: An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access software.

CVSS: HIGH (7.1)

EPSS Score: 2.94%

Source: CVE
February 13th, 2025 (2 months ago)

CVE-2025-0108
PAN-OS: Authentication Bypass in the Management Web Interface
🚨 Marked as known exploited on February 14th, 2025 (2 months ago).
Description: An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PHP scripts does not enable remote code execution, it can negatively impact integrity and confidentiality of PAN-OS. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access software.

CVSS: HIGH (8.8)

EPSS Score: 96.76%

Source: CVE
February 13th, 2025 (2 months ago)

CVE-2024-41710
A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1...
🚨 Marked as known exploited on January 30th, 2025 (3 months ago).
Description: A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter sanitization during the boot process. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system.

CVSS: HIGH (7.2)

EPSS Score: 1.18%

Source: CVE
February 13th, 2025 (2 months ago)