Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-21418 |
🚨 Marked as known exploited on February 11th, 2025 (4 months ago).
Description: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVSS: HIGH (7.8) EPSS Score: 0.05%
February 12th, 2025 (4 months ago)
|
|
CVE-2025-21391 |
🚨 Marked as known exploited on February 11th, 2025 (4 months ago).
Description: Windows Storage Elevation of Privilege Vulnerability
CVSS: HIGH (7.1) EPSS Score: 0.09%
February 12th, 2025 (4 months ago)
|
|
CVE-2025-0994 |
🚨 Marked as known exploited on February 6th, 2025 (4 months ago).
Description: Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services (IIS) web server.
CVSS: HIGH (8.6) EPSS Score: 1.32%
February 7th, 2025 (4 months ago)
|
|
CVE-2024-45195 |
🚨 Marked as known exploited on February 4th, 2025 (4 months ago).
Description: Direct Request ('Forced Browsing') vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 18.12.16.
Users are recommended to upgrade to version 18.12.16, which fixes the issue.
CVSS: HIGH (7.5) EPSS Score: 75.58%
February 5th, 2025 (4 months ago)
|
|
CVE-2024-40891 |
🚨 Marked as known exploited on January 29th, 2025 (4 months ago).
Description: A post-authentication command injection vulnerability in the management commands of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an authenticated attacker to execute operating system (OS) commands on an affected device via Telnet.
CVSS: HIGH (8.8) EPSS Score: 4.13%
February 5th, 2025 (4 months ago)
|
|
CVE-2024-40890 |
🚨 Marked as known exploited on February 11th, 2025 (4 months ago).
Description: A post-authentication command injection vulnerability in the CGI program of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an authenticated attacker to execute operating system (OS) commands on an affected device by sending a crafted HTTP POST request.
CVSS: HIGH (8.8) EPSS Score: 4.13%
February 5th, 2025 (4 months ago)
|
|
CVE-2025-24085 |
🚨 Marked as known exploited on January 28th, 2025 (4 months ago).
Description: A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.
CVSS: HIGH (7.8) EPSS Score: 0.21%
January 28th, 2025 (4 months ago)
|
|
CVE-2025-0411 |
🚨 Marked as known exploited on February 4th, 2025 (4 months ago).
Description: 7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-25456.
CVSS: HIGH (7.0) EPSS Score: 0.4%
January 26th, 2025 (4 months ago)
|
|
CVE-2025-23209 |
🚨 Marked as known exploited on February 20th, 2025 (4 months ago).
Description: Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. This is an remote code execution (RCE) vulnerability that affects Craft 4 and 5 installs where your security key has already been compromised. Anyone running an unpatched version of Craft with a compromised security key is affected. This vulnerability has been patched in Craft 5.5.8 and 4.13.8. Users who cannot update to a patched version, should rotate their security keys and ensure their privacy to help migitgate the issue.
CVSS: HIGH (8.1) EPSS Score: 0.05%
January 23rd, 2025 (4 months ago)
|
|
CVE-2024-57727 |
🚨 Marked as known exploited on February 13th, 2025 (4 months ago).
Description: SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing various secrets and hashed user passwords.
CVSS: HIGH (7.5) EPSS Score: 0.47%
January 16th, 2025 (5 months ago)
|