CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-24085 |
🚨 Marked as known exploited on January 28th, 2025 (6 months ago).
Description: A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.
CVSS: HIGH (7.8) EPSS Score: 0.21%
January 28th, 2025 (6 months ago)
|
|
CVE-2025-0411 |
🚨 Marked as known exploited on February 4th, 2025 (5 months ago).
Description: 7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-25456.
CVSS: HIGH (7.0) EPSS Score: 0.4%
January 26th, 2025 (6 months ago)
|
|
CVE-2025-23209 |
🚨 Marked as known exploited on February 20th, 2025 (5 months ago).
Description: Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. This is an remote code execution (RCE) vulnerability that affects Craft 4 and 5 installs where your security key has already been compromised. Anyone running an unpatched version of Craft with a compromised security key is affected. This vulnerability has been patched in Craft 5.5.8 and 4.13.8. Users who cannot update to a patched version, should rotate their security keys and ensure their privacy to help migitgate the issue.
CVSS: HIGH (8.1) EPSS Score: 0.05%
January 23rd, 2025 (6 months ago)
|
|
CVE-2024-57727 |
🚨 Marked as known exploited on February 13th, 2025 (5 months ago).
Description: SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing various secrets and hashed user passwords.
CVSS: HIGH (7.5) EPSS Score: 0.47%
January 16th, 2025 (6 months ago)
|
|
CVE-2024-29059 |
🚨 Marked as known exploited on February 4th, 2025 (5 months ago).
Description: .NET Framework Information Disclosure Vulnerability
CVSS: HIGH (7.5) EPSS Score: 2.37%
January 1st, 2025 (7 months ago)
|
|
CVE-2024-3393 |
🚨 Marked as known exploited on December 27th, 2024 (7 months ago).
Description: A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.
CVSS: HIGH (8.7) EPSS Score: 0.78%
December 31st, 2024 (7 months ago)
|
|
CVE-2024-53150 |
🚨 Marked as known exploited on April 8th, 2025 (3 months ago).
Description: In the Linux kernel, the following vulnerability has been resolved:
ALSA: usb-audio: Fix out of bounds reads when finding clock sources
The current USB-audio driver code doesn't check bLength of each
descriptor at traversing for clock descriptors. That is, when a
device provides a bogus descriptor with a shorter bLength, the driver
might hit out-of-bounds reads.
For addressing it, this patch adds sanity checks to the validator
functions for the clock descriptor traversal. When the descriptor
length is shorter than expected, it's skipped in the loop.
For the clock source and clock multiplier descriptors, we can just
check bLength against the sizeof() of each descriptor type.
OTOH, the clock selector descriptor of UAC2 and UAC3 has an array
of bNrInPins elements and two more fields at its tail, hence those
have to be checked in addition to the sizeof() check.
CVSS: HIGH (7.8) EPSS Score: 0.04%
December 25th, 2024 (7 months ago)
|
|
CVE-2024-49138 |
🚨 Marked as known exploited on December 10th, 2024 (7 months ago).
Description: Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVSS: HIGH (7.8) EPSS Score: 0.05%
December 12th, 2024 (7 months ago)
|
|
CVE-2024-11667 |
🚨 Marked as known exploited on December 3rd, 2024 (8 months ago).
Description: A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50(W) series firmware versions V5.10 through V5.38, and USG20(W)-VPN series firmware versions V5.10 through V5.38 could allow an attacker to download or upload files via a crafted URL.
CVSS: HIGH (7.5) EPSS Score: 18.85%
December 4th, 2024 (8 months ago)
|
|
CVE-2024-49035 |
🚨 Marked as known exploited on February 25th, 2025 (5 months ago).
Description: An improper access control vulnerability in Partner.Microsoft.com allows an a unauthenticated attacker to elevate privileges over a network.
CVSS: HIGH (8.7) EPSS Score: 0.19%
November 27th, 2024 (8 months ago)
|