CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-2829 |
Description: A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file.
CVSS: HIGH (8.5) EPSS Score: 0.02%
April 8th, 2025 (3 months ago)
|
|
CVE-2025-2293 |
Description: A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file.
CVSS: HIGH (8.5) EPSS Score: 0.02%
April 8th, 2025 (3 months ago)
|
|
CVE-2025-2288 |
Description: A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file.
CVSS: HIGH (8.5) EPSS Score: 0.02%
April 8th, 2025 (3 months ago)
|
|
CVE-2025-2287 |
Description: A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file.
CVSS: HIGH (8.5) EPSS Score: 0.02%
April 8th, 2025 (3 months ago)
|
|
CVE-2025-2286 |
Description: A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file.
CVSS: HIGH (8.5) EPSS Score: 0.02% SSVC Exploitation: none
April 8th, 2025 (3 months ago)
|
|
CVE-2025-2285 |
Description: A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file.
CVSS: HIGH (8.5) EPSS Score: 0.02% SSVC Exploitation: none
April 8th, 2025 (3 months ago)
|
|
CVE-2025-1095 |
Description: IBM Personal Communications v14 and v15 include a Windows service that is vulnerable to local privilege escalation (LPE). The vulnerability allows any interactively logged in users on the target computer to run commands with full privileges in the context of NT AUTHORITY\SYSTEM. This allows for a low privileged attacker to escalate their privileges. This vulnerability is due to an incomplete fix for CVE-2024-25029.
CVSS: HIGH (8.8) EPSS Score: 0.02% SSVC Exploitation: none
April 8th, 2025 (3 months ago)
|
|
CVE-2025-22466 |
Description: Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.
CVSS: HIGH (8.2) EPSS Score: 0.05% SSVC Exploitation: none
April 8th, 2025 (3 months ago)
|
|
CVE-2025-22461 |
Description: SQL injection in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote authenticated attacker with admin privileges to achieve code execution.
CVSS: HIGH (7.2) EPSS Score: 0.28%
April 8th, 2025 (3 months ago)
|
|
CVE-2025-22458 |
Description: DLL hijacking in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an authenticated attacker to escalate to System.
CVSS: HIGH (7.8) EPSS Score: 0.03%
April 8th, 2025 (3 months ago)
|