CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2025-22454

Description: Insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.

CVSS: HIGH (7.8)

EPSS Score: 0.02%

SSVC Exploitation: none

Source: CVE
March 11th, 2025 (4 months ago)

CVE-2024-55590

Description: Multiple improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiIsolator version 2.4.0 through 2.4.5 allows an authenticated attacker with at least read-only admin permission and CLI access to execute unauthorized code via specifically crafted CLI commands.

CVSS: HIGH (8.6)

EPSS Score: 0.21%

Source: CVE
March 11th, 2025 (4 months ago)

CVE-2024-54084

Description: APTIOV contains a vulnerability in BIOS where an attacker may cause a Time-of-check Time-of-use (TOCTOU) Race Condition by local means. Successful exploitation of this vulnerability may lead to arbitrary code execution.

CVSS: HIGH (7.5)

EPSS Score: 0.02%

SSVC Exploitation: none

Source: CVE
March 11th, 2025 (4 months ago)

CVE-2024-52961

Description: An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.7, 4.2.0 through 4.2.7 and before 4.0.5 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests.

CVSS: HIGH (8.6)

EPSS Score: 0.06%

Source: CVE
March 11th, 2025 (4 months ago)

CVE-2024-45328

Description: An incorrect authorization vulnerability [CWE-863] in FortiSandbox 4.4.0 through 4.4.6 may allow a low priviledged administrator to execute elevated CLI commands via the GUI console menu.

CVSS: HIGH (7.1)

EPSS Score: 0.01%

Source: CVE
March 11th, 2025 (4 months ago)

CVE-2024-45324

Description: A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0 through 7.2.12 and before 7.0.19, FortiPAM version 1.4.0 through 1.4.2 and before 1.3.1, FortiSRA version 1.4.0 through 1.4.2 and before 1.3.1 and FortiWeb version 7.4.0 through 7.4.5, version 7.2.0 through 7.2.10 and before 7.0.10 allows a privileged attacker to execute unauthorized code or commands via specially crafted HTTP or HTTPS commands.

CVSS: HIGH (7.0)

EPSS Score: 0.15%

Source: CVE
March 11th, 2025 (4 months ago)

CVE-2025-27363

🚨 Marked as known exploited on April 17th, 2025 (3 months ago).
Description: An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.

CVSS: HIGH (8.1)

EPSS Score: 5.37%

SSVC Exploitation: none

Source: CVE
March 11th, 2025 (4 months ago)

CVE-2025-22369

Description: The ReadFile endpoint of the firmware for Mennekes Smart / Premium Chargingpoints can be abused to read arbitrary files from the underlying OS.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
March 11th, 2025 (4 months ago)

CVE-2025-22368

Description: The authenticated SCU firmware command of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS commands are improperly neutralized when certain fields are passed to the underlying OS.

CVSS: HIGH (8.7)

EPSS Score: 0.08%

Source: CVE
March 11th, 2025 (4 months ago)

CVE-2025-22367

Description: The authenticated time setting capability of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS command are improperly neutralized when certain fields are passed to the underlying OS.

CVSS: HIGH (8.7)

EPSS Score: 0.08%

Source: CVE
March 11th, 2025 (4 months ago)