CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-9149 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wind Media E-Commerce Website Template allows SQL Injection.This issue affects E-Commerce Website Template: before v1.5.
CVSS: HIGH (8.6) EPSS Score: 0.04%
March 4th, 2025 (4 months ago)
|
|
CVE-2025-22225 |
Description: VMware ESXi contains an arbitrary write vulnerability. Successful exploitation allows an attacker with privileges within the VMX process to trigger an arbitrary kernel write leading to an escape of the sandbox.
CVSS: HIGH (8.2) EPSS Score: 8.45%
March 4th, 2025 (4 months ago)
|
|
CVE-2025-22226 |
Description: VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. Successful exploitation allows an attacker with administrative privileges to a virtual machine to leak memory from the vmx process.
CVSS: HIGH (7.1) EPSS Score: 8.35%
March 4th, 2025 (4 months ago)
|
|
CVE-2025-22226 |
🚨 Marked as known exploited on March 4th, 2025 (4 months ago).
Description: VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.
CVSS: HIGH (7.1) EPSS Score: 8.35%
March 4th, 2025 (4 months ago)
|
|
CVE-2025-22225 |
🚨 Marked as known exploited on March 4th, 2025 (4 months ago).
Description: VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.
CVSS: HIGH (8.2) EPSS Score: 8.45%
March 4th, 2025 (4 months ago)
|
|
CVE-2024-43093 |
🚨 Marked as known exploited on April 10th, 2025 (3 months ago).
Description: Google has released a security update for Android, addressing two zero-day vulnerabilities that were being actively exploited in targeted attacks. The flaws, tracked as CVE-2024-43093 and CVE-2024-50302, were fixed in the latest March 2025 Android Security Bulletin, with Google urging users to apply the latest patches as soon as possible. The update comes after Amnesty …
The post Google Patches Two Actively Exploited Zero-Day Flaws in Android appeared first on CyberInsider.
CVSS: HIGH (7.8)
March 4th, 2025 (4 months ago)
|
|
CVE-2024-58045 |
Description: Multi-concurrency vulnerability in the media digital copyright protection module
Impact: Successful exploitation of this vulnerability may affect availability.
CVSS: HIGH (8.6) EPSS Score: 0.01%
March 4th, 2025 (4 months ago)
|
|
CVE-2024-58044 |
Description: Permission verification bypass vulnerability in the notification module
Impact: Successful exploitation of this vulnerability may affect availability.
CVSS: HIGH (8.4) EPSS Score: 0.01%
March 4th, 2025 (4 months ago)
|
|
CVE-2024-58043 |
Description: Permission bypass vulnerability in the window module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVSS: HIGH (7.3) EPSS Score: 0.01%
March 4th, 2025 (4 months ago)
|
|
CVE-2024-48248 |
🚨 Marked as known exploited on March 19th, 2025 (4 months ago).
Description: NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via getImageByPath to /c/router (this may lead to remote code execution across the enterprise because PhysicalDiscovery has cleartext credentials).
CVSS: HIGH (8.6) EPSS Score: 90.8%
March 4th, 2025 (4 months ago)
|