CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-0112 |
Description: NVIDIA Jetson AGX Orin™ and NVIDIA IGX Orin software contain a vulnerability where an attacker can cause an improper input validation issue by escalating certain permissions to a limited degree. A successful exploit of this vulnerability might lead to code execution, denial of service, data corruption, information disclosure, or escalation of privilege.
CVSS: HIGH (7.5) EPSS Score: 0.04%
February 12th, 2025 (5 months ago)
|
|
CVE-2024-40891 |
Description: CISA has added four vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2024-40891 Zyxel DSL CPE OS Command Injection Vulnerability
CVE-2024-40890 Zyxel DSL CPE OS Command Injection Vulnerability
CVE-2025-21418 Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow Vulnerability
CVE-2025-21391 Microsoft Windows Storage Link Following Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CVSS: HIGH (8.8) EPSS Score: 4.13%
February 11th, 2025 (5 months ago)
|
|
CVE-2025-21418 |
Description: 3Critical52Important0Moderate0LowMicrosoft addresses 55 CVEs with three rated critical and four zero-day vulnerabilities, including two that were exploited in the wild.Microsoft patched 55 CVEs in its February 2025 Patch Tuesday release, with three rated critical and 52 rated as important. Our counts omitted one vulnerability reported by HackerOne.This month’s update includes patches for:Active Directory Domain ServicesAzure Active DirectoryAzure FirmwareAzure Network WatcherMicrosoft AutoUpdate (MAU)Microsoft Digest AuthenticationMicrosoft High Performance Compute Pack (HPC) Linux Node AgentMicrosoft OfficeMicrosoft Office ExcelMicrosoft Office SharePointMicrosoft PC ManagerMicrosoft Streaming ServiceMicrosoft SurfaceMicrosoft WindowsOutlook for AndroidVisual StudioVisual Studio CodeWindows Ancillary Function Driver for WinSockWindows CoreMessagingWindows DHCP ClientWindows DHCP ServerWindows DWM Core LibraryWindows Disk Cleanup ToolWindows InstallerWindows Internet Connection Sharing (ICS)Windows KerberosWindows KernelWindows LDAP - Lightweight Directory Access ProtocolWindows Message QueuingWindows NTLMWindows Remote Desktop ServicesWindows Resilient File System (ReFS) Deduplication ServiceWindows Routing and Remote Access Service (RRAS)Windows Setup Files CleanupWindows StorageWindows Telephony ServerWindows Telephony ServiceWindows Update StackWindows Win32 Kernel SubsystemRemote code execution (RCE) vulnerabilities accounted for 38.2% of the vulnerabilities patched t...
CVSS: HIGH (7.8) EPSS Score: 0.05%
February 11th, 2025 (5 months ago)
|
|
CVE-2025-21391 |
Description: Microsoft Windows Storage contains a link following vulnerability that could allow for privilege escalation. This vulnerability could allow an attacker to delete data including data that results in the service being unavailable.
CVSS: HIGH (7.1) EPSS Score: 0.09%
February 11th, 2025 (5 months ago)
|
|
CVE-2025-21418 |
Description: Microsoft Windows Ancillary Function Driver for WinSock contains a heap-based buffer overflow vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges.
CVSS: HIGH (7.8) EPSS Score: 0.05%
February 11th, 2025 (5 months ago)
|
|
CVE-2024-40890 |
Description: Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the CGI program that could allow an authenticated attacker to execute OS commands via a crafted HTTP request.
CVSS: HIGH (8.8) EPSS Score: 4.13%
February 11th, 2025 (5 months ago)
|
|
CVE-2024-40891 |
Description: Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the management commands that could allow an authenticated attacker to execute OS commands via Telnet.
CVSS: HIGH (8.8) EPSS Score: 4.13%
February 11th, 2025 (5 months ago)
|
|
CVE-2025-24876 |
Description: The SAP Approuter Node.js package version v16.7.1 and before is vulnerable to Authentication bypass. When trading an authorization code, an attacker can steal the session of the victim by injecting malicious payload, causing High impact on confidentiality and integrity of the application.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-24876
https://me.sap.com/notes/3567974
https://www.npmjs.com/package/@sap/approuter?activeTab=versions
https://support.sap.com/en/my-support/knowledge-base/security-notes-news/february-2025.html
https://github.com/advisories/GHSA-cpfx-964w-4jvp
CVSS: HIGH (8.1) EPSS Score: 0.05%
February 11th, 2025 (5 months ago)
|
|
CVE-2022-41723 |
Description:
Nessus Plugin ID 216052 with High Severity
Synopsis
The remote Azure Linux host is missing one or more security updates.
Description
The version of application-gateway-kubernetes-ingress / golang / kubevirt / skopeo / telegraf installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-41723 advisory. - A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. (CVE-2022-41723)Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.
Read more at https://www.tenable.com/plugins/nessus/216052
CVSS: HIGH (7.5)
February 11th, 2025 (5 months ago)
|
|
CVE-2025-24970 |
Description: Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead to a native crash. Version 4.1.118.Final contains a patch. As workaround its possible to either disable the usage of the native SSLEngine or change the code manually.
CVSS: HIGH (7.5) EPSS Score: 0.04%
February 11th, 2025 (5 months ago)
|