Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-24054 |
🚨 Marked as known exploited on April 17th, 2025 (about 2 months ago).
Description: External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
CVSS: MEDIUM (6.5) EPSS Score: 0.12%
March 11th, 2025 (3 months ago)
|
|
CVE-2024-50302 |
🚨 Marked as known exploited on March 4th, 2025 (3 months ago).
Description: In the Linux kernel, the following vulnerability has been resolved:
HID: core: zero-initialize the report buffer
Since the report buffer is used by all kinds of drivers in various ways, let's
zero-initialize it during allocation to make sure that it can't be ever used
to leak kernel memory via specially-crafted report.
CVSS: MEDIUM (5.5) EPSS Score: 0.23% SSVC Exploitation: active
March 4th, 2025 (3 months ago)
|
|
CVE-2025-24200 |
🚨 Marked as known exploited on February 10th, 2025 (4 months ago).
Description: An authorization issue was addressed with improved state management. This issue is fixed in iPadOS 17.7.5, iOS 18.3.1 and iPadOS 18.3.1. A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
CVSS: MEDIUM (6.1) EPSS Score: 1.04%
February 11th, 2025 (4 months ago)
|
|
CVE-2025-25181 |
🚨 Marked as known exploited on March 10th, 2025 (3 months ago).
Description: A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter.
CVSS: MEDIUM (5.8) EPSS Score: 0.05%
February 4th, 2025 (4 months ago)
|
|
CVE-2024-12987 |
🚨 Marked as known exploited on May 15th, 2025 (19 days ago).
Description: A vulnerability, which was classified as critical, was found in DrayTek Vigor2960 and Vigor300B 1.5.1.4. Affected is an unknown function of the file /cgi-bin/mainfunction.cgi/apmcfgupload of the component Web Management Interface. The manipulation of the argument session leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.1.5 is able to address this issue. It is recommended to upgrade the affected component. Es wurde eine Schwachstelle in DrayTek Vigor2960 and Vigor300B 1.5.1.4 gefunden. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Datei /cgi-bin/mainfunction.cgi/apmcfgupload der Komponente Web Management Interface. Durch die Manipulation des Arguments session mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung. Ein Aktualisieren auf die Version 1.5.1.5 vermag dieses Problem zu lösen. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.
CVSS: MEDIUM (6.9) EPSS Score: 0.05%
December 28th, 2024 (5 months ago)
|
|
CVE-2024-12686 |
🚨 Marked as known exploited on January 13th, 2025 (5 months ago).
Description: A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user.
CVSS: MEDIUM (6.6) EPSS Score: 6.18%
December 19th, 2024 (6 months ago)
|