CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-31073 |
Description: Uncontrolled search path for some Intel(R) oneAPI Level Zero software may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS: MEDIUM (5.4) EPSS Score: 0.01%
May 13th, 2025 (about 1 month ago)
|
|
CVE-2024-29222 |
Description: Out-of-bounds write for some Intel(R) Graphics Driver software may allow an authenticated user to potentially enable denial of service via local access.
CVSS: MEDIUM (5.8) EPSS Score: 0.01%
May 13th, 2025 (about 1 month ago)
|
|
CVE-2024-28956 |
Description: Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVSS: MEDIUM (5.7) EPSS Score: 0.02%
May 13th, 2025 (about 1 month ago)
|
|
CVE-2024-28954 |
Description: Incorrect default permissions for some Intel(R) Graphics Driver installers may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS: MEDIUM (6.7) EPSS Score: 0.01%
May 13th, 2025 (about 1 month ago)
|
|
CVE-2024-28036 |
Description: Improper conditions check for some Intel(R) Arc™ GPU may allow an authenticated user to potentially enable denial of service via local access.
CVSS: MEDIUM (5.6) EPSS Score: 0.01%
May 13th, 2025 (about 1 month ago)
|
|
🚨 Marked as known exploited on May 13th, 2025 (about 1 month ago).
Description: Remote code execution vulnerability in a popular mobile device management solution from Ivanti has been exploited in the wild in limited attacksBackgroundOn May 13, Ivanti released a security advisory to address a high severity remote code execution (RCE) and a medium severity authentication bypass vulnerability in its Endpoint Manager Mobile (EPMM) product, a mobile management software that can be used for mobile device management (MDM), mobile application management (MAM) and mobile content management (MCM).CVEDescriptionCVSSv3CVE-2025-4427Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability5.3CVE-2025-4428Ivanti Endpoint Manager Mobile Remote Code Execution Vulnerability7.2AnalysisCVE-2025-4427 is an authentication bypass vulnerability in Ivanti’s EPMM. An unauthenticated, remote attacker could exploit this vulnerability to gain access to the server’s application programming interface (API) that is normally only accessible to authenticated users.CVE-2025-4428 is a RCE in Ivanti’s EPMM. An authenticated attacker could exploit this vulnerability to execute arbitrary code on a vulnerable device.An attacker that successfully exploits these flaws could chain them together to execute arbitrary code on a vulnerable device without authentication. Both vulnerabilities are associated with open source libraries used by the EPMM software. Ivanti has indicated that these vulnerabilities have been exploited in the wild in a limited number of cases.Customers that restric...
CVSS: MEDIUM (5.3) EPSS Score: 82.26%
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-43566 |
ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Description: ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. A high-privileged attacker could leverage this vulnerability to bypass security protections and gain unauthorized read access. Exploitation of this issue does not require user interaction and scope is changed.
CVSS: MEDIUM (6.8) EPSS Score: 0.21%
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-43551 |
Description: Substance3D - Stager versions 3.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS: MEDIUM (5.5) EPSS Score: 0.02%
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-30316 |
Description: Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVSS: MEDIUM (5.4) EPSS Score: 0.03%
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-30315 |
Description: Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVSS: MEDIUM (6.1) EPSS Score: 0.08% SSVC Exploitation: none
May 13th, 2025 (about 1 month ago)
|