Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
🚨 Marked as known exploited on April 28th, 2025 (about 1 month ago).
Description: Over 1,200 internet-exposed SAP NetWeaver instances are vulnerable to an actively exploited maximum severity unauthenticated file upload vulnerability that allows attackers to hijack servers. [...]
April 28th, 2025 (about 1 month ago)
|
|
|
🚨 Marked as known exploited on April 25th, 2025 (about 1 month ago).
Description: SAP has released out-of-band emergency updates for NetWeaver to fix an actively exploited remote code execution (RCE) vulnerability used to hijack servers. [...]
April 25th, 2025 (about 1 month ago)
|
|
🚨 Marked as known exploited on April 24th, 2025 (about 1 month ago).
Description: As many as 159 CVE identifiers have been flagged as exploited in the wild in the first quarter of 2025, up from 151 in Q4 2024.
"We continue to see vulnerabilities being exploited at a fast pace with 28.3% of vulnerabilities being exploited within 1-day of their CVE disclosure," VulnCheck said in a report shared with The Hacker News.
This translates to 45 security flaws that have been weaponized
April 24th, 2025 (about 1 month ago)
|
|
🚨 Marked as known exploited on April 22nd, 2025 (about 1 month ago).
Description: An Active! Mail zero-day remote code execution vulnerability is actively exploited in attacks on large organizations in Japan. [...]
April 22nd, 2025 (about 1 month ago)
|
|
🚨 Marked as known exploited on April 18th, 2025 (about 2 months ago).
Description: A remote code execution vulnerability affecting SonicWall Secure Mobile Access (SMA) appliances has been under active exploitation since at least January 2025, according to cybersecurity company Arctic Wolf. [...]
April 18th, 2025 (about 2 months ago)
|
|
|
🚨 Marked as known exploited on April 17th, 2025 (about 2 months ago).
Description: A Windows vulnerability that exposes NTLM hashes using .library-ms files is now actively exploited by hackers in phishing campaigns targeting government entities and private companies. [...]
April 17th, 2025 (about 2 months ago)
|
|
🚨 Marked as known exploited on April 17th, 2025 (about 2 months ago).
Description: On Wednesday, CISA warned federal agencies to secure their SonicWall Secure Mobile Access (SMA) 100 series appliances against attacks exploiting a high-severity remote code execution vulnerability. [...]
April 17th, 2025 (about 2 months ago)
|
|
🚨 Marked as known exploited on April 17th, 2025 (about 2 months ago).
Description: Apple has released emergency security updates for iOS, iPadOS, and macOS to patch two zero-day vulnerabilities that are reportedly being actively exploited in sophisticated, targeted attacks. The two newly disclosed flaws are tracked as CVE-2025-31200 and CVE-2025-31201. Both were addressed on April 16, 2025, with the release of iOS 18.4.1, iPadOS 18.4.1, and macOS Sequoia …
The post Apple Fixes Two New Zero-Day Flaws Exploited in Targeted iOS Attacks appeared first on CyberInsider.
EPSS Score: 0.22%
April 17th, 2025 (about 2 months ago)
|
|
🚨 Marked as known exploited on April 17th, 2025 (about 2 months ago).
Description: Apple on Wednesday released security updates for iOS, iPadOS, macOS Sequoia, tvOS, and visionOS to address two security flaws that it said have come under active exploitation in the wild.
The vulnerabilities in question are listed below -
CVE-2025-31200 (CVSS score: 7.5) - A memory corruption vulnerability in the Core Audio framework that could allow code execution when processing an audio
EPSS Score: 0.22%
April 17th, 2025 (about 2 months ago)
|
|
🚨 Marked as known exploited on April 16th, 2025 (about 2 months ago).
Description: Concerns about the future of the MITRE CVE Program continue to circulate. The Tenable Security Response Team has created this FAQ to help provide clarity and context around this developing situation.BackgroundThe Tenable Security Response Team has compiled this blog to answer Frequently Asked Questions (FAQ) regarding changes around the MITRE CVE Program. As the situation continues to evolve, we will continue to provide updates as new information is released.FAQWhat is the current status of the MITRE CVE Program?As of April 16, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has extended funding for the MITRE CVE Program for one year. In a post and update to their website, CISA confirmed the extension, and a spokesperson added that they “executed the option period on the contract to ensure there will be no lapse in critical CVE services.”pic.twitter.com/DYv4uKzLrq— Cybersecurity and Infrastructure Security Agency (@CISAgov) April 16, 2025When did CVE Board Members find out about the expiration of the MITRE CVE Program and other related programs?CVE Board members received a notification from MITRE on April 15, 2025. This notification was circulated on social media and picked up in news articles. Tenable published a blog post about the forthcoming expiration and updated it on April 16 upon news of the subsequent renewal.What is the importance of the CVE Program?The CVE Program provides the industry with a common identifier used for identifying vulnerab...
April 16th, 2025 (about 2 months ago)
|