Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
🚨 Marked as known exploited on April 15th, 2025 (about 2 months ago).
Description: Customer data such as birth dates, credit card numbers and driver's license information were stolen when threat actors exploited zero-day vulnerabilities in Cleo-managed file transfer products.
April 15th, 2025 (about 2 months ago)
|
|
|
🚨 Marked as known exploited on April 14th, 2025 (about 2 months ago).
Description: A threat actor posted about the zero-day exploit on the same day that Fortinet published a warning about known vulnerabilities under active exploitation.
April 14th, 2025 (about 2 months ago)
|
|
🚨 Marked as known exploited on April 10th, 2025 (about 2 months ago).
Description: Hackers started exploiting a high-severity flaw that allows bypassing authentication in the OttoKit (formerly SureTriggers) plugin for WordPress just hours after public disclosure. [...]
April 10th, 2025 (about 2 months ago)
|
CVE-2024-53197 |
🚨 Marked as known exploited on April 10th, 2025 (about 2 months ago).
Description: CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2024-53197 Linux Kernel Out-of-Bounds Access Vulnerability
CVE-2024-53150 Linux Kernel Out-of-Bounds Read Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
April 9th, 2025 (about 2 months ago)
|
|
🚨 Marked as known exploited on April 10th, 2025 (about 2 months ago).
Description: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting Gladinet CentreStack to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
The vulnerability, tracked as CVE-2025-30406 (CVSS score: 9.0), concerns a case of a hard-coded cryptographic key that could be abused to achieve remote
EPSS Score: 65.56%
April 9th, 2025 (about 2 months ago)
|
|
🚨 Marked as known exploited on April 10th, 2025 (about 2 months ago).
Description: Microsoft has released security fixes to address a massive set of 126 flaws affecting its software products, including one vulnerability that it said has been actively exploited in the wild.
Of the 126 vulnerabilities, 11 are rated Critical, 112 are rated Important, and two are rated Low in severity. Forty-nine of these vulnerabilities are classified as privilege escalation, 34 as remote code
April 9th, 2025 (about 2 months ago)
|
|
CVE-2025-30406 |
🚨 Marked as known exploited on April 10th, 2025 (about 2 months ago).
Description: CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2025-30406 Gladinet CentreStack Use of Hard-coded Cryptographic Key Vulnerability
CVE-2025-29824 Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
EPSS Score: 65.56%
April 8th, 2025 (about 2 months ago)
|
|
🚨 Marked as known exploited on April 10th, 2025 (about 2 months ago).
Description: Today is Microsoft's April 2025 Patch Tuesday, which includes security updates for 134 flaws, including one actively exploited zero-day vulnerability. [...]
April 8th, 2025 (about 2 months ago)
|
|
🚨 Marked as known exploited on April 10th, 2025 (about 2 months ago).
Description: A recently disclosed critical security flaw impacting CrushFTP has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog after reports emerged of active exploitation in the wild.
The vulnerability is a case of authentication bypass that could permit an unauthenticated attacker to take over susceptible instances. It has
April 8th, 2025 (about 2 months ago)
|
|
🚨 Marked as known exploited on April 10th, 2025 (about 2 months ago).
Description: Google has shipped patches for 62 vulnerabilities, two of which it said have been exploited in the wild.
The two high-severity vulnerabilities are listed below -
CVE-2024-53150 (CVSS score: 7.8) - An out-of-bounds flaw in the USB sub-component of Kernel that could result in information disclosure
CVE-2024-53197 (CVSS score: 7.8) - A privilege escalation flaw in the USB sub-component of Kernel
April 8th, 2025 (about 2 months ago)
|