Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CISA tags Windows, Cisco vulnerabilities as actively exploited
🚨 Marked as known exploited on April 10th, 2025 (25 days ago).
Description: CISA has warned US federal agencies to secure their systems against attacks exploiting vulnerabilities in Cisco and Windows systems. [...]
Source: BleepingComputer
March 3rd, 2025 (2 months ago)

CVE-2024-38475
Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path.
🚨 Marked as known exploited on May 1st, 2025 (4 days ago).
Description: Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected.  Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained.

EPSS Score: 0.04%

Source: CVE
February 14th, 2025 (3 months ago)
Microsoft February 2025 Patch Tuesday Fixes Two Zero-Day Flaws
🚨 Marked as known exploited on April 10th, 2025 (25 days ago).
Description: Microsoft has released its February 2025 Patch Tuesday update, addressing 55 security vulnerabilities, including two actively exploited zero-day flaws. The update includes fixes for elevation of privilege vulnerabilities in Windows Storage and the Windows Ancillary Function Driver for WinSock, which have been detected in real-world attacks. Zero-days under active exploitation Among the most critical fixes … The post Microsoft February 2025 Patch Tuesday Fixes Two Zero-Day Flaws appeared first on CyberInsider.
Source: CyberInsider
February 11th, 2025 (3 months ago)
Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws
🚨 Marked as known exploited on April 10th, 2025 (25 days ago).
Description: Today is Microsoft's February 2025 Patch Tuesday, which includes security updates for 55 flaws, including four zero-day vulnerabilities, with two actively exploited in attacks. [...]
Source: BleepingComputer
February 11th, 2025 (3 months ago)