Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
Microsoft Declines to Fix Actively Exploited Windows Zero-Day Vulnerability
🚨 Marked as known exploited on April 10th, 2025 (about 2 months ago).
Description: A critical Windows zero-day vulnerability is being actively exploited by state-sponsored hacking groups, yet Microsoft has opted not to release a security patch. The flaw, which allows attackers to execute hidden commands using malicious shortcut (.lnk) files, has been leveraged in espionage campaigns since at least 2017. Widespread exploitation, no patch in sight The Trend … The post Microsoft Declines to Fix Actively Exploited Windows Zero-Day Vulnerability appeared first on CyberInsider.
Source: CyberInsider
March 18th, 2025 (3 months ago)
'Dead simple' hijacking hole in Apache Tomcat 'now actively exploited in the wild'
🚨 Marked as known exploited on April 10th, 2025 (about 2 months ago).
Source: TheRegister
March 18th, 2025 (3 months ago)

CVE-2024-27443
An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. A Cross-Site Scripting (XSS) vulnerability exists in the CalendarInvite feature...
🚨 Marked as known exploited on May 19th, 2025 (17 days ago).
Description: An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. A Cross-Site Scripting (XSS) vulnerability exists in the CalendarInvite feature of the Zimbra webmail classic user interface, because of improper input validation in the handling of the calendar header. An attacker can exploit this via an email message containing a crafted calendar header with an embedded XSS payload. When a victim views this message in the Zimbra webmail classic interface, the payload is executed in the context of the victim's session, potentially leading to execution of arbitrary JavaScript code.

EPSS Score: 0.03%

SSVC Exploitation: none

Source: CVE
March 17th, 2025 (3 months ago)
Critical RCE flaw in Apache Tomcat actively exploited in attacks
🚨 Marked as known exploited on April 10th, 2025 (about 2 months ago).
Description: A critical remote code execution (RCE) vulnerability in Apache Tomcat tracked as CVE-2025-24813 is actively exploited in the wild, enabling attackers to take over servers with a simple PUT request. [...]

EPSS Score: 93.55%

Source: BleepingComputer
March 17th, 2025 (3 months ago)
URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days
🚨 Marked as known exploited on April 10th, 2025 (about 2 months ago).
Description: Microsoft on Tuesday released security updates to address 57 security vulnerabilities in its software, including a whopping six zero-days that it said have been actively exploited in the wild. Of the 56 flaws, six are rated Critical, 50 are rated Important, and one is rated Low in severity. Twenty-three of the addressed vulnerabilities are remote code execution bugs and 22 relate to privilege
Source: TheHackerNews
March 12th, 2025 (3 months ago)
Microsoft March 2025 ‘Patch Tuesday’ Updates Fix Six Actively Exploited Flaws
🚨 Marked as known exploited on April 10th, 2025 (about 2 months ago).
Description: Microsoft has released its March 2025 Patch Tuesday security updates, addressing 57 vulnerabilities across its product lineup, including six zero-day flaws that were actively exploited in the wild. The update covers security issues affecting Windows, Microsoft Office, Azure, and other components. Microsoft fixes 6 zero-day vulnerabilities Among the most critical fixes in this month’s update … The post Microsoft March 2025 ‘Patch Tuesday’ Updates Fix Six Actively Exploited Flaws appeared first on CyberInsider.
Source: CyberInsider
March 11th, 2025 (3 months ago)
Apple Patches Zero-Day Flaw Used in Targeted iPhone Attacks
🚨 Marked as known exploited on April 10th, 2025 (about 2 months ago).
Description: Apple has released iOS 18.3.2 and iPadOS 18.3.2 to fix a zero-day vulnerability that may have been exploited in highly targeted attacks. This marks the third actively exploited zero-day Apple has patched in 2025. “Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted … The post Apple Patches Zero-Day Flaw Used in Targeted iPhone Attacks appeared first on CyberInsider.
Source: CyberInsider
March 11th, 2025 (3 months ago)
Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws
🚨 Marked as known exploited on April 10th, 2025 (about 2 months ago).
Description: Today is Microsoft's March 2025 Patch Tuesday, which includes security updates for 57 flaws, including six actively exploited zero-day vulnerabilities. [...]
Source: BleepingComputer
March 11th, 2025 (3 months ago)
CISA tags critical Ivanti EPM flaws as actively exploited in attacks
🚨 Marked as known exploited on April 10th, 2025 (about 2 months ago).
Description: CISA warned U.S. federal agencies to secure their networks against attacks exploiting three critical vulnerabilities affecting Ivanti Endpoint Manager (EPM) appliances. [...]
Source: BleepingComputer
March 11th, 2025 (3 months ago)
Unpatched Edimax IP camera flaw actively exploited in botnet attacks
🚨 Marked as known exploited on April 10th, 2025 (about 2 months ago).
Description: A critical command injection vulnerability impacting the Edimax IC-7100 IP camera is currently being exploited by botnet malware to compromise devices. [...]
Source: BleepingComputer
March 7th, 2025 (3 months ago)