Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
Unpatched Edimax IP camera flaw actively exploited in botnet attacks
🚨 Marked as known exploited on April 10th, 2025 (about 2 months ago).
Description: A critical command injection vulnerability impacting the Edimax IC-7100 IP camera is currently being exploited by botnet malware to compromise devices. [...]
Source: BleepingComputer
March 7th, 2025 (3 months ago)

CVE-2021-30762
Linux Distros Unpatched Vulnerability : CVE-2021-30762
🚨 Marked as known exploited on April 10th, 2025 (about 2 months ago).
Description: Nessus Plugin ID 223776 with High Severity Synopsis The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched. Description The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30762)Note that Nessus relies on the presence of the package as reported by the vendor. Solution There is no known solution at this time. Read more at https://www.tenable.com/plugins/nessus/223776
Source: Tenable Plugins
March 5th, 2025 (3 months ago)

CVE-2021-30858
Linux Distros Unpatched Vulnerability : CVE-2021-30858
🚨 Marked as known exploited on April 10th, 2025 (about 2 months ago).
Description: Nessus Plugin ID 223797 with High Severity Synopsis The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched. Description The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. (CVE-2021-30858)Note that Nessus relies on the presence of the package as reported by the vendor. Solution There is no known solution at this time. Read more at https://www.tenable.com/plugins/nessus/223797
Source: Tenable Plugins
March 5th, 2025 (3 months ago)

CVE-2021-30761
Linux Distros Unpatched Vulnerability : CVE-2021-30761
🚨 Marked as known exploited on April 10th, 2025 (about 2 months ago).
Description: Nessus Plugin ID 223807 with High Severity Synopsis The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched. Description The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30761)Note that Nessus relies on the presence of the package as reported by the vendor. Solution There is no known solution at this time. Read more at https://www.tenable.com/plugins/nessus/223807
Source: Tenable Plugins
March 5th, 2025 (3 months ago)

CVE-2021-30665
Linux Distros Unpatched Vulnerability : CVE-2021-30665
🚨 Marked as known exploited on April 10th, 2025 (about 2 months ago).
Description: Nessus Plugin ID 223898 with High Severity Synopsis The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched. Description The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30665)Note that Nessus relies on the presence of the package as reported by the vendor. Solution There is no known solution at this time. Read more at https://www.tenable.com/plugins/nessus/223898
Source: Tenable Plugins
March 5th, 2025 (3 months ago)

CVE-2021-30666
Linux Distros Unpatched Vulnerability : CVE-2021-30666
🚨 Marked as known exploited on April 10th, 2025 (about 2 months ago).
Description: Nessus Plugin ID 223917 with High Severity Synopsis The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched. Description The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.5.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30666)Note that Nessus relies on the presence of the package as reported by the vendor. Solution There is no known solution at this time. Read more at https://www.tenable.com/plugins/nessus/223917
Source: Tenable Plugins
March 5th, 2025 (3 months ago)
CISA tags Windows, Cisco vulnerabilities as actively exploited
🚨 Marked as known exploited on April 10th, 2025 (about 2 months ago).
Description: CISA has warned US federal agencies to secure their systems against attacks exploiting vulnerabilities in Cisco and Windows systems. [...]
Source: BleepingComputer
March 3rd, 2025 (3 months ago)

CVE-2024-38475
Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path.
🚨 Marked as known exploited on May 1st, 2025 (about 1 month ago).
Description: Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected.  Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained.

EPSS Score: 0.04%

Source: CVE
February 14th, 2025 (4 months ago)
Microsoft February 2025 Patch Tuesday Fixes Two Zero-Day Flaws
🚨 Marked as known exploited on April 10th, 2025 (about 2 months ago).
Description: Microsoft has released its February 2025 Patch Tuesday update, addressing 55 security vulnerabilities, including two actively exploited zero-day flaws. The update includes fixes for elevation of privilege vulnerabilities in Windows Storage and the Windows Ancillary Function Driver for WinSock, which have been detected in real-world attacks. Zero-days under active exploitation Among the most critical fixes … The post Microsoft February 2025 Patch Tuesday Fixes Two Zero-Day Flaws appeared first on CyberInsider.
Source: CyberInsider
February 11th, 2025 (4 months ago)
Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws
🚨 Marked as known exploited on April 10th, 2025 (about 2 months ago).
Description: Today is Microsoft's February 2025 Patch Tuesday, which includes security updates for 55 flaws, including four zero-day vulnerabilities, with two actively exploited in attacks. [...]
Source: BleepingComputer
February 11th, 2025 (4 months ago)