Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
SonicWall SMA VPN devices targeted in attacks since January
🚨 Marked as known exploited on April 18th, 2025 (about 15 hours ago).
Description: A remote code execution vulnerability affecting SonicWall Secure Mobile Access (SMA) appliances has been under active exploitation since at least January 2025, according to cybersecurity company Arctic Wolf. [...]
Source: BleepingComputer
April 18th, 2025 (about 15 hours ago)
CVE-2025-24054 Under Active Attack—Steals NTLM Credentials on File Download
🚨 Marked as known exploited on April 18th, 2025 (1 day ago).
Description: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a medium-severity security flaw impacting Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2025-24054 (CVSS score: 6.5), is a Windows New Technology LAN Manager (NTLM) hash disclosure

CVSS: MEDIUM (6.5)

Source: TheHackerNews
April 18th, 2025 (1 day ago)
Windows NTLM hash leak flaw exploited in phishing attacks on governments
🚨 Marked as known exploited on April 17th, 2025 (1 day ago).
Description: A Windows vulnerability that exposes NTLM hashes using .library-ms files is now actively exploited by hackers in phishing campaigns targeting government entities and private companies. [...]
Source: BleepingComputer
April 17th, 2025 (1 day ago)

CVE-2025-27363
Amazon Linux 2023 : freetype, freetype-demos, freetype-devel (ALAS2023-2025-925)
🚨 Marked as known exploited on April 17th, 2025 (2 days ago).
Description: Nessus Plugin ID 234514 with High Severity Synopsis The remote Amazon Linux 2023 host is missing a security update. Description It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-925 advisory. An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild. (CVE-2025-27363)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Run 'dnf update freetype --releasever 2023.7.20250331' to update your system. Read more at https://www.tenable.com/plugins/nessus/234514

CVSS: HIGH (8.1)

Source: Tenable Plugins
April 17th, 2025 (2 days ago)
CISA tags SonicWall VPN flaw as actively exploited in attacks
🚨 Marked as known exploited on April 17th, 2025 (2 days ago).
Description: On Wednesday, CISA warned federal agencies to secure their SonicWall Secure Mobile Access (SMA) 100 series appliances against attacks exploiting a high-severity remote code execution vulnerability. [...]
Source: BleepingComputer
April 17th, 2025 (2 days ago)
Apple Fixes Two New Zero-Day Flaws Exploited in Targeted iOS Attacks
🚨 Marked as known exploited on April 17th, 2025 (2 days ago).
Description: Apple has released emergency security updates for iOS, iPadOS, and macOS to patch two zero-day vulnerabilities that are reportedly being actively exploited in sophisticated, targeted attacks. The two newly disclosed flaws are tracked as CVE-2025-31200 and CVE-2025-31201. Both were addressed on April 16, 2025, with the release of iOS 18.4.1, iPadOS 18.4.1, and macOS Sequoia … The post Apple Fixes Two New Zero-Day Flaws Exploited in Targeted iOS Attacks appeared first on CyberInsider.

EPSS Score: 0.45%

Source: CyberInsider
April 17th, 2025 (2 days ago)
CISA Flags Actively Exploited Vulnerability in SonicWall SMA Devices
🚨 Marked as known exploited on April 17th, 2025 (2 days ago).
Description: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting SonicWall Secure Mobile Access (SMA) 100 Series gateways to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The high-severity vulnerability, tracked as CVE-2021-20035 (CVSS score: 7.2), relates to a case of operating system command injection

CVSS: MEDIUM (6.5)

Source: TheHackerNews
April 17th, 2025 (2 days ago)
Apple Patches Two Actively Exploited iOS Flaws Used in Sophisticated Targeted Attacks
🚨 Marked as known exploited on April 17th, 2025 (2 days ago).
Description: Apple on Wednesday released security updates for iOS, iPadOS, macOS Sequoia, tvOS, and visionOS to address two security flaws that it said have come under active exploitation in the wild. The vulnerabilities in question are listed below - CVE-2025-31200 (CVSS score: 7.5) - A memory corruption vulnerability in the Core Audio framework that could allow code execution when processing an audio

EPSS Score: 0.45%

Source: TheHackerNews
April 17th, 2025 (2 days ago)
Frequently Asked Questions About the MITRE CVE Program Expiration and Renewal
🚨 Marked as known exploited on April 16th, 2025 (2 days ago).
Description: Concerns about the future of the MITRE CVE Program continue to circulate. The Tenable Security Response Team has created this FAQ to help provide clarity and context around this developing situation.BackgroundThe Tenable Security Response Team has compiled this blog to answer Frequently Asked Questions (FAQ) regarding changes around the MITRE CVE Program. As the situation continues to evolve, we will continue to provide updates as new information is released.FAQWhat is the current status of the MITRE CVE Program?As of April 16, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has extended funding for the MITRE CVE Program for one year. In a post and update to their website, CISA confirmed the extension, and a spokesperson added that they “executed the option period on the contract to ensure there will be no lapse in critical CVE services.”pic.twitter.com/DYv4uKzLrq— Cybersecurity and Infrastructure Security Agency (@CISAgov) April 16, 2025When did CVE Board Members find out about the expiration of the MITRE CVE Program and other related programs?CVE Board members received a notification from MITRE on April 15, 2025. This notification was circulated on social media and picked up in news articles. Tenable published a blog post about the forthcoming expiration and updated it on April 16 upon news of the subsequent renewal.What is the importance of the CVE Program?The CVE Program provides the industry with a common identifier used for identifying vulnerab...
Source: Tenable Blog
April 16th, 2025 (2 days ago)

CVE-2025-31201
This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1,...
🚨 Marked as known exploited on April 17th, 2025 (2 days ago).
Description: This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.

CVSS: MEDIUM (6.8)

EPSS Score: 0.5%

SSVC Exploitation: none

Source: CVE
April 16th, 2025 (2 days ago)