Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2021-30666 |
🚨 Marked as known exploited on April 10th, 2025 (9 days ago).
Description:
Nessus Plugin ID 223917 with High Severity
Synopsis
The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.
Description
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.5.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30666)Note that Nessus relies on the presence of the package as reported by the vendor.
Solution
There is no known solution at this time.
Read more at https://www.tenable.com/plugins/nessus/223917
March 5th, 2025 (about 1 month ago)
|
|
CVE-2021-30661 |
🚨 Marked as known exploited on April 10th, 2025 (9 days ago).
Description:
Nessus Plugin ID 223935 with High Severity
Synopsis
The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.
Description
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.1, iOS 12.5.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30661)Note that Nessus relies on the presence of the package as reported by the vendor.
Solution
There is no known solution at this time.
Read more at https://www.tenable.com/plugins/nessus/223935
CVSS: HIGH (8.8)
March 5th, 2025 (about 1 month ago)
|
|
CVE-2025-1316 |
🚨 Marked as known exploited on March 17th, 2025 (about 1 month ago).
Description: Edimax IC-7100 does not properly neutralize requests. An attacker can create specially crafted requests to achieve remote code execution on the device
CVSS: CRITICAL (9.3) EPSS Score: 50.61%
March 5th, 2025 (about 2 months ago)
|
|
CVE-2024-50302 |
🚨 Marked as known exploited on March 4th, 2025 (about 2 months ago).
Description: In the Linux kernel, the following vulnerability has been resolved:
HID: core: zero-initialize the report buffer
Since the report buffer is used by all kinds of drivers in various ways, let's
zero-initialize it during allocation to make sure that it can't be ever used
to leak kernel memory via specially-crafted report.
CVSS: MEDIUM (5.5) EPSS Score: 0.23% SSVC Exploitation: active
March 4th, 2025 (about 2 months ago)
|
|
CVE-2025-22224 |
🚨 Marked as known exploited on April 10th, 2025 (9 days ago).
Description: Broadcom has released security updates to address three actively exploited security flaws in VMware ESXi, Workstation, and Fusion products that could lead to code execution and information disclosure.
The list of vulnerabilities is as follows -
CVE-2025-22224 (CVSS score: 9.3) - A Time-of-Check Time-of-Use (TOCTOU) vulnerability that leads to an out-of-bounds write, which a malicious actor with
CVSS: CRITICAL (9.3) EPSS Score: 24.22%
March 4th, 2025 (about 2 months ago)
|
|
CVE-2025-22226 |
🚨 Marked as known exploited on March 4th, 2025 (about 2 months ago).
Description: VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.
CVSS: HIGH (7.1) EPSS Score: 8.35%
March 4th, 2025 (about 2 months ago)
|
|
CVE-2025-22225 |
🚨 Marked as known exploited on March 4th, 2025 (about 2 months ago).
Description: VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.
CVSS: HIGH (8.2) EPSS Score: 8.45%
March 4th, 2025 (about 2 months ago)
|
|
CVE-2025-22224 |
🚨 Marked as known exploited on March 4th, 2025 (about 2 months ago).
Description: VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
CVSS: CRITICAL (9.3) EPSS Score: 24.22%
March 4th, 2025 (about 2 months ago)
|
|
CVE-2024-43093 |
🚨 Marked as known exploited on April 10th, 2025 (9 days ago).
Description: Google has released a security update for Android, addressing two zero-day vulnerabilities that were being actively exploited in targeted attacks. The flaws, tracked as CVE-2024-43093 and CVE-2024-50302, were fixed in the latest March 2025 Android Security Bulletin, with Google urging users to apply the latest patches as soon as possible. The update comes after Amnesty …
The post Google Patches Two Actively Exploited Zero-Day Flaws in Android appeared first on CyberInsider.
CVSS: HIGH (7.8)
March 4th, 2025 (about 2 months ago)
|
|
CVE-2024-48248 |
🚨 Marked as known exploited on March 19th, 2025 (about 1 month ago).
Description: NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via getImageByPath to /c/router (this may lead to remote code execution across the enterprise because PhysicalDiscovery has cleartext credentials).
CVSS: HIGH (8.6) EPSS Score: 90.8%
March 4th, 2025 (about 2 months ago)
|