Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
Microsoft February 2025 Patch Tuesday Fixes Two Zero-Day Flaws
🚨 Marked as known exploited on April 10th, 2025 (9 days ago).
Description: Microsoft has released its February 2025 Patch Tuesday update, addressing 55 security vulnerabilities, including two actively exploited zero-day flaws. The update includes fixes for elevation of privilege vulnerabilities in Windows Storage and the Windows Ancillary Function Driver for WinSock, which have been detected in real-world attacks. Zero-days under active exploitation Among the most critical fixes … The post Microsoft February 2025 Patch Tuesday Fixes Two Zero-Day Flaws appeared first on CyberInsider.
Source: CyberInsider
February 11th, 2025 (2 months ago)
Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws
🚨 Marked as known exploited on April 10th, 2025 (9 days ago).
Description: Today is Microsoft's February 2025 Patch Tuesday, which includes security updates for 55 flaws, including four zero-day vulnerabilities, with two actively exploited in attacks. [...]
Source: BleepingComputer
February 11th, 2025 (2 months ago)

CVE-2025-24200
An authorization issue was addressed with improved state management. This issue is fixed in iPadOS 17.7.5, iOS 18.3.1 and iPadOS 18.3.1. A physical...
🚨 Marked as known exploited on February 10th, 2025 (2 months ago).
Description: An authorization issue was addressed with improved state management. This issue is fixed in iPadOS 17.7.5, iOS 18.3.1 and iPadOS 18.3.1. A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.

CVSS: MEDIUM (6.1)

EPSS Score: 1.04%

Source: CVE
February 11th, 2025 (2 months ago)

CVE-2025-0994
Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization...
🚨 Marked as known exploited on February 6th, 2025 (2 months ago).
Description: Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services (IIS) web server.

CVSS: HIGH (8.6)

EPSS Score: 1.32%

Source: CVE
February 7th, 2025 (2 months ago)

CVE-2024-45195
Apache OFBiz: Confused controller-view authorization logic (forced browsing)
🚨 Marked as known exploited on February 4th, 2025 (2 months ago).
Description: Direct Request ('Forced Browsing') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue.

CVSS: HIGH (7.5)

EPSS Score: 75.58%

Source: CVE
February 5th, 2025 (2 months ago)

CVE-2024-40891
A post-authentication command injection vulnerability in the management commands of the legacy DSL CPE Zyxel...
🚨 Marked as known exploited on January 29th, 2025 (3 months ago).
Description: A post-authentication command injection vulnerability in the management commands of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an authenticated attacker to execute operating system (OS) commands on an affected device via Telnet.

CVSS: HIGH (8.8)

EPSS Score: 4.13%

Source: CVE
February 5th, 2025 (2 months ago)

CVE-2024-40890
A post-authentication command injection vulnerability in the CGI program of the legacy DSL CPE Zyxel VMG4325-B10A...
🚨 Marked as known exploited on February 11th, 2025 (2 months ago).
Description: A post-authentication command injection vulnerability in the CGI program of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an authenticated attacker to execute operating system (OS) commands on an affected device by sending a crafted HTTP POST request.

CVSS: HIGH (8.8)

EPSS Score: 4.13%

Source: CVE
February 5th, 2025 (2 months ago)

CVE-2025-25181
A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL...
🚨 Marked as known exploited on March 10th, 2025 (about 1 month ago).
Description: A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter.

CVSS: MEDIUM (5.8)

EPSS Score: 0.05%

Source: CVE
February 4th, 2025 (2 months ago)

CVE-2024-57968
Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during...
🚨 Marked as known exploited on March 10th, 2025 (about 1 month ago).
Description: Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during web browsing by other users). upload.aspx can be used for this.

CVSS: CRITICAL (9.9)

EPSS Score: 0.05%

Source: CVE
February 4th, 2025 (2 months ago)

CVE-2025-24085
A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia...
🚨 Marked as known exploited on January 28th, 2025 (3 months ago).
Description: A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.

CVSS: HIGH (7.8)

EPSS Score: 0.21%

Source: CVE
January 28th, 2025 (3 months ago)