Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-50603 |
🚨 Marked as known exploited on January 13th, 2025 (3 months ago).
Description: An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements used in an OS command, an unauthenticated attacker is able to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloud_type for list_flightpath_destination_instances, or src_cloud_type for flightpath_connection_test.
CVSS: CRITICAL (10.0) EPSS Score: 92.43%
January 28th, 2025 (3 months ago)
|
|
CVE-2025-0411 |
🚨 Marked as known exploited on February 4th, 2025 (2 months ago).
Description: 7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-25456.
CVSS: HIGH (7.0) EPSS Score: 0.4%
January 26th, 2025 (3 months ago)
|
|
CVE-2025-23006 |
🚨 Marked as known exploited on January 24th, 2025 (3 months ago).
Description: Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands.
CVSS: CRITICAL (9.8) EPSS Score: 1.37%
January 25th, 2025 (3 months ago)
|
|
CVE-2024-13161 |
🚨 Marked as known exploited on March 10th, 2025 (about 1 month ago).
Description: Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
January 25th, 2025 (3 months ago)
|
|
CVE-2024-13160 |
🚨 Marked as known exploited on March 10th, 2025 (about 1 month ago).
Description: Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
January 25th, 2025 (3 months ago)
|
|
CVE-2024-13159 |
🚨 Marked as known exploited on March 10th, 2025 (about 1 month ago).
Description: Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
January 25th, 2025 (3 months ago)
|
|
CVE-2025-23209 |
🚨 Marked as known exploited on February 20th, 2025 (about 2 months ago).
Description: Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. This is an remote code execution (RCE) vulnerability that affects Craft 4 and 5 installs where your security key has already been compromised. Anyone running an unpatched version of Craft with a compromised security key is affected. This vulnerability has been patched in Craft 5.5.8 and 4.13.8. Users who cannot update to a patched version, should rotate their security keys and ensure their privacy to help migitgate the issue.
CVSS: HIGH (8.1) EPSS Score: 0.05%
January 23rd, 2025 (3 months ago)
|
|
CVE-2024-57727 |
🚨 Marked as known exploited on February 13th, 2025 (2 months ago).
Description: SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing various secrets and hashed user passwords.
CVSS: HIGH (7.5) EPSS Score: 0.47%
January 16th, 2025 (3 months ago)
|
|
CVE-2024-53704 |
🚨 Marked as known exploited on February 18th, 2025 (about 2 months ago).
Description: An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
January 10th, 2025 (3 months ago)
|
|
CVE-2025-0282 |
🚨 Marked as known exploited on January 8th, 2025 (3 months ago).
Description: A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.
CVSS: CRITICAL (9.0) EPSS Score: 15.33%
January 9th, 2025 (3 months ago)
|