Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-45195 |
🚨 Marked as known exploited on February 4th, 2025 (4 months ago).
Description: Direct Request ('Forced Browsing') vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 18.12.16.
Users are recommended to upgrade to version 18.12.16, which fixes the issue.
CVSS: HIGH (7.5) EPSS Score: 75.58%
February 5th, 2025 (4 months ago)
|
|
CVE-2024-40891 |
🚨 Marked as known exploited on January 29th, 2025 (4 months ago).
Description: A post-authentication command injection vulnerability in the management commands of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an authenticated attacker to execute operating system (OS) commands on an affected device via Telnet.
CVSS: HIGH (8.8) EPSS Score: 4.13%
February 5th, 2025 (4 months ago)
|
|
CVE-2024-40890 |
🚨 Marked as known exploited on February 11th, 2025 (4 months ago).
Description: A post-authentication command injection vulnerability in the CGI program of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an authenticated attacker to execute operating system (OS) commands on an affected device by sending a crafted HTTP POST request.
CVSS: HIGH (8.8) EPSS Score: 4.13%
February 5th, 2025 (4 months ago)
|
|
CVE-2025-25181 |
🚨 Marked as known exploited on March 10th, 2025 (3 months ago).
Description: A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter.
CVSS: MEDIUM (5.8) EPSS Score: 0.05%
February 4th, 2025 (4 months ago)
|
|
CVE-2024-57968 |
🚨 Marked as known exploited on March 10th, 2025 (3 months ago).
Description: Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during web browsing by other users). upload.aspx can be used for this.
CVSS: CRITICAL (9.9) EPSS Score: 0.05%
February 4th, 2025 (4 months ago)
|
|
CVE-2025-24085 |
🚨 Marked as known exploited on January 28th, 2025 (4 months ago).
Description: A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.
CVSS: HIGH (7.8) EPSS Score: 0.21%
January 28th, 2025 (4 months ago)
|
|
CVE-2024-50603 |
🚨 Marked as known exploited on January 13th, 2025 (5 months ago).
Description: An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements used in an OS command, an unauthenticated attacker is able to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloud_type for list_flightpath_destination_instances, or src_cloud_type for flightpath_connection_test.
CVSS: CRITICAL (10.0) EPSS Score: 92.43%
January 28th, 2025 (4 months ago)
|
|
CVE-2025-0411 |
🚨 Marked as known exploited on February 4th, 2025 (4 months ago).
Description: 7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-25456.
CVSS: HIGH (7.0) EPSS Score: 0.4%
January 26th, 2025 (4 months ago)
|
|
CVE-2025-23006 |
🚨 Marked as known exploited on January 24th, 2025 (4 months ago).
Description: Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands.
CVSS: CRITICAL (9.8) EPSS Score: 1.37%
January 25th, 2025 (4 months ago)
|
|
CVE-2024-13161 |
🚨 Marked as known exploited on March 10th, 2025 (3 months ago).
Description: Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
January 25th, 2025 (4 months ago)
|