Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-13160
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote...
🚨 Marked as known exploited on March 10th, 2025 (3 months ago).
Description: Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

Source: CVE
January 25th, 2025 (4 months ago)

CVE-2024-13159
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote...
🚨 Marked as known exploited on March 10th, 2025 (3 months ago).
Description: Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

Source: CVE
January 25th, 2025 (4 months ago)

CVE-2025-23209
Potential RCE with a compromised security key in craft/cms
🚨 Marked as known exploited on February 20th, 2025 (3 months ago).
Description: Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. This is an remote code execution (RCE) vulnerability that affects Craft 4 and 5 installs where your security key has already been compromised. Anyone running an unpatched version of Craft with a compromised security key is affected. This vulnerability has been patched in Craft 5.5.8 and 4.13.8. Users who cannot update to a patched version, should rotate their security keys and ensure their privacy to help migitgate the issue.

CVSS: HIGH (8.1)

EPSS Score: 0.05%

Source: CVE
January 23rd, 2025 (4 months ago)

CVE-2024-57727
SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote...
🚨 Marked as known exploited on February 13th, 2025 (4 months ago).
Description: SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing various secrets and hashed user passwords.

CVSS: HIGH (7.5)

EPSS Score: 0.47%

Source: CVE
January 16th, 2025 (5 months ago)

CVE-2024-53704
An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.
🚨 Marked as known exploited on February 18th, 2025 (3 months ago).
Description: An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

Source: CVE
January 10th, 2025 (5 months ago)

CVE-2025-0282
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons...
🚨 Marked as known exploited on January 8th, 2025 (5 months ago).
Description: A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.

CVSS: CRITICAL (9.0)

EPSS Score: 15.33%

Source: CVE
January 9th, 2025 (5 months ago)

CVE-2024-29059
.NET Framework Information Disclosure Vulnerability
🚨 Marked as known exploited on February 4th, 2025 (4 months ago).
Description: .NET Framework Information Disclosure Vulnerability

CVSS: HIGH (7.5)

EPSS Score: 2.37%

Source: CVE
January 1st, 2025 (5 months ago)

CVE-2024-21413
Microsoft Outlook Remote Code Execution Vulnerability
🚨 Marked as known exploited on February 6th, 2025 (4 months ago).
Description: Microsoft Outlook Remote Code Execution Vulnerability

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

Source: CVE
January 1st, 2025 (5 months ago)

CVE-2024-3393
PAN-OS: Firewall Denial of Service (DoS) in DNS Security Using a Specially Crafted Packet
🚨 Marked as known exploited on December 27th, 2024 (5 months ago).
Description: A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.

CVSS: HIGH (8.7)

EPSS Score: 0.78%

Source: CVE
December 31st, 2024 (5 months ago)

CVE-2024-53197
ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices
🚨 Marked as known exploited on April 8th, 2025 (about 2 months ago).
Description: In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices A bogus device can provide a bNumConfigurations value that exceeds the initial value used in usb_get_configuration for allocating dev->config. This can lead to out-of-bounds accesses later, e.g. in usb_destroy_configuration.

EPSS Score: 0.04%

Source: CVE
December 28th, 2024 (5 months ago)