CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-32709 |
🚨 Marked as known exploited on May 13th, 2025 (about 1 month ago).
Description: Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVSS: HIGH (7.8) EPSS Score: 4.28%
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-32706 |
🚨 Marked as known exploited on May 13th, 2025 (about 1 month ago).
Description: Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVSS: HIGH (7.8) EPSS Score: 10.51%
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-32701 |
🚨 Marked as known exploited on May 13th, 2025 (about 1 month ago).
Description: Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVSS: HIGH (7.8) EPSS Score: 4.24%
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-30400 |
🚨 Marked as known exploited on May 13th, 2025 (about 1 month ago).
Description: Use after free in Windows DWM allows an authorized attacker to elevate privileges locally.
CVSS: HIGH (7.8) EPSS Score: 4.24%
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-30397 |
🚨 Marked as known exploited on May 13th, 2025 (about 1 month ago).
Description: Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.
CVSS: HIGH (7.5) EPSS Score: 30.91%
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-4428 |
🚨 Marked as known exploited on May 19th, 2025 (about 1 month ago).
Description: Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests.
CVSS: HIGH (7.2) EPSS Score: 38.95%
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-4427 |
🚨 Marked as known exploited on May 13th, 2025 (about 1 month ago).
Description: An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.
CVSS: MEDIUM (5.3) EPSS Score: 82.26%
May 13th, 2025 (about 1 month ago)
|
|
CVE-2024-48766 |
🚨 Marked as known exploited on May 13th, 2025 (about 1 month ago).
Description: NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and because of factors related to strpos and directory traversal, as exploited in the wild in May 2025. This is related to components/logs.php.
CVSS: HIGH (8.6) EPSS Score: 69.03%
May 13th, 2025 (about 1 month ago)
|
|
CVE-2024-46506 |
🚨 Marked as known exploited on May 13th, 2025 (about 1 month ago).
Description: NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement, as exploited in the wild in May 2025. This is related to settings.php and util.php.
CVSS: CRITICAL (10.0) EPSS Score: 47.74%
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-32756 |
🚨 Marked as known exploited on May 14th, 2025 (about 1 month ago).
Description: A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiVoice versions 7.2.0, 7.0.0 through 7.0.6, 6.4.0 through 6.4.10, FortiRecorder versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.5, 6.4.0 through 6.4.5, FortiMail versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.4, 7.2.0 through 7.2.7, 7.0.0 through 7.0.8, FortiNDR versions 7.6.0, 7.4.0 through 7.4.7, 7.2.0 through 7.2.4, 7.0.0 through 7.0.6, FortiCamera versions 2.1.0 through 2.1.3, 2.0 all versions, 1.1 all versions, allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie.
CVSS: CRITICAL (9.6) EPSS Score: 8.83%
May 13th, 2025 (about 1 month ago)
|