Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
🚨 Marked as known exploited on April 29th, 2025 (about 1 month ago).
Description: The Google Threat Intelligence Group (GTIG) has published its annual review of zero-day exploits for 2024, revealing a gradual but persistent rise in zero-day exploitation and a concerning shift towards enterprise-targeted attacks. Despite a slight decrease from 2023 figures, with 75 vulnerabilities identified compared to 98 the year before, exploitation activity remains higher than 2022 …
The post Google Logs 75 Zero-Days in 2024, Enterprise Attacks at All-Time High appeared first on CyberInsider.
April 29th, 2025 (about 1 month ago)
|
|
🚨 Marked as known exploited on April 29th, 2025 (about 1 month ago).
Description: Written by: Casey Charrier, James Sadowski, Clement Lecigne, Vlad Stolyarov
Executive Summary
Google Threat Intelligence Group (GTIG) tracked 75 zero-day vulnerabilities exploited in the wild in 2024, a decrease from the number we identified in 2023 (98 vulnerabilities), but still an increase from 2022 (63 vulnerabilities). We divided the reviewed vulnerabilities into two main categories: end-user platforms and products (e.g., mobile devices, operating systems, and browsers) and enterprise-focused technologies, such as security software and appliances.
Vendors continue to drive improvements that make some zero-day exploitation harder, demonstrated by both dwindling numbers across multiple categories and reduced observed attacks against previously popular targets. At the same time, commercial surveillance vendors (CSVs) appear to be increasing their operational security practices, potentially leading to decreased attribution and detection.
We see zero-day exploitation targeting a greater number and wider variety of enterprise-specific technologies, although these technologies still remain a smaller proportion of overall exploitation when compared to end-user technologies. While the historic focus on the exploitation of popular end-user technologies and their users continues, the shift toward increased targeting of enterprise-focused products will require a wider and more diverse set of vendors to increase proactive security measures in order to reduce future zero-day expl...
CVSS: LOW (0.0)
April 29th, 2025 (about 1 month ago)
|
|
🚨 Marked as known exploited on April 29th, 2025 (about 1 month ago).
Description: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two high-severity security flaws impacting Broadcom Brocade Fabric OS and Commvault Web Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
The vulnerabilities in question are listed below -
CVE-2025-1976 (CVSS score: 8.6) - A code injection flaw
CVSS: HIGH (8.6) EPSS Score: 1.79%
April 29th, 2025 (about 1 month ago)
|
CVE-2025-31324 |
🚨 Marked as known exploited on April 28th, 2025 (about 1 month ago).
Description: CVE-2025-31324 is a maximum severity bug that attackers exploited weeks before SAP released a patch for it.
CVSS: CRITICAL (10.0) EPSS Score: 78.65%
April 28th, 2025 (about 1 month ago)
|
|
CVE-2025-1976 |
🚨 Marked as known exploited on April 28th, 2025 (about 1 month ago).
Description: CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2025-1976 Broadcom Brocade Fabric OS Code Injection Vulnerability
CVE-2025-42599 Qualitia Active! Mail Stack-Based Buffer Overflow Vulnerability
CVE-2025-3928 Commvault Web Server Unspecified Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CVSS: HIGH (8.6) EPSS Score: 1.79%
April 28th, 2025 (about 1 month ago)
|
|
🚨 Marked as known exploited on April 28th, 2025 (about 1 month ago).
Description: Over 1,200 internet-exposed SAP NetWeaver instances are vulnerable to an actively exploited maximum severity unauthenticated file upload vulnerability that allows attackers to hijack servers. [...]
April 28th, 2025 (about 1 month ago)
|
|
🚨 Marked as known exploited on April 28th, 2025 (about 1 month ago).
Description: A critical SAP NetWeaver zero-day vulnerability (CVE-2025-31324) that allows for full SAP server compromise is being actively exploited in the wild.
CVSS: CRITICAL (10.0) EPSS Score: 78.65%
April 28th, 2025 (about 1 month ago)
|
|
CVE-2025-3928 |
🚨 Marked as known exploited on April 28th, 2025 (about 1 month ago).
Description: Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms.
CVSS: HIGH (8.8) EPSS Score: 15.08%
April 25th, 2025 (about 1 month ago)
|
|
CVE-2025-32432 |
🚨 Marked as known exploited on April 26th, 2025 (about 1 month ago).
Description: Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is a high-impact, low-complexity attack vector. This issue has been patched in versions 3.9.15, 4.14.15, and 5.6.17, and is an additional fix for CVE-2023-41892.
CVSS: CRITICAL (10.0) EPSS Score: 76.27% SSVC Exploitation: none
April 25th, 2025 (about 1 month ago)
|
|
🚨 Marked as known exploited on April 25th, 2025 (about 1 month ago).
Description: SAP has released out-of-band patch to address CVE-2025-31324, a critical zero-day vulnerability in SAP NetWeaver that has been exploited by threat actors. Organizations are strongly encouraged to apply patches as soon as possible.BackgroundOn April 22, ReliaQuest published details of their investigation of exploit activity in SAP NetWeaver servers. Initially it was unclear if their discovery was a new vulnerability or the abuse of CVE-2017-9844, a vulnerability that could lead to a denial-of-service (DoS) condition or arbitrary code execution. ReliaQuest reported their findings to SAP and on April 24, SAP disclosed CVE-2025-31324, a critical missing authorization check vulnerability with the highest severity CVSS score of 10.0.CVEDescriptionCVSSv3VPRCVE-2025-31324SAP NetWeaver Unauthenticated File Upload Vulnerability10.08.1*Please note: Tenable’s Vulnerability Priority Rating (VPR) scores are calculated nightly. This blog post was published on April 25 and reflects VPR at that time.AnalysisCVE-2025-31324 is an unauthenticated file upload vulnerability affecting the Metadata Uploader component of SAP NetWeaver Visual Composer. Successful exploitation of this vulnerability could allow an unauthenticated attacker to upload malicious files which can be used by an attacker to achieve code execution. The flaw is the result of missing authorization checks to the “/developmentserver/metadatauploader” endpoint. According to ReliaQuest, this vulnerability has been exploited in the ...
CVSS: CRITICAL (10.0) EPSS Score: 78.65%
April 25th, 2025 (about 1 month ago)
|