CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-25250 |
Description: An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] in FortiOS version 7.6.0, version 7.4.7 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions SSL-VPN web-mode may allow an authenticated user to access full SSL-VPN settings via crafted URL.
CVSS: LOW (3.9) EPSS Score: 0.03%
June 10th, 2025 (9 days ago)
|
|
CVE-2025-2474 |
Description: Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec.
CVSS: CRITICAL (9.8) EPSS Score: 0.17% SSVC Exploitation: none
June 10th, 2025 (9 days ago)
|
|
CVE-2025-24471 |
Description: An Improper Certificate Validation vulnerability [CWE-295] in FortiOS version 7.6.1 and below, version 7.4.7 and below may allow an EAP verified remote user to connect from FortiClient via revoked certificate.
CVSS: MEDIUM (6.5) EPSS Score: 0.03% SSVC Exploitation: none
June 10th, 2025 (9 days ago)
|
|
CVE-2025-24069 |
Description: Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVSS: MEDIUM (5.5) EPSS Score: 0.04% SSVC Exploitation: none
June 10th, 2025 (9 days ago)
|
|
CVE-2025-24068 |
Description: Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVSS: MEDIUM (5.5) EPSS Score: 0.04% SSVC Exploitation: none
June 10th, 2025 (9 days ago)
|
|
CVE-2025-24065 |
Description: Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVSS: MEDIUM (5.5) EPSS Score: 0.04% SSVC Exploitation: none
June 10th, 2025 (9 days ago)
|
|
CVE-2025-22463 |
Description: A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt the stored environment password.
CVSS: HIGH (7.3) EPSS Score: 0.03% SSVC Exploitation: none
June 10th, 2025 (9 days ago)
|
|
CVE-2025-22455 |
Description: A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated attacker to decrypt stored SQL credentials.
CVSS: HIGH (8.8) EPSS Score: 0.04% SSVC Exploitation: none
June 10th, 2025 (9 days ago)
|
|
CVE-2025-22256 |
Description: A improper handling of insufficient permissions or privileges in Fortinet FortiPAM 1.4.0 through 1.4.1, 1.3.0, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSRA 1.4.0 through 1.4.1 allows attacker to improper access control via specially crafted HTTP requests
CVSS: MEDIUM (6.0) EPSS Score: 0.02% SSVC Exploitation: none
June 10th, 2025 (9 days ago)
|
|
CVE-2025-22254 |
Description: An Improper Privilege Management vulnerability [CWE-269] affecting Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16 and before 6.4.15, FortiProxy version 7.6.0 through 7.6.1 and before 7.4.7 & FortiWeb version 7.6.0 through 7.6.1 and before 7.4.6 allows an authenticated attacker with at least read-only admin permissions to gain super-admin privileges via crafted requests to Node.js websocket module.
CVSS: MEDIUM (6.5) EPSS Score: 0.05% SSVC Exploitation: none
June 10th, 2025 (9 days ago)
|