CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-24065 |
Description: Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVSS: MEDIUM (5.5) EPSS Score: 0.04% SSVC Exploitation: none
June 10th, 2025 (10 days ago)
|
|
CVE-2025-22463 |
Description: A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt the stored environment password.
CVSS: HIGH (7.3) EPSS Score: 0.03% SSVC Exploitation: none
June 10th, 2025 (10 days ago)
|
|
CVE-2025-22455 |
Description: A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated attacker to decrypt stored SQL credentials.
CVSS: HIGH (8.8) EPSS Score: 0.04% SSVC Exploitation: none
June 10th, 2025 (10 days ago)
|
|
CVE-2025-22256 |
Description: A improper handling of insufficient permissions or privileges in Fortinet FortiPAM 1.4.0 through 1.4.1, 1.3.0, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSRA 1.4.0 through 1.4.1 allows attacker to improper access control via specially crafted HTTP requests
CVSS: MEDIUM (6.0) EPSS Score: 0.02% SSVC Exploitation: none
June 10th, 2025 (10 days ago)
|
|
CVE-2025-22254 |
Description: An Improper Privilege Management vulnerability [CWE-269] affecting Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16 and before 6.4.15, FortiProxy version 7.6.0 through 7.6.1 and before 7.4.7 & FortiWeb version 7.6.0 through 7.6.1 and before 7.4.6 allows an authenticated attacker with at least read-only admin permissions to gain super-admin privileges via crafted requests to Node.js websocket module.
CVSS: MEDIUM (6.5) EPSS Score: 0.05% SSVC Exploitation: none
June 10th, 2025 (10 days ago)
|
|
CVE-2025-22251 |
Description: An improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to inject unauthorized sessions via crafted FGSP session synchronization packets.
CVSS: LOW (3.0) EPSS Score: 0.02% SSVC Exploitation: none
June 10th, 2025 (10 days ago)
|
|
CVE-2025-1041 |
Description: An improper input validation discovered in
Avaya Call Management System
could allow an unauthorized
remote command via a specially crafted web request. Affected versions include 18.x, 19.x prior to 19.2.0.7, and 20.x prior to 20.0.1.0.
CVSS: CRITICAL (9.9) EPSS Score: 0.07% SSVC Exploitation: none
June 10th, 2025 (10 days ago)
|
|
CVE-2025-0052 |
Description: Improper input validation performed during the authentication process of FlashBlade could lead to a system Denial of Service.
CVSS: HIGH (8.3) EPSS Score: 0.07%
June 10th, 2025 (10 days ago)
|
|
CVE-2025-0051 |
Description: Improper input validation performed during the authentication process of FlashArray could lead to a system Denial of Service.
CVSS: HIGH (8.7) EPSS Score: 0.07%
June 10th, 2025 (10 days ago)
|
|
CVE-2025-0036 |
Description: In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post-boot) cryptographic operations could cause data to be incorrectly written to and read from invalid locations as well as returning incorrect cryptographic data.
CVSS: LOW (3.2) EPSS Score: 0.01% SSVC Exploitation: none
June 10th, 2025 (10 days ago)
|