Activity

Latest CVE events and analysis as they emerge

  1. CVE-2025-33073

    13 Jun 2025, 19:17

    Windows SMB Client

    Trended on social media

    Hype increased to 38

    CVE-2025-33073 is an elevation of privilege vulnerability affecting the Windows Server Message Block (SMB) client. It stems from improper access control within Windows SMB, potentially allowing an authorized attacker to elevate privileges over a network. To exploit this vulnerability, an attacker could execute a specially crafted script. This script would coerce the victim machine to connect back to the attacker's system using SMB and authenticate, potentially resulting in the attacker gaining SYSTEM privileges.

  2. CVE-2025-33053

    13 Jun 2025, 08:17

    Windows WebDAV Client

    Trended on social media

    Hype increased to 30

    CVE-2025-33053 is a remote code execution vulnerability affecting the WebDAV client in Microsoft Windows. It stems from insufficient input validation in WebDAV file path handling, allowing an attacker to execute arbitrary code over a network. Successful exploitation requires a user to click on a specially crafted WebDAV URL, potentially leading to unauthorized access to sensitive system resources, compromise of system integrity and confidentiality, or even full control of the affected system. This vulnerability has been actively exploited in the wild.

  3. CVE-2025-33073

    13 Jun 2025, 05:17

    Windows SMB Client

    Trended on social media

    Hype increased to 60

    CVE-2025-33073 is an elevation of privilege vulnerability affecting the Windows Server Message Block (SMB) client. It stems from improper access control within Windows SMB, potentially allowing an authorized attacker to elevate privileges over a network. To exploit this vulnerability, an attacker could execute a specially crafted script. This script would coerce the victim machine to connect back to the attacker's system using SMB and authenticate, potentially resulting in the attacker gaining SYSTEM privileges.

  4. CVE-2025-32711

    12 Jun 2025, 20:17

    Microsoft 365 Copilot

    Trended on social media

    Hype increased to 31

    CVE-2025-32711 is a command injection vulnerability affecting Microsoft 365 Copilot. It allows an unauthorized attacker to disclose information over a network. The vulnerability, dubbed "EchoLeak," is a zero-click AI vulnerability, meaning it can be exploited without any user interaction. The attack involves embedding a malicious prompt payload within markdown-formatted content, such as an email. When the AI system's retrieval-augmented generation (RAG) engine parses this content, the payload silently triggers the LLM to extract and return private information from the user's current context. This could potentially expose sensitive data, including chat histories, OneDrive documents, SharePoint content, and Teams conversations. Microsoft has addressed this vulnerability.

  5. CVE-2025-33070

    12 Jun 2025, 08:17

    Windows Netlogon

    Trended on social media

    Hype increased to 30

    CVE-2025-33070 is an elevation of privilege vulnerability affecting Windows Netlogon. It stems from the use of an uninitialized resource within the Netlogon service. An unauthorized attacker can exploit this vulnerability to elevate their privileges over a network. This can be achieved by sending specially crafted authentication requests to affected domain controllers. Successful exploitation could allow an attacker to gain domain administrator privileges, potentially giving them significant control over the domain controller.

  6. CVE-2025-4275

    12 Jun 2025, 05:17

    Insyde UEFI

    Trended on social media

    Hype increased to 32

    CVE-2025-4275 is a vulnerability in Insyde H2O UEFI firmware that allows attackers to bypass Secure Boot protections. This is achieved by injecting rogue digital certificates into a poorly protected NVRAM variable named SecureFlashCertData. The firmware then mistakenly trusts the attacker's certificate, which allows the execution of malicious UEFI modules. Attackers with administrative OS-level access can write their own certificate to the SecureFlashCertData variable. During the next boot cycle, this injected certificate is used by the firmware to verify and execute unsigned or tampered UEFI code during early boot. This enables attackers to load pre-boot malware, rootkits, or firmware-level persistence mechanisms before the OS and its security tools initialize.

  7. CVE-2025-33053

    12 Jun 2025, 04:17

    Windows WebDAV Client

    Trended on social media

    Hype increased to 63

    CVE-2025-33053 is a remote code execution vulnerability affecting the WebDAV client in Microsoft Windows. It stems from insufficient input validation in WebDAV file path handling, allowing an attacker to execute arbitrary code over a network. Successful exploitation requires a user to click on a specially crafted WebDAV URL, potentially leading to unauthorized access to sensitive system resources, compromise of system integrity and confidentiality, or even full control of the affected system. This vulnerability has been actively exploited in the wild.

  8. CVE-2025-33073

    11 Jun 2025, 12:17

    Windows SMB Client

    Trended on social media

    Hype increased to 31

    CVE-2025-33073 is an elevation of privilege vulnerability affecting the Windows Server Message Block (SMB) client. It stems from improper access control within Windows SMB, potentially allowing an authorized attacker to elevate privileges over a network. To exploit this vulnerability, an attacker could execute a specially crafted script. This script would coerce the victim machine to connect back to the attacker's system using SMB and authenticate, potentially resulting in the attacker gaining SYSTEM privileges.

  9. CVE-2025-33053

    11 Jun 2025, 08:17

    Windows WebDAV Client

    Trended on social media

    Hype increased to 35

    CVE-2025-33053 is a remote code execution vulnerability affecting the WebDAV client in Microsoft Windows. It stems from insufficient input validation in WebDAV file path handling, allowing an attacker to execute arbitrary code over a network. Successful exploitation requires a user to click on a specially crafted WebDAV URL, potentially leading to unauthorized access to sensitive system resources, compromise of system integrity and confidentiality, or even full control of the affected system. This vulnerability has been actively exploited in the wild.

  10. CVE-2025-33053

    10 Jun 2025, 00:00

    Windows WebDAV Client

    Added to CISA KEV catalog

    Vulnerability name
    Web Distributed Authoring and Versioning (WebDAV) External Control of File Name or Path Vulnerability
    Product
    Web Distributed Authoring and Versioning Web Distributed Authoring and Versioning (WebDAV)

    CVE-2025-33053 is a remote code execution vulnerability affecting the WebDAV client in Microsoft Windows. It stems from insufficient input validation in WebDAV file path handling, allowing an attacker to execute arbitrary code over a network. Successful exploitation requires a user to click on a specially crafted WebDAV URL, potentially leading to unauthorized access to sensitive system resources, compromise of system integrity and confidentiality, or even full control of the affected system. This vulnerability has been actively exploited in the wild.

  11. CVE-2025-24016

    10 Jun 2025, 00:00

    Wazuh

    Added to CISA KEV catalog

    Vulnerability name
    Wazuh Server Deserialization of Untrusted Data Vulnerability
    Product
    Wazuh Wazuh Server

    CVE-2025-24016 is a critical remote code execution (RCE) vulnerability found in the Wazuh security platform, versions 4.4.0 through 4.9.0. It allows attackers to execute arbitrary code on affected Wazuh servers. The vulnerability arises from unsafe deserialization of DistributedAPI (DAPI) parameters. These parameters are serialized as JSON and then deserialized using the `as_wazuh_object` function. Attackers can exploit this by injecting a malicious, unsanitized dictionary into a DAPI request or response, leading to the execution of arbitrary Python code. This vulnerability can be exploited by anyone with API access, potentially including compromised dashboards, other Wazuh servers within a cluster, or even compromised agents, depending on the configuration. Wazuh has addressed this vulnerability in version 4.9.1. Users are strongly encouraged to update to this version to mitigate the risk of exploitation.

  12. CVE-2025-32433

    09 Jun 2025, 00:00

    ErlangOTP

    Added to CISA KEV catalog

    Vulnerability name
    Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability
    Product
    Erlang Erlang/OTP

    CVE-2025-32433 is a vulnerability found in the Erlang/OTP SSH server. It stems from a flaw in the SSH protocol message handling, which allows an attacker with network access to execute arbitrary code on the server without authentication. Specifically, the vulnerability enables a malicious actor to send connection protocol messages before authentication takes place. Successful exploitation could lead to full compromise of the host, unauthorized access, manipulation of sensitive data, or denial-of-service attacks.

  13. CVE-2024-42009

    09 Jun 2025, 00:00

    Roundcube

    Added to CISA KEV catalog

    Vulnerability name
    RoundCube Webmail Cross-Site Scripting Vulnerability
    Product
    Roundcube Webmail

    CVE-2024-42009 is a Cross-Site Scripting (XSS) vulnerability affecting Roundcube webmail software, specifically versions 1.5.7 and 1.6.x up to 1.6.7. It stems from a flaw in the `message_body()` function within the `program/actions/mail/show.php` file, where a desanitization issue can be exploited. This vulnerability allows a remote attacker to steal and send emails of a victim by sending a specially crafted email message. When a user views this malicious email in Roundcube, the attacker can execute arbitrary JavaScript in the victim's browser, potentially gaining persistent access to exfiltrate emails or steal passwords.

  14. CVE-2025-4123

    07 Jun 2025, 06:17

    Grafana

    Trended on social media

    Hype increased to 30

    CVE-2025-4123 is a cross-site scripting (XSS) vulnerability found in Grafana. It stems from a combination of client path traversal and an open redirect issue within the handling of custom frontend plugins. This flaw allows attackers to redirect users to malicious websites and execute arbitrary JavaScript code. The vulnerability is particularly concerning because it can be exploited even without editor permissions, especially if anonymous access is enabled in Grafana. Furthermore, if the Grafana Image Renderer plugin is installed, the vulnerability can be escalated to a full read Server-Side Request Forgery (SSRF), potentially exposing internal services and cloud metadata. All supported versions of Grafana OSS and Grafana Enterprise, starting from Grafana 8 are affected.

  15. CVE-2025-4673

    06 Jun 2025, 10:17

    Terraform

    Trended on social media

    Hype increased to 30

    CVE-2025-4673 affects the Terraform WinDNS Provider, which is used to manage Windows DNS server resources through Terraform. The vulnerability lies in versions prior to 1.0.5 and was made public on May 6, 2025. It stems from inadequate input sanitization within the windns_record resource. Specifically, the vulnerability could allow authenticated users with high privileges to potentially execute commands via PowerShell command injection. Version 1.0.5 of the Terraform WinDNS Provider addresses this issue with improved input validation.

  16. CVE-2025-5419

    06 Jun 2025, 10:17

    Google Chrome V8

    Trended on social media

    Hype increased to 30

    CVE-2025-5419 is an out-of-bounds read and write vulnerability found in the V8 JavaScript and WebAssembly engine of Google Chrome. Specifically, it affects Google Chrome versions prior to 137.0.7151.68. According to the NIST's National Vulnerability Database (NVD), this vulnerability could allow a remote attacker to potentially exploit heap corruption through a crafted HTML page. The vulnerability was reported to Google on May 27, 2025, by Clement Lecigne and Benoît Sevens of Google's Threat Analysis Group (TAG). Google has confirmed that an exploit for CVE-2025-5419 exists in the wild and has released a security update to address the issue. A configuration change was pushed to the Stable version of Chrome across all platforms on May 28, 2025, to mitigate the bug.

  17. CVE-2025-22874

    06 Jun 2025, 10:17

    Golang

    Trended on social media

    Hype increased to 30

    CVE-2025-22874 affects Google Go's crypto-x509 component, specifically the VerifyOptions.KeyUsages function. This vulnerability involves improper certificate validation due to manipulation with an unknown input. The vulnerability lies in the product's failure to properly validate certificates, potentially impacting integrity. It can be exploited remotely without authentication, though exploitation is considered difficult. The vulnerability is addressed in versions 1.23.10 and 1.24.4 of Google Go.

  18. CVE-2025-0913

    06 Jun 2025, 10:17

    WordPress

    Trended on social media

    Hype increased to 30

    CVE-2025-0913 is associated with multiple vulnerabilities across different software. One vulnerability affects the Slider & Popup Builder by Depicter plugin for WordPress. Specifically, it is a generic SQL Injection vulnerability present in versions up to and including 3.6.1. The vulnerability lies in the 's' parameter due to insufficient escaping of user-supplied input and inadequate preparation of the existing SQL query. Another vulnerability, CVE-2025-0913, is found in Ashlar-Vellum Cobalt related to CO file parsing. This use-after-free vulnerability allows remote attackers to execute arbitrary code on affected installations. Exploitation requires user interaction, such as opening a malicious file. The flaw stems from the lack of validation of an object's existence before operations are performed on it.

  19. CVE-2025-49113

    06 Jun 2025, 01:17

    Roundcube Webmail

    Trended on social media

    Hype increased to 40

    CVE-2025-49113 is a remote code execution vulnerability affecting Roundcube Webmail versions before 1.5.10 and 1.6.x before 1.6.11. It stems from the insufficient validation of the `_from` parameter in the `program/actions/settings/upload.php` file. This lack of validation allows for PHP Object Deserialization, potentially enabling authenticated users to execute arbitrary code on the Roundcube Webmail server. The vulnerability has been addressed in Roundcube Webmail versions 1.5.10 and 1.6.11.

  20. CVE-2025-4123

    05 Jun 2025, 06:17

    Grafana

    Trended on social media

    Hype increased to 30

    CVE-2025-4123 is a cross-site scripting (XSS) vulnerability found in Grafana. It stems from a combination of client path traversal and an open redirect issue within the handling of custom frontend plugins. This flaw allows attackers to redirect users to malicious websites and execute arbitrary JavaScript code. The vulnerability is particularly concerning because it can be exploited even without editor permissions, especially if anonymous access is enabled in Grafana. Furthermore, if the Grafana Image Renderer plugin is installed, the vulnerability can be escalated to a full read Server-Side Request Forgery (SSRF), potentially exposing internal services and cloud metadata. All supported versions of Grafana OSS and Grafana Enterprise, starting from Grafana 8 are affected.

  21. CVE-2025-5419

    05 Jun 2025, 00:00

    Google Chrome V8

    Added to CISA KEV catalog

    Vulnerability name
    Google Chromium V8 Out-of-Bounds Read and Write Vulnerability
    Product
    Google Chromium V8

    CVE-2025-5419 is an out-of-bounds read and write vulnerability found in the V8 JavaScript and WebAssembly engine of Google Chrome. Specifically, it affects Google Chrome versions prior to 137.0.7151.68. According to the NIST's National Vulnerability Database (NVD), this vulnerability could allow a remote attacker to potentially exploit heap corruption through a crafted HTML page. The vulnerability was reported to Google on May 27, 2025, by Clement Lecigne and Benoît Sevens of Google's Threat Analysis Group (TAG). Google has confirmed that an exploit for CVE-2025-5419 exists in the wild and has released a security update to address the issue. A configuration change was pushed to the Stable version of Chrome across all platforms on May 28, 2025, to mitigate the bug.

  22. CVE-2025-49113

    04 Jun 2025, 07:17

    Roundcube Webmail

    Trended on social media

    Hype increased to 36

    CVE-2025-49113 is a remote code execution vulnerability affecting Roundcube Webmail versions before 1.5.10 and 1.6.x before 1.6.11. It stems from the insufficient validation of the `_from` parameter in the `program/actions/settings/upload.php` file. This lack of validation allows for PHP Object Deserialization, potentially enabling authenticated users to execute arbitrary code on the Roundcube Webmail server. The vulnerability has been addressed in Roundcube Webmail versions 1.5.10 and 1.6.11.

  23. CVE-2025-5086

    04 Jun 2025, 05:17

    DELMIA Apriso

    Trended on social media

    Hype increased to 30

    CVE-2025-5086 is a deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025. Exploitation of this vulnerability could lead to remote code execution. Specifically, the vulnerability exists because the application does not properly validate data during the deserialization process. An attacker could potentially execute arbitrary code remotely without requiring user interaction, leading to a full system compromise, unauthorized code execution, potential data theft or manipulation, or complete system availability disruption.

  24. CVE-2025-5419

    03 Jun 2025, 13:17

    Google Chrome V8

    Trended on social media

    Hype increased to 62

    CVE-2025-5419 is an out-of-bounds read and write vulnerability found in the V8 JavaScript and WebAssembly engine of Google Chrome. Specifically, it affects Google Chrome versions prior to 137.0.7151.68. According to the NIST's National Vulnerability Database (NVD), this vulnerability could allow a remote attacker to potentially exploit heap corruption through a crafted HTML page. The vulnerability was reported to Google on May 27, 2025, by Clement Lecigne and Benoît Sevens of Google's Threat Analysis Group (TAG). Google has confirmed that an exploit for CVE-2025-5419 exists in the wild and has released a security update to address the issue. A configuration change was pushed to the Stable version of Chrome across all platforms on May 28, 2025, to mitigate the bug.

  25. CVE-2025-5419

    03 Jun 2025, 09:17

    Google Chrome V8

    Trended on social media

    Hype increased to 30

    CVE-2025-5419 is an out-of-bounds read and write vulnerability found in the V8 JavaScript and WebAssembly engine of Google Chrome. Specifically, it affects Google Chrome versions prior to 137.0.7151.68. According to the NIST's National Vulnerability Database (NVD), this vulnerability could allow a remote attacker to potentially exploit heap corruption through a crafted HTML page. The vulnerability was reported to Google on May 27, 2025, by Clement Lecigne and Benoît Sevens of Google's Threat Analysis Group (TAG). Google has confirmed that an exploit for CVE-2025-5419 exists in the wild and has released a security update to address the issue. A configuration change was pushed to the Stable version of Chrome across all platforms on May 28, 2025, to mitigate the bug.

  26. CVE-2025-31200

    03 Jun 2025, 04:17

    CoreAudioApple

    Trended on social media

    Hype increased to 30

    CVE-2025-31200 is a memory corruption vulnerability that exists in Apple's CoreAudio framework. This vulnerability can be triggered when processing an audio stream within a maliciously crafted media file. Successful exploitation of this vulnerability could allow for arbitrary code execution on the affected device. Apple has addressed this issue with improved bounds checking in tvOS 18.4.1, visionOS 2.4.1, iOS and iPadOS 18.4.1, and macOS Sequoia 15.4.1. It was reported that this vulnerability may have been exploited in targeted attacks against specific individuals.

  27. CVE-2025-27038

    03 Jun 2025, 00:00

    QualcommAdreno

    Added to CISA KEV catalog

    Vulnerability name
    Qualcomm Multiple Chipsets Use-After-Free Vulnerability
    Product
    Qualcomm Multiple Chipsets

    CVE-2025-27038 is a use-after-free vulnerability found in the Graphics component of Qualcomm's Adreno GPU drivers. This vulnerability can lead to memory corruption while rendering graphics, specifically when using the Adreno GPU drivers in Chrome. Qualcomm has released patches for this vulnerability, along with CVE-2025-21479 and CVE-2025-21480, and recommends that OEMs deploy the updates to affected devices as soon as possible. There are indications that CVE-2025-27038 may be under limited, targeted exploitation.

  28. CVE-2025-21480

    03 Jun 2025, 00:00

    AdrenoQualcomm

    Added to CISA KEV catalog

    Vulnerability name
    Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability
    Product
    Qualcomm Multiple Chipsets

    CVE-2025-21480 is an incorrect authorization vulnerability found in Qualcomm's Adreno GPU driver, specifically within the Graphics component. This flaw can lead to memory corruption due to unauthorized command execution in the GPU microcode when a specific sequence of commands is processed. The vulnerability is one of three zero-day flaws that were actively exploited in targeted attacks. Patches for this issue have been made available to OEMs, with a strong recommendation to deploy the update on affected devices as soon as possible.

  29. CVE-2025-21479

    03 Jun 2025, 00:00

    AdrenoQualcomm

    Added to CISA KEV catalog

    Vulnerability name
    Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability
    Product
    Qualcomm Multiple Chipsets

    CVE-2025-21479 is an incorrect authorization vulnerability found in the Graphics component of Qualcomm's Adreno GPU driver. This flaw can lead to memory corruption due to unauthorized command execution in the GPU microcode when a specific sequence of commands is processed. Successful exploitation of CVE-2025-21479 could allow attackers to execute unauthorized commands, potentially corrupting system memory. Qualcomm has released patches for this vulnerability and recommends that OEMs deploy the updates to affected devices as soon as possible. There are indications that this vulnerability may be under limited, targeted exploitation.

  30. CVE-2025-27038

    02 Jun 2025, 21:17

    QualcommAdreno

    Trended on social media

    Hype increased to 32

    CVE-2025-27038 is a use-after-free vulnerability found in the Graphics component of Qualcomm's Adreno GPU drivers. This vulnerability can lead to memory corruption while rendering graphics, specifically when using the Adreno GPU drivers in Chrome. Qualcomm has released patches for this vulnerability, along with CVE-2025-21479 and CVE-2025-21480, and recommends that OEMs deploy the updates to affected devices as soon as possible. There are indications that CVE-2025-27038 may be under limited, targeted exploitation.

  31. CVE-2025-21480

    02 Jun 2025, 21:17

    AdrenoQualcomm

    Trended on social media

    Hype increased to 32

    CVE-2025-21480 is an incorrect authorization vulnerability found in Qualcomm's Adreno GPU driver, specifically within the Graphics component. This flaw can lead to memory corruption due to unauthorized command execution in the GPU microcode when a specific sequence of commands is processed. The vulnerability is one of three zero-day flaws that were actively exploited in targeted attacks. Patches for this issue have been made available to OEMs, with a strong recommendation to deploy the update on affected devices as soon as possible.

  32. CVE-2025-21479

    02 Jun 2025, 21:17

    AdrenoQualcomm

    Trended on social media

    Hype increased to 32

    CVE-2025-21479 is an incorrect authorization vulnerability found in the Graphics component of Qualcomm's Adreno GPU driver. This flaw can lead to memory corruption due to unauthorized command execution in the GPU microcode when a specific sequence of commands is processed. Successful exploitation of CVE-2025-21479 could allow attackers to execute unauthorized commands, potentially corrupting system memory. Qualcomm has released patches for this vulnerability and recommends that OEMs deploy the updates to affected devices as soon as possible. There are indications that this vulnerability may be under limited, targeted exploitation.

  33. CVE-2025-3935

    02 Jun 2025, 00:00

    ScreenConnect

    Added to CISA KEV catalog

    Vulnerability name
    ConnectWise ScreenConnect Improper Authentication Vulnerability
    Product
    ConnectWise ScreenConnect

    CVE-2025-3935 affects ScreenConnect versions 25.2.3 and earlier. It is a ViewState code injection vulnerability in ASP.NET Web Forms. The ViewState feature is used to preserve the state of pages and controls, with data encoded in Base64 and protected by machine keys. If an attacker gains privileged system-level access and compromises these machine keys, they could create and send malicious ViewState data to the website. This could potentially lead to remote code execution on the server. ScreenConnect version 25.2.4 disables ViewState to remove any dependency on it.

  34. CVE-2025-35939

    02 Jun 2025, 00:00

    Craft CMS

    Added to CISA KEV catalog

    Vulnerability name
    Craft CMS External Control of Assumed-Immutable Web Parameter Vulnerability
    Product
    Craft CMS Craft CMS

    CVE-2025-35939 affects Craft CMS, where unauthenticated users can store arbitrary content in session files. This is due to the CMS storing return URLs without proper sanitization. When an unauthenticated request is redirected to the login page, Craft CMS generates a session file at `/var/lib/php/sessions` named `sess_[session_value]`, with the session value provided to the client via a Set-Cookie header. An unauthenticated attacker could inject arbitrary values, including potentially malicious PHP code, into a known local file location on the server. Craft CMS versions 5.7.5 and 4.15.3 have been released to address this vulnerability by implementing proper sanitization of return URLs before they are saved to the PHP session.

  35. CVE-2024-56145

    02 Jun 2025, 00:00

    Craft CMS

    Added to CISA KEV catalog

    Vulnerability name
    Craft CMS Code Injection Vulnerability
    Product
    Craft CMS Craft CMS

    CVE-2024-56145 is a remote code execution (RCE) vulnerability affecting Craft CMS. It exists in versions 5.0.0-RC1 to 5.5.2 (excluding 5.5.2), 4.0.0-RC1 to 4.13.2 (excluding 4.13.2), and 3.0.0 to 3.9.14 (excluding 3.9.14). The vulnerability is triggered when the PHP configuration setting `register_argc_argv` is enabled, which is the default in the official Craft CMS docker image. An attacker can exploit this vulnerability to achieve unauthenticated remote code execution by manipulating paths such as `--templatesPath` or `--configPath`, forcing the CMS to load arbitrary files. A successful exploit could lead to complete system compromise, potentially through the use of template files loaded via FTP, bypassing the CMS's built-in sandboxing.

  36. CVE-2023-39780

    02 Jun 2025, 00:00

    ASUSRT-AX55

    Added to CISA KEV catalog

    Vulnerability name
    ASUS RT-AX55 Routers OS Command Injection Vulnerability
    Product
    ASUS RT-AX55 Routers

    CVE-2023-39780 is a command injection vulnerability found in ASUS RT-AX55 routers, specifically version 3.0.0.4.386.51598. It allows authenticated attackers to execute arbitrary commands on the system. The vulnerability exists in the handling of user input, which enables attackers to inject and execute commands with elevated privileges. Successful exploitation of CVE-2023-39780 can lead to unauthorized actions and data breaches. Attackers have been observed exploiting this vulnerability, along with other authentication bypass techniques, to gain persistent access to ASUS routers, enabling SSH access and disabling logging to maintain a stealthy backdoor.

  37. CVE-2021-32030

    02 Jun 2025, 00:00

    GT-AC2900ASUS

    Added to CISA KEV catalog

    Vulnerability name
    ASUS Routers Improper Authentication Vulnerability
    Product
    ASUS Routers

    CVE-2021-32030 is an authentication bypass vulnerability affecting ASUS GT-AC2900 devices before version 3.0.0.4.386.42643 and Lyra Mini devices before version 3.0.0.4_384_46630. The vulnerability stems from how the administrator application processes remote input from unauthenticated users. Specifically, the vulnerability allows an attacker to gain unauthorized access to the administrator interface. This is because an attacker-supplied null byte ('\0') can match the device's default null byte value in certain situations during the authentication process. Successful exploitation could allow attackers to modify router settings, intercept network traffic, and potentially install malicious firmware.

  38. CVE-2025-4632

    22 May 2025, 00:00

    Samsung MagicINFO

    Added to CISA KEV catalog

    Vulnerability name
    Samsung MagicINFO 9 Server Path Traversal Vulnerability
    Product
    Samsung MagicINFO 9 Server

    CVE-2025-4632 is a path traversal vulnerability affecting Samsung MagicINFO 9 Server versions before 21.1052. The vulnerability stems from an improper limitation of a pathname to a restricted directory, which allows attackers to write arbitrary files with system authority. This can lead to remote code execution if specially crafted JavaServer Pages (JSP) files are uploaded. The vulnerability has been actively exploited in the wild and is considered a patch bypass for CVE-2024-7399, another path traversal flaw in the same product. Exploitation of CVE-2025-4632 has been linked to the deployment of the Mirai botnet in some instances. Samsung has released software updates to address this vulnerability.

  39. CVE-2025-4428

    19 May 2025, 16:28

    Ivanti EPMM

    Intruder Insight published

    This CVE references a Java Expression Language injection vulnerability in Ivanti EPMM, which allows a user with access to a particular API to execute arbitrary code. In conjunction with CVE-2025-4427 - an auth bypass vulnerability which gives access to the API in question - this can be used by an unauthenticated attacker. More information on exact vulnerable versions can be found [here](https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM) - you should patch immediately if vulnerable. Note that in the recommended deployment of EPMM, where the API is not accessible to the internet, the impact is reduced.)

    CVE-2025-4428 is a remote code execution (RCE) vulnerability affecting Ivanti Endpoint Manager Mobile (EPMM). An authenticated attacker could exploit this vulnerability to execute arbitrary code on a vulnerable device. The vulnerability is associated with an open-source library integrated into EPMM. Ivanti released a security advisory on May 13, 2025, to address this vulnerability, along with an authentication bypass vulnerability (CVE-2025-4427). It was found that chaining the two vulnerabilities together could lead to unauthenticated remote code execution. Ivanti is aware of a limited number of customers whose systems have been exploited.

  40. CVE-2025-4428

    19 May 2025, 00:00

    Ivanti EPMM

    Added to CISA KEV catalog

    Vulnerability name
    Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
    Product
    Ivanti Endpoint Manager Mobile (EPMM)

    CVE-2025-4428 is a remote code execution (RCE) vulnerability affecting Ivanti Endpoint Manager Mobile (EPMM). An authenticated attacker could exploit this vulnerability to execute arbitrary code on a vulnerable device. The vulnerability is associated with an open-source library integrated into EPMM. Ivanti released a security advisory on May 13, 2025, to address this vulnerability, along with an authentication bypass vulnerability (CVE-2025-4427). It was found that chaining the two vulnerabilities together could lead to unauthenticated remote code execution. Ivanti is aware of a limited number of customers whose systems have been exploited.

  41. CVE-2025-4427

    19 May 2025, 00:00

    Ivanti EPMM

    Added to CISA KEV catalog

    Vulnerability name
    Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability
    Product
    Ivanti Endpoint Manager Mobile (EPMM)

    CVE-2025-4427 is an authentication bypass vulnerability found in Ivanti Endpoint Manager Mobile (EPMM) version 12.5.0.0 and prior. It exists in the API component of the software. This vulnerability allows attackers to access protected resources without proper credentials via the API.

  42. CVE-2025-27920

    19 May 2025, 00:00

    Output Messenger

    Added to CISA KEV catalog

    Vulnerability name
    Srimax Output Messenger Directory Traversal Vulnerability
    Product
    Srimax Output Messenger

    CVE-2025-27920 is a directory traversal vulnerability that affects Output Messenger version 2.0.62 and earlier. This vulnerability allows authenticated attackers to upload malicious files into the server's startup directory by using "../" sequences in parameters to access files outside the intended directory. Successful exploitation of this vulnerability could allow attackers to access sensitive files, potentially leading to configuration leakage or arbitrary file access. It was discovered that a threat actor named Marbled Dust exploited this vulnerability in a cyber espionage campaign, targeting the Kurdish military operating in Iraq. Output Messenger released version 2.0.63 in late December 2024 to address this vulnerability.

  43. CVE-2024-27443

    19 May 2025, 00:00

    Zimbra ZCS

    Added to CISA KEV catalog

    Vulnerability name
    Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability
    Product
    Synacor Zimbra Collaboration Suite (ZCS)

    CVE-2024-27443 is a Cross-Site Scripting (XSS) vulnerability found in the CalendarInvite feature of the Zimbra Collaboration Suite (ZCS) classic webmail interface. This vulnerability exists because of improper input validation when handling the calendar header in email messages. An attacker can exploit this flaw by sending a specially crafted email containing a malicious calendar header with an embedded XSS payload. When a user views the email in the Zimbra classic web interface, the malicious code is executed within their browser, potentially allowing the attacker to compromise the user's session and execute arbitrary JavaScript code.

  44. CVE-2024-11182

    19 May 2025, 00:00

    MDaemon Email Server

    Added to CISA KEV catalog

    Vulnerability name
    MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability
    Product
    MDaemon Email Server

    CVE-2024-11182 is a cross-site scripting (XSS) vulnerability found in MDaemon Email Server versions prior to 24.5.1c. The vulnerability arises from insufficient sanitization of user-supplied data when handling IMG tags in email messages. An attacker can exploit this vulnerability by sending a specially crafted HTML email containing JavaScript code within an `<img>` tag. If the recipient opens the email, the malicious JavaScript code could execute within the context of their webmail browser window, potentially leading to unauthorized actions or information disclosure.

  45. CVE-2023-38950

    19 May 2025, 00:00

    Added to CISA KEV catalog

    Vulnerability name
    ZKTeco BioTime Path Traversal Vulnerability
    Product
    ZKTeco BioTime

    A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload.

  46. CVE-2025-4664

    15 May 2025, 00:00

    Google Chrome

    Added to CISA KEV catalog

    Vulnerability name
    Google Chromium Loader Insufficient Policy Enforcement Vulnerability
    Product
    Google Chromium

    CVE-2025-4664 is a vulnerability affecting Google Chrome's Loader component. The vulnerability stems from insufficient policy enforcement, which allows a remote attacker to potentially leak cross-origin data by using a crafted HTML page. The vulnerability was discovered by security researcher Vsevolod Kokorin (@slonser_) and reported on May 5, 2025. Google has released updates to address this issue in Chrome versions 136.0.7103.113/.114 for Windows and Mac, and 136.0.7103.113 for Linux. It is recommended that users update their Chrome browsers to these versions to mitigate the risk.

  47. CVE-2025-42999

    15 May 2025, 00:00

    Added to CISA KEV catalog

    Vulnerability name
    SAP NetWeaver Deserialization Vulnerability
    Product
    SAP NetWeaver

    SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.

  48. CVE-2024-12987

    15 May 2025, 00:00

    Added to CISA KEV catalog

    Vulnerability name
    DrayTek Vigor Routers OS Command Injection Vulnerability
    Product
    DrayTek Vigor Routers

    A vulnerability, which was classified as critical, was found in DrayTek Vigor2960 and Vigor300B 1.5.1.4. Affected is an unknown function of the file /cgi-bin/mainfunction.cgi/apmcfgupload of the component Web Management Interface. The manipulation of the argument session leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.1.5 is able to address this issue. It is recommended to upgrade the affected component.

  49. CVE-2025-32756

    14 May 2025, 00:00

    FortiVoiceFortinet

    Added to CISA KEV catalog

    Vulnerability name
    Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability
    Product
    Fortinet Multiple Products

    CVE-2025-32756 is a stack-based buffer overflow vulnerability that affects multiple Fortinet products, including FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary code or commands by sending specially crafted HTTP requests. Fortinet has observed active exploitation of this vulnerability in the wild, specifically targeting FortiVoice systems. During the exploitation of CVE-2025-32756, threat actors have been observed performing network scans, deleting system crash logs to conceal their activity, and enabling 'fcgi debugging' to log credentials. Additionally, they have been seen deploying malware, establishing cron jobs to harvest credentials, and using scripts to conduct network reconnaissance on compromised devices.

  50. CVE-2025-32706

    13 May 2025, 00:00

    Added to CISA KEV catalog

    Vulnerability name
    Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability
    Product
    Microsoft Windows

    Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.