{"page":1,"per_page":25,"total_vulns":293,"total_pages":12,"vulnerabilities":[{"_id":"687fb7da32b88bdd2b5df06d","cveID":"CVE-2025-49706","dateAdded":"2025-07-22","dueDate":"2025-07-23","notes":"CISA Mitigation Instructions: https://www.cisa.gov/news-events/alerts/2025/07/20/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770; https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/ ; https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49706 ; https://nvd.nist.gov/vuln/detail/CVE-2025-49706","product":"SharePoint","requiredAction":"CISA recommends disconnecting public-facing versions of SharePoint Server that have reached their end-of-life (EOL) or end-of-service (EOS). For example, SharePoint Server 2013 and earlier versions are end-of-life and should be discontinued if still in use. For supported versions, please follow the mitigations according to CISA and vendor instructions. Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.","shortDescription":"Microsoft SharePoint contains an improper authentication vulnerability that allows an authorized attacker to perform spoofing over a network. Successfully exploitation could allow an attacker to view sensitive information and make some changes to disclosed information. This vulnerability could be chained with CVE-2025-49704. The update for CVE-2025-53771 includes more robust protections than the update for CVE-2025-49706.","vendorProject":"Microsoft","vulnerabilityName":"Microsoft SharePoint Improper Authentication Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"HIGH","exploitabilityScore":2.8,"baseScore":7.1,"nvdReferences":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49706","source":"secure@microsoft.com","tags":["Vendor Advisory"]}],"vulnStatus":"Modified"}],"githubPocs":["https://github.com/AdityaBhatt3010/CVE-2025-49706-SharePoint-Spoofing-Vulnerability-Under-Active-Exploitation"],"openThreatData":[{"adversaries":["Linen Typhoon, Violet Typhoon, Storm-2603","Glowworm","GOLD SALEM"],"malwareFamiles":["Keysiphon","Krustyloader","Toolshell","Shadowpad - s0596","Warlock","Ghostwebshell","Sliver","Warlock ransomware","Zingdoor","Poisonplug.shadow"],"affectedIndustries":["Finance","Technology","Healthcare","Commercial","Education","Construction","Energy","Government","Telecommunications","Defense"],"communityAdversaries":["Linen Typhoon, Violet Typhoon, Storm-2603","Akira","Dragon_clover","GOLD SALEM"],"communityMalwareFamilies":["Keysiphon","Threat","Warlock","Ghostwebshell","Akira","Toolshell"],"communityAffectedIndustries":["Manufacturing","Transportation","Finance","Technology","Telecoms","Agriculture","Commercial","Telecommunications","Construction","Energy","Hospitality","Legal","Government","Retail","Healthcare"]}],"knownRansomwareCampaignUse":"Known"},{"_id":"687fb7da32b88bdd2b5df06c","cveID":"CVE-2025-49704","dateAdded":"2025-07-22","dueDate":"2025-07-23","notes":"CISA Mitigation Instructions: https://www.cisa.gov/news-events/alerts/2025/07/20/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770; https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/ ; https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49704 ; https://nvd.nist.gov/vuln/detail/CVE-2025-49704","product":"SharePoint","requiredAction":"CISA recommends disconnecting public-facing versions of SharePoint Server that have reached their end-of-life (EOL) or end-of-service (EOS). For example, SharePoint Server 2013 and earlier versions are end-of-life and should be discontinued if still in use. For supported versions, please follow the mitigations according to CISA and vendor instructions. Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.","shortDescription":"Microsoft SharePoint contains a code injection vulnerability that could allow an authorized attacker to execute code over a network. This vulnerability could be chained with CVE-2025-49706. The update for CVE-2025-53770 includes more robust protections than the update for CVE-2025-49704.","vendorProject":"Microsoft","vulnerabilityName":"Microsoft SharePoint Code Injection Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"HIGH","exploitabilityScore":2.8,"baseScore":8.8,"nvdReferences":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49704","source":"secure@microsoft.com","tags":["Vendor Advisory"]}],"vulnStatus":"Analyzed"}],"githubPocs":[],"openThreatData":[{"adversaries":["GOLD SALEM","Linen Typhoon, Violet Typhoon, Storm-2603","LuckyMouse","Glowworm"],"malwareFamiles":["Warlock","Msil/webshell.js","Toolshell","Ghostwebshell","Sliver","Zingdoor","Warlock ransomware","Krustyloader","Shadowpad - s0596","Poisonplug.shadow","Keysiphon"],"affectedIndustries":["Education","Defense","Government","Technology","Finance","Healthcare","Commercial","Telecommunications","Construction","Energy"],"communityAdversaries":["GOLD SALEM","Akira","Linen Typhoon, Violet Typhoon, Storm-2603","Dragon_clover"],"communityMalwareFamilies":["Threat","Warlock","Akira","Toolshell"],"communityAffectedIndustries":["Technology","Government","Finance","Retail","Hospitality","Legal","Transportation","Agriculture","Telecoms","Commercial","Energy","Construction","Healthcare","Manufacturing","Telecommunications"]}],"knownRansomwareCampaignUse":"Known"},{"_id":"687d4d193484ff52243fecb4","cveID":"CVE-2025-53770","dateAdded":"2025-07-20","dueDate":"2025-07-21","notes":"CISA Mitigation Instructions: https://www.cisa.gov/news-events/alerts/2025/07/20/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770 ; https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/ ; https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53770 ; https://nvd.nist.gov/vuln/detail/CVE-2025-53770","product":"SharePoint","requiredAction":"CISA recommends configuring AMSI integration in SharePoint and deploying Defender AV on all SharePoint servers. If AMSI cannot be enabled, CISA recommends disconnecting affected products that are public-facing on the internet from service until official mitigations are available. Once mitigations are provided, apply them according to CISA and vendor instructions. Follow the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.  ","shortDescription":"Microsoft SharePoint Server on-premises contains a deserialization of untrusted data vulnerability that could allow an unauthorized attacker to execute code over a network.","vendorProject":"Microsoft","vulnerabilityName":"Microsoft SharePoint Deserialization of Untrusted Data Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"CRITICAL","exploitabilityScore":3.9,"baseScore":9.8,"nvdReferences":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53770","source":"secure@microsoft.com","tags":["Vendor Advisory"]},{"url":"https://github.com/kaizensecurity/CVE-2025-53770","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]},{"url":"https://research.eye.security/sharepoint-under-siege/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mitigation","Third Party Advisory"]},{"url":"https://therecord.media/microsoft-sharepoint-zero-day-vulnerability-exploited-globally","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Press/Media Coverage"]},{"url":"https://www.bleepingcomputer.com/news/microsoft/microsoft-sharepoint-zero-day-exploited-in-rce-attacks-no-patch-available/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Press/Media Coverage"]},{"url":"https://www.cisa.gov/news-events/alerts/2025/07/20/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory","US Government Resource"]},{"url":"https://www.forbes.com/sites/daveywinder/2025/07/20/microsoft-confirms-ongoing-mass-sharepoint-attack---no-patch-available/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Press/Media Coverage"]},{"url":"https://x.com/Shadowserver/status/1946900837306868163","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}],"vulnStatus":"Analyzed"}],"githubPocs":["https://github.com/JustinnT/cve-2025-53770-","https://github.com/nisargsuthar/suricata-rule-CVE-2025-53770","https://github.com/zach115th/ToolShellFinder","https://github.com/exfil0/CVE-2025-53770","https://github.com/Kamal-Hegazi/CVE-2025-53770-SharePoint-RCE","https://github.com/m4r1x/CVE-2025-53770-Scanner","https://github.com/Hassanopop/CVE-2025-53770","https://github.com/Lapesha/CVE-2025-53770","https://github.com/bijikutu/CVE-2025-53770-Exploit","https://github.com/MuhammadWaseem29/CVE-2025-53770","https://github.com/3a7/CVE-2025-53770","https://github.com/bossnick98/-SOC342---CVE-2025-53770-SharePoint-ToolShell-Auth-Bypass-and-RCE","https://github.com/unk9vvn/sharepoint-toolpane","https://github.com/Rabbitbong/OurSharePoint-CVE-2025-53770","https://github.com/0x-crypt/CVE-2025-53770-Scanner","https://github.com/harryhaxor/CVE-2025-53770-SharePoint-Deserialization-RCE-PoC","https://github.com/BirdsAreFlyingCameras/CVE-2025-53770_Raw-HTTP-Request-Generator","https://github.com/ghostn4444/CVE-2025-53770","https://github.com/go-bi/sharepoint-CVE-2025-53770","https://github.com/daryllundy/CVE-2025-53770","https://github.com/ziisenpai/CVE-2025-53770-Scanner","https://github.com/Cameloo1/sharepoint-toolshell-micro-postmortem","https://github.com/bitsalv/ToolShell-Honeypot","https://github.com/0xray5c68616e37/cve-2025-53770","https://github.com/Sec-Dan/CVE-2025-53770-Scanner","https://github.com/a-hydrae/ToolShell-Honeypot","https://github.com/b33b0y/CVE-2025-53770","https://github.com/AdityaBhatt3010/CVE-2025-53770-SharePoint-Zero-Day-Variant-Exploited-for-Full-RCE","https://github.com/grupooruss/CVE-2025-53770-Checker","https://github.com/siag-itsec/CVE-2025-53770-Hunting","https://github.com/ZephrFish/CVE-2025-53770-Scanner","https://github.com/hazcod/CVE-2025-53770","https://github.com/soltanali0/CVE-2025-53770-Exploit","https://github.com/paolokappa/SharePointSecurityMonitor","https://github.com/kaizensecurity/CVE-2025-53770","https://github.com/n1chr0x/Zeropoint","https://github.com/RukshanaAlikhan/CVE-2025-53770","https://github.com/B1ack4sh/Blackash-CVE-2025-53770","https://github.com/yashz0007/CVE-2025-53770-Exploit","https://github.com/taqiaferdianshah/CVE-2025-53770","https://github.com/yosasasutsut/Blackash-CVE-2025-53770","https://github.com/rbctee/CVE-2025-53770"],"openThreatData":[{"adversaries":["Linen Typhoon, Violet Typhoon, Storm-2603","Glowworm","Storm-2603","GOLD SALEM","QuietCrabs"],"malwareFamiles":["Babyk","Anylock","Shadowpad - s0596","Sliver","Poisonplug.shadow","Warlock","Toolshell","Babuk - s0638","Vasa locker","Zingdoor","Catb","Krustyloader","Lockbit"],"affectedIndustries":["Healthcare","Commercial","Finance","Technology","Energy","Construction","Government","Telecommunications","Engineering","Manufacturing","Defense","Education"],"communityAdversaries":["Akira","Thor","Warlock","Linen Typhoon, Violet Typhoon, Storm-2603","Vidar Stealer, Storm-2603, ClickFix to deliver NetSupport RAT Loaders, BackdoorDiplomacy, ClayRat (S","Dragon_clover","Storm-2603","GOLD SALEM","QuietCrabs"],"communityMalwareFamilies":["Babyk","Akira","Threat","Anylock","Toolshell","Sliver","Warlock","Babuk - s0638","Vasa locker","Catb","Krustyloader","Lockbit"],"communityAffectedIndustries":["Healthcare","Commercial","Telecoms","Finance","Technology","Energy","Medical","Government","Construction","Legal","Engineering","Hospitality","Telecommunications","Agriculture","Retail","Manufacturing","Transportation","Defense"]}],"knownRansomwareCampaignUse":"Known"},{"_id":"686ff3e938b98272b8d2c85a","cveID":"CVE-2025-5777","dateAdded":"2025-07-10","dueDate":"2025-07-11","notes":"https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420 ; https://nvd.nist.gov/vuln/detail/CVE-2025-5777","product":"NetScaler ADC and Gateway","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"Citrix NetScaler ADC and Gateway contain an out-of-bounds read vulnerability due to insufficient input validation. This vulnerability can lead to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.","vendorProject":"Citrix","vulnerabilityName":"Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"HIGH","exploitabilityScore":3.9,"baseScore":7.5,"nvdReferences":[{"url":"https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420","source":"secure@citrix.com","tags":["Vendor Advisory"]},{"url":"https://doublepulsar.com/citrixbleed-2-exploitation-started-mid-june-how-to-spot-it-f3106392aa71","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Third Party Advisory"]}],"vulnStatus":"Analyzed"}],"githubPocs":["https://github.com/bughuntar/CVE-2025-5777","https://github.com/FrenzisRed/CVE-2025-5777","https://github.com/win3zz/CVE-2025-5777","https://github.com/Chocapikk/CVE-2025-5777","https://github.com/orange0Mint/CitrixBleed-2-CVE-2025-5777","https://github.com/RaR1991/citrix_bleed_2","https://github.com/nocerainfosec/cve-2025-5777","https://github.com/idobarel/CVE-2025-5777","https://github.com/RickGeex/CVE-2025-5777-CitrixBleed","https://github.com/mingshenhk/CitrixBleed-2-CVE-2025-5777-PoC-","https://github.com/Jishanluhar/CVE-2025-5777","https://github.com/0xgh057r3c0n/CVE-2025-5777","https://github.com/B1ack4sh/Blackash-CVE-2025-5777","https://github.com/cyberleelawat/ExploitVeer","https://github.com/SleepNotF0und/CVE-2025-5777","https://github.com/Shivshantp/CVE-2025-5777-TrendMicro-ApexCentral-RCE","https://github.com/below0day/Honeypot-Logs-CVE-2025-5777","https://github.com/rootxsushant/Citrix-NetScaler-Memory-Leak-CVE-2025-5777","https://github.com/ndr-repo/CVE-2025-5777","https://github.com/mr-r3b00t/CVE-2025-5777","https://github.com/Lakiya673/CVE-2025-5777","https://github.com/zaryouhashraf/CVE-2025-5777"],"openThreatData":[{"adversaries":["MuddyWater","UAC-0226","Dropping Elephant"],"malwareFamiles":["Dropping elephant rat","Giftedcrook","Persianc2","Keyc2","Arenac2","Tsundere botnet"],"affectedIndustries":["Government","Transportation","Defense","Healthcare","Technology","Finance"],"communityAdversaries":["MuddyWater","UAC-0226","UNC5174","Paragon"],"communityMalwareFamilies":["Giftedcrook","Persianc2","Keyc2","Arenac2","Anatsa","Unified cm","Tsundere botnet"],"communityAffectedIndustries":["Government","Education","Industrial","Transportation","Telecom","Retail","Financial services","Manufacturing","Defense","Critical infrastructure","Healthcare","Technology","Construction","Finance","Energy"]}],"knownRansomwareCampaignUse":"Known"},{"_id":"685c3b792141cc2ddcb31f4c","cveID":"CVE-2019-6693","dateAdded":"2025-06-25","dueDate":"2025-07-16","notes":"https://fortiguard.com/advisory/FG-IR-19-007 ; https://nvd.nist.gov/vuln/detail/CVE-2019-6693","product":"FortiOS","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"Fortinet FortiOS contains a use of hard-coded credentials vulnerability that could allow an attacker to cipher sensitive data in FortiOS configuration backup file via knowledge of the hard-coded key. ","vendorProject":"Fortinet","vulnerabilityName":"Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"MEDIUM","exploitabilityScore":2.8,"baseScore":6.5,"nvdReferences":[{"url":"https://fortiguard.com/advisory/FG-IR-19-007","source":"psirt@fortinet.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://fortiguard.com/advisory/FG-IR-19-007","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]}],"vulnStatus":"Modified"}],"githubPocs":["https://github.com/saladandonionrings/cve-2019-6693","https://github.com/synacktiv/CVE-2020-9289","https://github.com/gquere/CVE-2019-6693"],"openThreatData":[{"adversaries":["Akira"],"malwareFamiles":["Akira"],"affectedIndustries":["Government","Healthcare","Manufacturing","Finance","Technology"],"communityAdversaries":["Akira"],"communityMalwareFamilies":["Akira"],"communityAffectedIndustries":["Government","Healthcare","Manufacturing","Finance","Technology"]}],"knownRansomwareCampaignUse":"Known"},{"_id":"68110df234841e14e9765044","cveID":"CVE-2025-31324","dateAdded":"2025-04-29","dueDate":"2025-05-20","notes":"https://me.sap.com/notes/3594142 ; https://nvd.nist.gov/vuln/detail/CVE-2025-31324","product":"NetWeaver","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"SAP NetWeaver Visual Composer Metadata Uploader contains an unrestricted file upload vulnerability that allows an unauthenticated agent to upload potentially malicious executable binaries.","vendorProject":"SAP","vulnerabilityName":"SAP NetWeaver Unrestricted File Upload Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"CRITICAL","exploitabilityScore":3.9,"baseScore":10.0,"nvdReferences":[{"url":"https://me.sap.com/notes/3594142","source":"cna@sap.com","tags":["Permissions Required"]},{"url":"https://url.sap/sapsecuritypatchday","source":"cna@sap.com","tags":["Vendor Advisory"]},{"url":"https://www.bleepingcomputer.com/news/security/sap-fixes-suspected-netweaver-zero-day-exploited-in-attacks/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Press/Media Coverage"]},{"url":"https://www.theregister.com/2025/04/25/sap_netweaver_patch/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Press/Media Coverage"]},{"url":"https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Third Party Advisory"]}],"vulnStatus":"Analyzed"}],"githubPocs":["https://github.com/sug4r-wr41th/CVE-2025-31324","https://github.com/nairuzabulhul/nuclei-template-cve-2025-31324-check","https://github.com/rf-peixoto/sap_netweaver_cve-2025-31324-","https://github.com/Onapsis/Onapsis-Mandiant-CVE-2025-31324-Vuln-Compromise-Assessment","https://github.com/JonathanStross/CVE-2025-31324","https://github.com/respondiq/jsp-webshell-scanner","https://github.com/nullcult/CVE-2025-31324-File-Upload","https://github.com/BlueOWL-overlord/Burp_CVE-2025-31324","https://github.com/Pengrey/CVE-2025-31324","https://github.com/abrewer251/CVE-2025-31324_PoC_SAP","https://github.com/antichainalysis/sap-netweaver-0day-CVE-2025-31324","https://github.com/aristois913/CVE-2025-31324","https://github.com/ODST-Forge/CVE-2025-31324_PoC","https://github.com/Alizngnc/SAP-CVE-2025-31324","https://github.com/moften/CVE-2025-31324-NUCLEI","https://github.com/moften/CVE-2025-31324","https://github.com/redrays-io/CVE-2025-31324","https://github.com/rxerium/CVE-2025-31324"],"openThreatData":[{"adversaries":["RondoDox","GLOBAL GROUP","China-Nexus"],"malwareFamiles":["Auto-color","Rondodox","Mirai","Black lock","Krustyloader","Snowlight","Global group","Mamona rip","Reactonmynuts"],"affectedIndustries":["Critical infrastructure","Chemical","Legal"],"communityAdversaries":["RondoDox","Adversary Profile: Salt Typhoon Alignment The architectural gap identified by mudoSO mirrors the act","Storm-2603","APT24, Autumn Dragon, Operation DreamJob, Water Gamayun, Shai-Hulud Campaign Infecting Macs via Face"],"communityMalwareFamilies":["Auto-color","Rondodox","Lockbit 3.0","Php","Asp.net","Seo poisoning","Dragonrank","Ak47c2","Mirai","Warlock","Ak47 ransomware","Reactonmynuts","X2anylock"],"communityAffectedIndustries":["Legal, financial, healthcare, government, municipal, real-estate, enterprise-technology, critical-in","Chemical","Government"]}],"knownRansomwareCampaignUse":"Known"},{"_id":"67f574890a5ebe730c115c05","cveID":"CVE-2025-29824","dateAdded":"2025-04-08","dueDate":"2025-04-29","notes":"https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29824 ; https://nvd.nist.gov/vuln/detail/CVE-2025-29824","product":"Windows","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.","vendorProject":"Microsoft","vulnerabilityName":"Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability","nvdData":[{"attackVector":"LOCAL","attackComplexity":"LOW","baseSeverity":"HIGH","exploitabilityScore":1.8,"baseScore":7.8,"nvdReferences":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29824","source":"secure@microsoft.com","tags":["Vendor Advisory"]}],"vulnStatus":"Analyzed"}],"githubPocs":["https://github.com/AfanPan/CVE-2025-29824-Exploit","https://github.com/zmkeh/CVE-2025-29824-CLFS-Local-privilege-escalation"],"openThreatData":[{"adversaries":["Storm-2460","Winnti"],"malwareFamiles":["Ms edge password stealer","Ransomexx","Asyncrat","Godrat","Pipemagic","Chrome password stealer"],"affectedIndustries":["Finance","Information technology","Financial","Real estate","Retail"],"communityAdversaries":["Storm-2460","SmudgedSerpent, Sneaky Malware, XLoader, DragonForce, NGATE Android Malware, Phatom Raven, TA4428","LANDFALL, GootLoader, EndClient RAT, God RAT, Infrastructure aurologic GmbHUNK, RondoBox, Fantasy Hu","Winnti"],"communityMalwareFamilies":["Ms edge password stealer","Black basta","Ransomexx","Asyncrat","Godrat","Pipemagic","Balloonfly","Play","Chrome password stealer"],"communityAffectedIndustries":["Finance","Information technology","Financial","Critical infrastructure","Real estate","Retail"]}],"knownRansomwareCampaignUse":"Known"},{"_id":"67f42309f7de2982727c8480","cveID":"CVE-2025-31161","dateAdded":"2025-04-07","dueDate":"2025-04-28","notes":"https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update ; https://nvd.nist.gov/vuln/detail/CVE-2025-31161","product":"CrushFTP","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"CrushFTP contains an authentication bypass vulnerability in the HTTP authorization header that allows a remote unauthenticated attacker to authenticate to any known or guessable user account (e.g., crushadmin), potentially leading to a full compromise. ","vendorProject":"CrushFTP","vulnerabilityName":"CrushFTP Authentication Bypass Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"CRITICAL","exploitabilityScore":3.9,"baseScore":9.8,"nvdReferences":[{"url":"https://crushftp.com/crush11wiki/Wiki.jsp?page=Update#section-Update-VulnerabilityInfo","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://outpost24.com/blog/crushftp-auth-bypass-vulnerability/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://attackerkb.com/topics/k0EgiL9Psz/cve-2025-2825/rapid7-analysis","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://projectdiscovery.io/blog/crushftp-authentication-bypass","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.darkreading.com/vulnerabilities-threats/disclosure-drama-clouds-crushftp-vulnerability-exploitation","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Press/Media Coverage"]},{"url":"https://www.huntress.com/blog/crushftp-cve-2025-31161-auth-bypass-and-post-exploitation","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.infosecurity-magazine.com/news/crushftp-flaw-exploited-disclosure/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Press/Media Coverage"]}],"vulnStatus":"Analyzed"}],"githubPocs":["https://github.com/Immersive-Labs-Sec/CVE-2025-31161","https://github.com/TX-One/CVE-2025-31161","https://github.com/ibrahimsql/CVE-2025-31161","https://github.com/SUPRAAA-1337/CVE-2025-31161_exploit","https://github.com/SUPRAAA-1337/Nuclei_CVE-2025-31161_CVE-2025-2825","https://github.com/0xgh057r3c0n/CVE-2025-31161","https://github.com/B1ack4sh/Blackash-CVE-2025-31161","https://github.com/ibrahmsql/CVE-2025-31161","https://github.com/f4dee-backup/CVE-2025-31161","https://github.com/acan0007/CVE-2025-31161","https://github.com/Teexo/CVE-2025-31161","https://github.com/Dairrow/CVE-2025-31161","https://github.com/Drelinss/Blackash-CVE-2025-31161","https://github.com/Shisones/CVE-2025-31161","https://github.com/eserror/CVE-2025-31161"],"openThreatData":[{"adversaries":[],"malwareFamiles":["Meshcentral agent","Anydesk","Telegram bot malware"],"affectedIndustries":["Retail","Semiconductor","Marketing","Technology"],"communityAdversaries":[],"communityMalwareFamilies":[],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Known"},{"_id":"67f0207a7ffbcf0a2c35ea4f","cveID":"CVE-2025-22457","dateAdded":"2025-04-04","dueDate":"2025-04-11","notes":"CISA Mitigation Instructions: https://www.cisa.gov/cisa-mitigation-instructions-cve-2025-22457 ; Additional References: https://forums.ivanti.com/s/article/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457) ; https://nvd.nist.gov/vuln/detail/CVE-2025-22457","product":"Connect Secure, Policy Secure and ZTA Gateways","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"Ivanti Connect Secure, Policy Secure and ZTA Gateways contains a stack-based buffer overflow vulnerability that allows a remote unauthenticated attacker to achieve remote code execution. ","vendorProject":"Ivanti","vulnerabilityName":"Ivanti Connect Secure, Policy Secure and ZTA Gateways Stack-Based Buffer Overflow Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"HIGH","baseSeverity":"CRITICAL","exploitabilityScore":2.2,"baseScore":9.0,"nvdReferences":[{"url":"https://forums.ivanti.com/s/article/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457","source":"3c1d8aa1-5a33-4ea4-8992-aadd6440af75","tags":["Vendor Advisory"]}],"vulnStatus":"Analyzed"}],"githubPocs":["https://github.com/securekomodo/CVE-2025-22457","https://github.com/sfewer-r7/CVE-2025-22457","https://github.com/N4SL1/CVE-2025-22457-PoC","https://github.com/Vinylrider/ivantiunlocker","https://github.com/TRone-ux/CVE-2025-22457","https://github.com/B1ack4sh/Blackash-CVE-2025-22457"],"openThreatData":[{"adversaries":["GLOBAL GROUP","UNC3886","UNC5221"],"malwareFamiles":["Reptile","Ghosttown","Sliver","Medusa","Global group","Seaelf","Krustyloader","Fscan","Mdifyloader","Vshell","Tinyshell","Auto-color","Cobalt strike beacon","Black lock","Pithook","Mamona rip"],"affectedIndustries":["Legal","Telecommunications","Technology","Finance","Aerospace","Government","Manufacturing","Transportation","Defense","Healthcare"],"communityAdversaries":["UNC5221","Silver Fox","Chihuahua","Threat","Tracer Kitten"],"communityMalwareFamilies":["Javascript","Phantomnet","Warpwire","Thanos","Lumma infostealar","Katz","Katz infostealer","Lumma infostealer","Spawnsnail","Winos","Brickstorm","Lumma","Sliver","’m","Stuxnet","Gh0st","Lumma infostelar","Brushfire","Pupkinstealer exfiltration","Pupkinstealer","Auto-color","Unc5291","Java","Anubis","Cobalt strike","Krustyloader","Threat intelligence","Chihuahua infostealer","Color","Greencharlie","Threat","Blizkiy","Chihuahua","Spawn","Signing","Quadagent","Infostelar exfiltration","Linux","Trailblaze","Terribletea","Deploying","Go","Silver fox","Color linux"],"communityAffectedIndustries":["Bank","Finance","Telecom","Aviation","Healthcare","Critical sectors","Critical infrastructure","Aerospace","Industrial","Manufacturing","Journalists","Medical","Energy","Technology","Pharmaceutical","Human rights","Financial services","Transportation","Political","Defense","Construction","Military","Telecommunications","Financial","Government","Social engineering"]}],"knownRansomwareCampaignUse":"Known"},{"_id":"67d9c50b033584b54e53d157","cveID":"CVE-2025-24472","dateAdded":"2025-03-18","dueDate":"2025-04-08","notes":"https://fortiguard.fortinet.com/psirt/FG-IR-24-535 ; https://nvd.nist.gov/vuln/detail/CVE-2025-24472","product":"FortiOS and FortiProxy","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":" Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that allows a remote attacker to gain super-admin privileges via crafted CSF proxy requests.","vendorProject":"Fortinet","vulnerabilityName":"Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"HIGH","baseSeverity":"HIGH","exploitabilityScore":2.2,"baseScore":8.1,"nvdReferences":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-24-535","source":"psirt@fortinet.com","tags":["Vendor Advisory"]}],"vulnStatus":"Analyzed"}],"githubPocs":[],"openThreatData":[{"adversaries":["Proton66"],"malwareFamiles":["Superblack"],"affectedIndustries":["Manufacturing","Healthcare","Technology","Retail","Finance","Government"],"communityAdversaries":["Proton66","Prospero","Adversary Profile: Salt Typhoon Alignment The architectural gap identified by mudoSO mirrors the act"],"communityMalwareFamilies":["Superblack","Weaxor","Strelastealer","Xworm"],"communityAffectedIndustries":["Manufacturing","Finance","Healthcare","Technology","Retail","Legal, financial, healthcare, government, municipal, real-estate, enterprise-technology, critical-in","Government"]}],"knownRansomwareCampaignUse":"Known"},{"_id":"67d07bd7cb23bd965693afe1","cveID":"CVE-2025-26633","dateAdded":"2025-03-11","dueDate":"2025-04-01","notes":"https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26633 ; https://nvd.nist.gov/vuln/detail/CVE-2025-26633","product":"Windows","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"Microsoft Windows Management Console (MMC) contains an improper neutralization vulnerability that allows an unauthorized attacker to execute code over a network.","vendorProject":"Microsoft","vulnerabilityName":"Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability","nvdData":[{"attackVector":"LOCAL","attackComplexity":"HIGH","baseSeverity":"HIGH","exploitabilityScore":1.0,"baseScore":7.0,"nvdReferences":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26633","source":"secure@microsoft.com","tags":["Vendor Advisory"]}],"vulnStatus":"Analyzed"}],"githubPocs":["https://github.com/mbanyamer/MSC-EvilTwin-Local-Privilege-Escalation"],"openThreatData":[{"adversaries":["Water Gamayun","EncryptHub"],"malwareFamiles":["Fickle stealer","Silentprism","Stealc","Encrypthub","Darkwisp","Rhadamanthys","Encrypthub stealer","Silentcrystal"],"affectedIndustries":["Technology","Government","Defense"],"communityAdversaries":["Water Gamayun","EncryptHub","APT10"],"communityMalwareFamilies":["Encryptrat","Silentprism","Stealc","Trojanspy","Encrypthub","Darkwisp","Rhadamanthys","Noopdoor","Encrypthub stealer"],"communityAffectedIndustries":["Political","Defense","Technology","Government","Thinktanks"]}],"knownRansomwareCampaignUse":"Known"},{"_id":"67c5d45b1b1dedec3879a194","cveID":"CVE-2018-8639","dateAdded":"2025-03-03","dueDate":"2025-03-24","notes":"https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2018-8639 ; https://nvd.nist.gov/vuln/detail/CVE-2018-8639","product":"Windows","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"Microsoft Windows Win32k contains an improper resource shutdown or release vulnerability that allows for local, authenticated privilege escalation. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.","vendorProject":"Microsoft","vulnerabilityName":"Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability","nvdData":[{"attackVector":"LOCAL","attackComplexity":"LOW","baseSeverity":"HIGH","exploitabilityScore":3.9,"baseScore":7.2,"nvdReferences":[{"url":"http://www.securityfocus.com/bid/106093","source":"secure@microsoft.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8639","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/106093","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8639","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}],"vulnStatus":"Modified"}],"githubPocs":["https://github.com/timwhitez/CVE-2018-8639-EXP"],"openThreatData":[{"adversaries":["Dalbit"],"malwareFamiles":["Moonlight’","Dalbit","Webshell"],"affectedIndustries":[],"communityAdversaries":["Dalbit"],"communityMalwareFamilies":["Webshell","Asyncrat","Dalbit","Moonlight’","Chinese hacker"],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Known"},{"_id":"67ae438ad8ad38c564932a92","cveID":"CVE-2024-57727","dateAdded":"2025-02-13","dueDate":"2025-03-06","notes":"\"https://simple-help.com/kb---security-vulnerabilities-01-2025 ; https://nvd.nist.gov/vuln/detail/CVE-2024-57727","product":"SimpleHelp","requiredAction":"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.","shortDescription":"SimpleHelp remote support software contains multiple path traversal vulnerabilities that allow unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files may include server configuration files and hashed user passwords.","vendorProject":"SimpleHelp ","vulnerabilityName":"SimpleHelp Path Traversal Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"HIGH","exploitabilityScore":3.9,"baseScore":7.5,"nvdReferences":[{"url":"https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier","source":"cve@mitre.org","tags":["Release Notes"]},{"url":"https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software/","source":"cve@mitre.org","tags":["Third Party Advisory"]}],"vulnStatus":"Modified"}],"githubPocs":["https://github.com/imjdl/CVE-2024-57727"],"openThreatData":[{"adversaries":["Play","GLOBAL GROUP"],"malwareFamiles":["Mamona rip","Black lock","Systembc","Global group","Play","Grixba"],"affectedIndustries":["Legal","Critical infrastructure"],"communityAdversaries":["They","Play ransomware group","Silver Fox","Contagious Interview Campaign, Triton fork campaign, CRESCENTHARVEST, MIMICRAT, Operation Olalampo","Tracer Kitten"],"communityMalwareFamilies":["Greencharlie","Winos","Katz infostealer","Berserk","Interlock","Jwrapper","Systembc","Javascript","Quadagent","Stuxnet","Katz","Gh0st","Dragonforce","Lumma","Akira","Silver fox","Crypto24","Cobalt strike","Thanos","Anubis","Play"],"communityAffectedIndustries":["Media","It","Industrial","Defense","Critical sectors","Financial","Telecom","Journalists","Aerospace","Critical infrastructure","Construction","Transportation","Real estate","Political","Healthcare","Medical","Finance","Education","Manufacturing","Government","Energy","Military","Telecommunications","Human rights"]}],"knownRansomwareCampaignUse":"Known"},{"_id":"6793bb599bd379a070e4ba87","cveID":"CVE-2025-23006","dateAdded":"2025-01-24","dueDate":"2025-02-14","notes":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0002 ; https://nvd.nist.gov/vuln/detail/CVE-2025-23006","product":"SMA1000 Appliances","requiredAction":"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.","shortDescription":"SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) contain a deserialization of untrusted data vulnerability, which can enable a remote, unauthenticated attacker to execute arbitrary OS commands.","vendorProject":"SonicWall","vulnerabilityName":"SonicWall SMA1000 Appliances Deserialization Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"CRITICAL","exploitabilityScore":3.9,"baseScore":9.8,"nvdReferences":[{"url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0002","source":"PSIRT@sonicwall.com","tags":["Vendor Advisory"]}],"vulnStatus":"Analyzed"}],"githubPocs":[],"openThreatData":[{"adversaries":[],"malwareFamiles":[],"affectedIndustries":[],"communityAdversaries":["LockBit","Typhoon","APT34","Fog"],"communityMalwareFamilies":["Delivery chaos","Gandcrab","Overview chaos","Phorpiex","Nessus pro","Delivering","Phorpiex gandcrab","Chaos","Twizt","Javascript","Lockbit","Stefan","Linux","Lockbit black","Threat","Introduction chaos","Cobalt strike","C2","Phorpiex twizt"],"communityAffectedIndustries":["Critical infrastructure","Technology","Retail","Defense","Construction","Transportation","Legal","Energy","Education","Aviation","Consumer services","Recreation","Finance","Telecommunications","Government","Manufacturing","Logistics"]}],"knownRansomwareCampaignUse":"Known"},{"_id":"6786c49e373c5cea8a168703","cveID":"CVE-2024-55591","dateAdded":"2025-01-14","dueDate":"2025-01-21","notes":"https://fortiguard.fortinet.com/psirt/FG-IR-24-535 ; https://nvd.nist.gov/vuln/detail/CVE-2024-55591","product":"FortiOS","requiredAction":"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.","shortDescription":"Fortinet FortiOS contains an authorization bypass vulnerability that may allow an unauthenticated remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.","vendorProject":"Fortinet","vulnerabilityName":"Fortinet FortiOS Authorization Bypass Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"CRITICAL","exploitabilityScore":3.9,"baseScore":9.8,"nvdReferences":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-24-535","source":"psirt@fortinet.com","tags":["Mitigation","Vendor Advisory"]}],"vulnStatus":"Analyzed"}],"githubPocs":["https://github.com/souzatyler/fortios-auth-bypass-check-CVE-2024-55591","https://github.com/robomusk52/exp-cmd-add-admin-vpn-CVE-2024-55591","https://github.com/amfg145/Private-CVE-2024-55591.","https://github.com/rawtips/CVE-2024-55591","https://github.com/exfil0/CVE-2024-55591-POC","https://github.com/virus-or-not/CVE-2024-55591"],"openThreatData":[{"adversaries":["Proton66","MuddyWater"],"malwareFamiles":["Tsundere botnet","Persianc2","Superblack","Keyc2","Arenac2"],"affectedIndustries":["Technology","Government","Finance","Manufacturing","Healthcare","Transportation","Defense","Retail"],"communityAdversaries":["unknown","Qilin","MuddyWater","DNS requests to deliver MgBot, Arcane Werewolf, MEDUSA LOCKER, HoneyMyte","Prospero","Proton66","Adversary Profile: Salt Typhoon Alignment The architectural gap identified by mudoSO mirrors the act"],"communityMalwareFamilies":["Qilin","Castletap","Tsundere botnet","Strelastealer","Virtualpita","Xworm","Persianc2","Weaxor","Superblack","Thincrust","Keyc2","Encrypted","Phantom mantis","Arenac2","Mora_001","Ivanti neurons"],"communityAffectedIndustries":["Critical infrastructure","Automotive","Technology","Government","Finance","Critical services","Human services","Legal, financial, healthcare, government, municipal, real-estate, enterprise-technology, critical-in","Manufacturing","Healthcare","Education","Transportation","Defense","Financial services","Retail"]}],"knownRansomwareCampaignUse":"Known"},{"_id":"6785388acc1aa8081eb54e33","cveID":"CVE-2023-48365","dateAdded":"2025-01-13","dueDate":"2025-02-03","notes":"https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows/tac-p/2120510 ; https://nvd.nist.gov/vuln/detail/CVE-2023-48365","product":"Sense","requiredAction":"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.","shortDescription":"Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP requests on the backend server hosting the software.","vendorProject":"Qlik","vulnerabilityName":"Qlik Sense HTTP Tunneling Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"CRITICAL","exploitabilityScore":3.1,"baseScore":9.6,"nvdReferences":[{"url":"https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows/tac-p/2120510","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows/tac-p/2120510","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}],"vulnStatus":"Modified"}],"githubPocs":[],"openThreatData":[{"adversaries":["Magnet Goblin"],"malwareFamiles":["Nerbianrat","Mininerbian","Warpwire"],"affectedIndustries":[],"communityAdversaries":["Magnet Goblin","Cactus Ransomware"],"communityMalwareFamilies":["Nerbianrat","Windows","Magnet goblin","Ivanti neurons","Warpwire","Magento exploitation","Cactus","Trojans","Ivanti exploitation","Secure vpn","Nerbianrat linux","Minnerbian","Linux","Mininerbian"],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Known"},{"_id":"677f05c9a9acf1a0343c7bca","cveID":"CVE-2025-0282","dateAdded":"2025-01-08","dueDate":"2025-01-15","notes":"https://www.cisa.gov/cisa-mitigation-instructions-CVE-2025-0282 ; https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283 ; https://nvd.nist.gov/vuln/detail/CVE-2025-0282","product":"Connect Secure, Policy Secure, and ZTA Gateways","requiredAction":"Apply mitigations as set forth in the CISA instructions linked below to include conducting hunt activities, taking remediation actions if applicable, and applying updates prior to returning a device to service.","shortDescription":"Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow which can lead to unauthenticated remote code execution.","vendorProject":"Ivanti","vulnerabilityName":"Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"HIGH","baseSeverity":"CRITICAL","exploitabilityScore":2.2,"baseScore":9.0,"nvdReferences":[{"url":"https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283","source":"3c1d8aa1-5a33-4ea4-8992-aadd6440af75","tags":["Vendor Advisory"]},{"url":"https://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-day","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description"]},{"url":"https://www.cisa.gov/cisa-mitigation-instructions-cve-2025-0282","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}],"vulnStatus":"Analyzed"}],"githubPocs":["https://github.com/anonzoli/CVE-2025-0282-Full-version","https://github.com/absholi7ly/CVE-2025-0282-Ivanti-exploit","https://github.com/NyxanGoat/CVE-2025-0282-PoC","https://github.com/BishopFox/CVE-2025-0282-check","https://github.com/sfewer-r7/CVE-2025-0282","https://github.com/watchtowrlabs/CVE-2025-0282","https://github.com/chiefchainer/CVE-2025-0282","https://github.com/AdaniKamal/CVE-2025-0282","https://github.com/punitdarji/Ivanti-CVE-2025-0282","https://github.com/B1ack4sh/Blackash-CVE-2025-0282","https://github.com/gmh5225/Blackash-CVE-2025-0282"],"openThreatData":[{"adversaries":["Storm-2603"],"malwareFamiles":["Fatalrat","Saltwater","Ak47c2","Acr stealer","Mdifyloader","Lamehug","Fscan","Seaspy","Warlock","Vshell","X2anylock","Ak47 ransomware","Seaside","Lockbit 3.0","Cobalt strike beacon"],"affectedIndustries":["Government","Manufacturing","Energy","Technology","Telecommunications","Finance"],"communityAdversaries":["Storm-2603"],"communityMalwareFamilies":["Fatalrat","Saltwater","Ak47c2","Acr stealer","Lamehug","Cobalt strike","Seaspy","Warlock","X2anylock","Ak47 ransomware","Seaside","Lockbit 3.0"],"communityAffectedIndustries":["Government","Manufacturing","Legal, financial, healthcare, government, municipal, real-estate, enterprise-technology, critical-in","Energy","Technology","Telecommunications","Finance"]}],"knownRansomwareCampaignUse":"Known"},{"_id":"677d51dddd322456622fed0c","cveID":"CVE-2024-41713","dateAdded":"2025-01-07","dueDate":"2025-01-28","notes":"https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029 ; https://nvd.nist.gov/vuln/detail/CVE-2024-41713 ","product":"MiCollab","requiredAction":"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.","shortDescription":"Mitel MiCollab contains a path traversal vulnerability that could allow an attacker to gain unauthorized and unauthenticated access. This vulnerability can be chained with CVE-2024-55550, which allows an unauthenticated, remote attacker to read arbitrary files on the server.","vendorProject":"Mitel","vulnerabilityName":"Mitel MiCollab Path Traversal Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"CRITICAL","exploitabilityScore":3.9,"baseScore":9.1,"nvdReferences":[{"url":"https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029","source":"cve@mitre.org","tags":["Vendor Advisory"]}],"vulnStatus":"Analyzed"}],"githubPocs":["https://github.com/Sanandd/cve-2024-CVE-2024-41713","https://github.com/zxj-hub/CVE-2024-41713POC","https://github.com/amanverma-wsu/CVE-2024-41713-Scan","https://github.com/gunyakit/CVE-2024-41713-PoC-exploit"],"openThreatData":[{"adversaries":["Proton66"],"malwareFamiles":["Superblack"],"affectedIndustries":["Government","Healthcare","Retail","Manufacturing","Finance","Technology"],"communityAdversaries":["Proton66","Prospero"],"communityMalwareFamilies":["Weaxor","Superblack","Strelastealer","Xworm"],"communityAffectedIndustries":["Government","Healthcare","Retail","Manufacturing","Finance","Technology"]}],"knownRansomwareCampaignUse":"Known"},{"_id":"677d51dbdd322456622fed0b","cveID":"CVE-2024-55550","dateAdded":"2025-01-07","dueDate":"2025-01-28","notes":"https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029 ; https://nvd.nist.gov/vuln/detail/CVE-2024-55550","product":"MiCollab","requiredAction":"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.","shortDescription":"Mitel MiCollab contains a path traversal vulnerability that could allow an authenticated attacker with administrative privileges to read local files within the system due to insufficient input sanitization. This vulnerability can be chained with CVE-2024-41713, which allows an unauthenticated, remote attacker to read arbitrary files on the server.","vendorProject":"Mitel","vulnerabilityName":"Mitel MiCollab Path Traversal Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"LOW","exploitabilityScore":1.2,"baseScore":2.7,"nvdReferences":[{"url":"https://www.mitel.com/support/security-advisories","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029","source":"cve@mitre.org","tags":["Vendor Advisory"]}],"vulnStatus":"Analyzed"}],"githubPocs":[],"openThreatData":[{"adversaries":[],"malwareFamiles":[],"affectedIndustries":[],"communityAdversaries":[],"communityMalwareFamilies":[],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Known"},{"_id":"6761a259a650a914a44102dd","cveID":"CVE-2024-55956","dateAdded":"2024-12-17","dueDate":"2025-01-07","notes":"https://support.cleo.com/hc/en-us/articles/28408134019735-Cleo-Product-Security-Update-CVE-2024-55956 ; https://nvd.nist.gov/vuln/detail/CVE-2024-55956","product":"Multiple Products","requiredAction":"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.","shortDescription":"Cleo Harmony, VLTrader, and LexiCom, which are managed file transfer products, contain an unrestricted file upload vulnerability that could allow an unauthenticated user to import and execute arbitrary bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory.","vendorProject":"Cleo","vulnerabilityName":"Cleo Multiple Products Unauthenticated File Upload Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"CRITICAL","exploitabilityScore":3.9,"baseScore":9.8,"nvdReferences":[{"url":"https://support.cleo.com/hc/en-us/articles/28408134019735-Cleo-Product-Security-Advisory-CVE-Pending","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://support.cleo.com/hc/en-us/articles/28408134019735-Cleo-Product-Security-Update","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}],"vulnStatus":"Analyzed"}],"githubPocs":[],"openThreatData":[{"adversaries":["Clop"],"malwareFamiles":["Cyclops blink - s0687","Cobalt strike"],"affectedIndustries":["Government","Finance"],"communityAdversaries":["Mamba 2FA","APT10","Clop"],"communityMalwareFamilies":["Clop","Play ransomware","Cyclops blink - s0687","Mamba 2fa","Medusa ransomware","Bianlian","Threat","Ransomhub","Strifewater","Noopdoor","Lemurloot","Dewmode"],"communityAffectedIndustries":["Health care and social assistance","Financial services","Finance and insurance","Critical infrastructure","Construction","Information","Transportation and warehousing","Banking","Government","Manufacturing","Finance","Professional, scientific, and technical services"]}],"knownRansomwareCampaignUse":"Known"},{"_id":"675c9499e8c14ca971197880","cveID":"CVE-2024-50623","dateAdded":"2024-12-13","dueDate":"2025-01-03","notes":"https://support.cleo.com/hc/en-us/articles/28408134019735-Cleo-Product-Security-Update ; https://nvd.nist.gov/vuln/detail/CVE-2024-50623","product":"Multiple Products","requiredAction":"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.","shortDescription":"Cleo Harmony, VLTrader, and LexiCom, which are managed file transfer products, contain an unrestricted file upload and download vulnerability that can lead to remote code execution with elevated privileges.","vendorProject":"Cleo","vulnerabilityName":"Cleo Multiple Products Unrestricted File Upload Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"CRITICAL","exploitabilityScore":3.9,"baseScore":9.8,"nvdReferences":[{"url":"https://support.cleo.com/hc/en-us/articles/27140294267799-Cleo-Product-Security-Advisory","source":"cve@mitre.org","tags":["Vendor Advisory"]}],"vulnStatus":"Analyzed"}],"githubPocs":["https://github.com/watchtowrlabs/CVE-2024-50623","https://github.com/verylazytech/CVE-2024-50623","https://github.com/iSee857/Cleo-CVE-2024-50623-PoC"],"openThreatData":[{"adversaries":["Cl0p","Termite","Clop"],"malwareFamiles":["Cl0p","Cobalt strike","Termite","Cyclops blink - s0687"],"affectedIndustries":["Finance","Manufacturing","Transportation","Government","Retail"],"communityAdversaries":["Cl0p","Lazarus","Mamba 2FA","Clop"],"communityMalwareFamilies":["Ransomhub","Cryptomix","Clop","Medusa ransomware","Mamba 2fa","Cyclops blink - s0687","Termite","Bianlian","Cl0p","Play ransomware","Acsii"],"communityAffectedIndustries":["Automotive","Financial","Oil and gas","Logistics","Retail","Shipping","Transportation","Construction","Healthcare","Finance and insurance","Health care and social assistance","Finance","Education","Manufacturing","Transportation and warehousing","Food","Information","Government","Energy","Telecommunications","Professional, scientific, and technical services"]}],"knownRansomwareCampaignUse":"Known"},{"_id":"67507ed9bc6354068a1b7817","cveID":"CVE-2024-51378","dateAdded":"2024-12-04","dueDate":"2024-12-25","notes":"https://cyberpanel.net/KnowledgeBase/home/change-logs/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-51378","product":"CyberPanel","requiredAction":"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.","shortDescription":"CyberPanel contains an incorrect default permissions vulnerability that allows for authentication bypass and the execution of arbitrary commands using shell metacharacters in the statusfile property.","vendorProject":"CyberPersons","vulnerabilityName":"CyberPanel Incorrect Default Permissions Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"CRITICAL","exploitabilityScore":3.9,"baseScore":10.0,"nvdReferences":[{"url":"https://cwe.mitre.org/data/definitions/420.html","source":"cve@mitre.org","tags":["Technical Description"]},{"url":"https://cwe.mitre.org/data/definitions/78.html","source":"cve@mitre.org","tags":["Technical Description"]},{"url":"https://cyberpanel.net/KnowledgeBase/home/change-logs/","source":"cve@mitre.org","tags":["Release Notes"]},{"url":"https://cyberpanel.net/blog/detials-and-fix-of-recent-security-issue-and-patch-of-cyberpanel","source":"cve@mitre.org","tags":["Product"]},{"url":"https://github.com/usmannasir/cyberpanel/commit/1c0c6cbcf71abe573da0b5fddfb9603e7477f683","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://refr4g.github.io/posts/cyberpanel-command-injection-vulnerability/","source":"cve@mitre.org","tags":["Exploit"]},{"url":"https://www.bleepingcomputer.com/news/security/massive-psaux-ransomware-attack-targets-22-000-cyberpanel-instances/","source":"cve@mitre.org","tags":["Exploit","Press/Media Coverage"]}],"vulnStatus":"Analyzed"}],"githubPocs":["https://github.com/refr4g/CVE-2024-51378","https://github.com/i0x29A/CVE-2024-51378","https://github.com/rimbadirgantara/CVE-2024-51378"],"openThreatData":[{"adversaries":["Earth Lamia"],"malwareFamiles":["Brute ratel","Bypassboss","Cobalt strike - s0154","Vshell","Pulsepack"],"affectedIndustries":["Transportation","Retail","Government","Finance","Education","Technology"],"communityAdversaries":["Earth Lamia"],"communityMalwareFamilies":["Brute ratel","Bypassboss","Cobalt strike - s0154","Vshell","Pulsepack"],"communityAffectedIndustries":["Transportation","Retail","Government","Finance","Education","Technology"]}],"knownRansomwareCampaignUse":"Known"},{"_id":"674f2d596d20d645a3ff730b","cveID":"CVE-2024-11667","dateAdded":"2024-12-03","dueDate":"2024-12-24","notes":"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-protecting-against-recent-firewall-threats-11-21-2024 ; https://nvd.nist.gov/vuln/detail/CVE-2024-11667","product":"Multiple Firewalls","requiredAction":"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.","shortDescription":"Multiple Zyxel firewalls contain a path traversal vulnerability in the web management interface that could allow an attacker to download or upload files via a crafted URL.","vendorProject":"Zyxel","vulnerabilityName":"Zyxel Multiple Firewalls Path Traversal Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"HIGH","exploitabilityScore":3.9,"baseScore":7.5,"nvdReferences":[{"url":"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-protecting-against-recent-firewall-threats-11-27-2024","source":"security@zyxel.com.tw","tags":["Vendor Advisory"]}],"vulnStatus":"Analyzed"}],"githubPocs":[],"openThreatData":[{"adversaries":[],"malwareFamiles":[],"affectedIndustries":[],"communityAdversaries":[],"communityMalwareFamilies":["Helldown"],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Known"},{"_id":"6744a159e37ec86f3bc52d34","cveID":"CVE-2023-28461","dateAdded":"2024-11-25","dueDate":"2024-12-16","notes":"https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_Remote_Code_Execution_Vulnerability_AG.pdf ; https://nvd.nist.gov/vuln/detail/CVE-2023-28461","product":"AG/vxAG ArrayOS","requiredAction":"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.","shortDescription":"Array Networks AG and vxAG ArrayOS contains an improper authentication vulnerability that allows an attacker to read local files and execute code on the SSL VPN gateway.","vendorProject":"Array Networks ","vulnerabilityName":"Array Networks AG and vxAG ArrayOS Improper Authentication Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"CRITICAL","exploitabilityScore":3.9,"baseScore":9.8,"nvdReferences":[{"url":"https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_Remote_Code_Execution_Vulnerability_AG.pdf","source":"cve@mitre.org","tags":["Mitigation","Vendor Advisory"]},{"url":"https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_Remote_Code_Execution_Vulnerability_AG.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]}],"vulnStatus":"Modified"}],"githubPocs":[],"openThreatData":[{"adversaries":["Earth Kasha"],"malwareFamiles":["Mirrorstealer","Lodeinfo","Noopdoor","Cobalt strike - s0154"],"affectedIndustries":["Government","Manufacturing","Technology","Defense"],"communityAdversaries":["Threat","Earth Kasha"],"communityMalwareFamilies":["Noopdoor","Mirrorstealer","Cobalt strike","Lodeinfo","Cobalt strike - s0154","Threat","Downjpit"],"communityAffectedIndustries":["Manufacturing","Critical infrastructure","Technology","Government","Industrial","Defense"]}],"knownRansomwareCampaignUse":"Known"},{"_id":"673b9f1b649d65111d589d2b","cveID":"CVE-2024-0012","dateAdded":"2024-11-18","dueDate":"2024-12-09","notes":"https://security.paloaltonetworks.com/CVE-2024-0012 ; https://nvd.nist.gov/vuln/detail/CVE-2024-0012","product":"PAN-OS","requiredAction":"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, management interface for affected devices should not be exposed to untrusted networks, including the internet.","shortDescription":"Palo Alto Networks PAN-OS contains an authentication bypass vulnerability in the web-based management interface for several PAN-OS products, including firewalls and VPN concentrators.","vendorProject":"Palo Alto Networks","vulnerabilityName":"Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"CRITICAL","exploitabilityScore":3.9,"baseScore":9.8,"nvdReferences":[{"url":"https://security.paloaltonetworks.com/CVE-2024-0012","source":"psirt@paloaltonetworks.com","tags":["Vendor Advisory"]}],"vulnStatus":"Analyzed"}],"githubPocs":["https://github.com/iSee857/CVE-2024-0012-poc","https://github.com/VegetableLasagne/CVE-2024-0012","https://github.com/greaselovely/CVE-2024-0012","https://github.com/Sachinart/CVE-2024-0012-POC","https://github.com/XiaomingX/cve-2024-0012-poc","https://github.com/0xjessie21/CVE-2024-0012","https://github.com/TalatumLabs/CVE-2024-0012_CVE-2024-9474_PoC","https://github.com/dcollaoa/cve-2024-0012-gui-poc","https://github.com/Regent8SH/PanOsExploitMultitool","https://github.com/Gr-1m/cve-2024-0012-poc"],"openThreatData":[{"adversaries":["Howling Scorpius"],"malwareFamiles":["Akira - s1129","Bustleberm","Xmrig","Frostygoop","Linuxsys","Megazord"],"affectedIndustries":["Technology","Pharmaceuticals","Energy","Manufacturing","Consulting","Finance","Government","Education","Telecommunications"],"communityAdversaries":["APT34","Scorpius","Yellow Liderc, APT34, Void Manticore"],"communityMalwareFamilies":["Lockbit","Xmrig","Mgbot","Velvet ant","Stealhook","Akira","Akira_v2","Linuxsys","Windows","Daggerfly","Cobalt strike","Plugx","Quadagent","Megazord","Esxi","Ra world"],"communityAffectedIndustries":["Pharmaceuticals","Consulting","Retail","Manufacturing","Wholesale","Construction","Finance","Legal","Education","Critical geopolitical","Foreign","Technology","Legal, financial, healthcare, government, municipal, real-estate, enterprise-technology, critical-in","Government","Critical infrastructure","Oil","Telecoms","Energy","Social engineering","Telecommunications"]}],"knownRansomwareCampaignUse":"Known"}]}