Lucene search
K

395 matches found

GithubExploit
GithubExploit
added 2025/12/31 3:37 p.m.192 views

Exploit for CVE-2025-14847

CVE-2025-14847 MongoBleed MongoDB zlib Compression Memory...

8.7CVSS7AI score0.83007EPSS
Exploits39
CISA
CISA
added 2025/12/29 12:0 p.m.11 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-14847link is external MongoDB and MongoDB Server Improper Handling of Length Parameter Inconsistency Vulnerability This type of vulnerability is a frequent...

8.7CVSS6.9AI score0.83007EPSS
In wildExploits39References6
The Hacker News
The Hacker News
added 2025/12/29 9:46 a.m.19 views

MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide

A recently disclosed security vulnerability in MongoDB has come under active exploitation in the wild, with over 87,000 potentially susceptible instances identified across the world. The vulnerability in question is CVE-2025-14847 CVSS score: 8.7, which allows an unauthenticated attacker to...

8.7CVSS7.1AI score0.83007EPSS
Exploits39
CISA
CISA
added 2025/12/22 12:0 p.m.19 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2023-52163link is external Digiever DS-2105 Pro Missing Authorization Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber...

8.8CVSS6.9AI score0.96434EPSS
In wildExploits1References6
The Hacker News
The Hacker News
added 2025/12/18 5:1 a.m.5 views

CISA Flags Critical ASUS Live Update Flaw After Evidence of Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Wednesday added a critical flaw impacting ASUS Live Update to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2025-59374 CVSS score: 9.3, has been described...

9.8CVSS7AI score0.01084EPSS
Exploits0
The Hacker News
The Hacker News
added 2025/12/17 6:17 p.m.10 views

SonicWall Fixes Actively Exploited CVE-2025-40602 in SMA 100 Appliances

SonicWall has rolled out fixes to address a security flaw in Secure Mobile Access SMA 100 series appliances that it said has been actively exploited in the wild. The vulnerability, tracked as CVE-2025-40602 CVSS score: 6.6, concerns a case of local privilege escalation that arises as a result of...

9.8CVSS8.6AI score0.23432EPSS
Exploits1
Qualys Blog
Qualys Blog
added 2025/12/11 7:41 a.m.17 views

React2Shell: Decoding CVE-2025-55182 – The Silent Threat in React Server Components

On December 3, 2025, a critical remote code execution RCE vulnerability, dubbed "React2Shell," was disclosed, impacting React Server Components and frameworks like Next.js. The flaw, CVE-2025-55182, could lead to full server takeover and is rated CVSS 10.0. It is under active exploitation, has be...

10CVSS8.3AI score0.99562EPSS
Exploits388
The Hacker News
The Hacker News
added 2025/12/11 7:9 a.m.31 views

Chrome Targeted by Active In-the-Wild Exploit Tied to Undisclosed High-Severity Flaw

Google on Wednesday shipped security updates for its Chrome browser to address three security flaws, including one it said has come under active exploitation in the wild. The vulnerability, rated high in severity, is being tracked under the Chromium issue tracker ID "466192044." Unlike other...

9.8CVSS8.2AI score0.22359EPSS
Exploits26
The Hacker News
The Hacker News
added 2025/12/10 11:54 a.m.20 views

Warning: WinRAR Vulnerability CVE-2025-6218 Under Active Attack by Multiple Threat Groups

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added a security flaw impacting the WinRAR file archiver and compression utility to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2025-6218 CVSS...

8.8CVSS8AI score0.86192EPSS
Exploits43
CISA
CISA
added 2025/12/03 12:0 p.m.11 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2021-26828link is external OpenPLC ScadaBR Unrestricted Upload of File with Dangerous Type Vulnerability This type of vulnerability is a frequent attack vector fo...

8.8CVSS8.9AI score0.39096EPSS
In wildExploits8References6
CISA
CISA
added 2025/11/28 12:0 p.m.8 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2021-26829link is external OpenPLC ScadaBR Cross-site Scripting Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors an...

5.4CVSS6.6AI score0.4805EPSS
In wildExploits1References6
The Hacker News
The Hacker News
added 2025/11/22 6:45 a.m.15 views

CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Friday added a critical security flaw impacting Oracle Identity Manager to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2025-61757 CVSS score: 9.8, a...

9.8CVSS8.5AI score0.88312EPSS
Exploits1
CISA
CISA
added 2025/11/21 12:0 p.m.11 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-61757link is external Oracle Fusion Middleware Missing Authentication for Critical Function Vulnerability This type of vulnerability is a frequent attack...

9.8CVSS6.8AI score0.88312EPSS
In wildExploits1References6
Malwarebytes
Malwarebytes
added 2025/11/18 6:9 p.m.8 views

Chrome zero-day under active attack: visiting the wrong site could hijack your browser

Google has released an update for its Chrome browser that includes two security fixes. Both are classified as high severity, and one is reportedly exploited in the wild. These flaws were found in Chrome’s V8 engine, which is the part of Chrome and other Chromium-based browsers that runs JavaScrip...

8.8CVSS7.8AI score0.04835EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.4 views

PT-2025-47361

Name of the Vulnerable Software and Affected Versions Fortinet FortiWeb versions 7.0.0 through 8.0.1 Fortinet FortiWeb versions 7.2.0 through 7.2.11 Fortinet FortiWeb versions 7.4.0 through 7.4.10 Fortinet FortiWeb versions 7.6.0 through 7.6.5 Description Fortinet FortiWeb is affected by an...

9CVSS6.3AI score0.5511EPSS
Exploits9References120
Qualys Blog
Qualys Blog
added 2025/11/15 12:1 a.m.13 views

Unauthenticated Authentication Bypass in Fortinet FortiWeb (CVE-2025-64446) Exploited in the Wild

A critical authentication bypass vulnerability affecting Fortinet FortiWeb web application firewalls has been actively exploited since early October 2025. The vulnerability allows unauthenticated attackers to create admin accounts and gain complete control over vulnerable devices exposed to the...

9.8CVSS7.4AI score0.89177EPSS
Exploits17
The Hacker News
The Hacker News
added 2025/11/12 10:21 a.m.13 views

Microsoft Fixes 63 Security Flaws, Including a Windows Kernel Zero-Day Under Active Attack

Microsoft on Tuesday released patches for 63 new security vulnerabilities identified in its software, including one that has come under active exploitation in the wild. Of the 63 flaws, four are rated Critical and 59 are rated Important in severity. Twenty-nine of these vulnerabilities are relate...

9.8CVSS6.8AI score0.06073EPSS
Exploits6
Positive Technologies
Positive Technologies
added 2025/11/08 12:0 a.m.4 views

PT-2025-45568

Actively exploited CVE : CVE-2025-50287...

7AI score
Exploits0References1
The Hacker News
The Hacker News
added 2025/11/05 6:12 a.m.10 views

CISA Adds Gladinet and CWP Flaws to KEV Catalog Amid Active Exploitation Evidence

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added two security flaws impacting Gladinet and Control Web Panel CWP to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation in the wild. The vulnerabilities in question are listed below ...

9.8CVSS8.9AI score0.99589EPSS
Exploits8
Positive Technologies
Positive Technologies
added 2025/10/29 12:0 a.m.9 views

PT-2025-44700

Name of the Vulnerable Software and Affected Versions Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App versions prior to 3.6.1 Description The Post SMTP plugin for WordPress has a flaw due to a missing capability check within the construct function. This allows...

9.8CVSS6.7AI score0.51507EPSS
Exploits1References26
Rows per page
Query Builder