CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2025-3928	High	18.1%	CommvaultWeb Server	Commvault Web Server contains an unspecified vulnerability that allows a remote, authenticated attacker to create and execute webshells.	Apr 28, 2025	KEV
CVE-2025-31200	High	1.7%	AppleMultiple Products	Apple iOS, iPadOS, macOS, and other Apple products contain a memory corruption vulnerability that allows for code execution when processing an audio stream in a maliciously crafted media file.	Apr 17, 2025	KEV
CVE-2025-24054	High	11.9%	MicrosoftWindows	Microsoft Windows NTLM contains an external control of file name or path vulnerability that allows an unauthorized attacker to perform spoofing over a network.	Apr 17, 2025	KEV
CVE-2025-31201	High	3.8%	AppleMultiple Products	Apple iOS, iPadOS, macOS, and other Apple products contain an arbitrary read and write vulnerability that allows an attacker to bypass Pointer Authentication.	Apr 17, 2025	KEV
CVE-2021-20035	High	4.0%	SonicWallSMA100 Appliances	SonicWall SMA100 appliances contain an OS command injection vulnerability in the management interface that allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user, which could potentially lead to code execution.	Apr 16, 2025	KEV
CVE-2024-53150	High	0.9%	LinuxKernel	Linux Kernel contains an out-of-bounds read vulnerability in the USB-audio driver that allows a local, privileged attacker to obtain potentially sensitive information.	Apr 9, 2025	KEV
CVE-2024-53197	High	1.5%	LinuxKernel	Linux Kernel contains an out-of-bounds access vulnerability in the USB-audio driver that allows an attacker with physical access to the system to use a malicious USB device to potentially manipulate system memory, escalate privileges, or execute arbitrary code.	Apr 9, 2025	KEV
CVE-2025-29824	High	0.4%	MicrosoftWindows	Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.	Apr 8, 2025	KEV
CVE-2025-30406	High	83.4%	GladinetCentreStack	Gladinet CentreStack and Triofox contains a use of hard-coded cryptographic key vulnerability in the way that the application manages keys used for ViewState integrity verification. Successful exploitation allows an attacker to forge ViewState payloads for server-side deserialization, allowing for remote code execution.	Apr 8, 2025	KEV
CVE-2025-31161(1)	High	87.3%	CrushFTPCrushFTP	CrushFTP contains an authentication bypass vulnerability in the HTTP authorization header that allows a remote unauthenticated attacker to authenticate to any known or guessable user account (e.g., crushadmin), potentially leading to a full compromise.	Apr 7, 2025	KEV
CVE-2025-22457	High	53.7%	IvantiConnect Secure, Policy Secure, and ZTA Gateways	Ivanti Connect Secure, Policy Secure, and ZTA Gateways contains a stack-based buffer overflow vulnerability that allows a remote unauthenticated attacker to achieve remote code execution.	Apr 4, 2025	KEV
CVE-2025-24813	High	94.2%	ApacheTomcat	Apache Tomcat contains a path equivalence vulnerability that allows a remote attacker to execute code, disclose information, or inject malicious content via a partial PUT request.	Apr 1, 2025	KEV
CVE-2024-20439	High	86.3%	CiscoSmart Licensing Utility	Cisco Smart Licensing Utility contains a static credential vulnerability that allows an unauthenticated, remote attacker to log in to an affected system and gain administrative credentials.	Mar 31, 2025	KEV
CVE-2025-2783	High	36.3%	GoogleChromium Mojo	Google Chromium Mojo on Windows contains a sandbox escape vulnerability caused by a logic error, which results from an incorrect handle being provided in unspecified circumstances. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Mar 27, 2025	KEV
CVE-2019-9875	High	24.8%	SitecoreCMS and Experience Platform (XP)	Sitecore CMS and Experience Platform (XP) contain a deserialization vulnerability in the Sitecore.Security.AntiCSRF module that allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter __CSRFTOKEN.	Mar 26, 2025	KEV
CVE-2019-9874	High	79.9%	SitecoreCMS and Experience Platform (XP)	Sitecore CMS and Experience Platform (XP) contain a deserialization vulnerability in the Sitecore.Security.AntiCSRF module that allows an unauthenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter __CSRFTOKEN.	Mar 26, 2025	KEV
CVE-2025-30154	High	15.4%	reviewdogaction-setup GitHub Action	reviewdog action-setup GitHub Action contains an embedded malicious code vulnerability that dumps exposed secrets to Github Actions Workflow Logs.	Mar 24, 2025	KEV
CVE-2025-1316	High	84.9%	EdimaxIC-7100 IP Camera	Edimax IC-7100 IP camera contains an OS command injection vulnerability due to improper input sanitization that allows an attacker to achieve remote code execution via specially crafted requests. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.	Mar 19, 2025	KEV
CVE-2024-48248	High	94.0%	NAKIVOBackup and Replication	NAKIVO Backup and Replication contains an absolute path traversal vulnerability that enables an attacker to read arbitrary files.	Mar 19, 2025	KEV
CVE-2017-12637	High	93.2%	SAPNetWeaver	SAP NetWeaver Application Server (AS) Java contains a directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS that allows a remote attacker to read arbitrary files via a .. (dot dot) in the query string.	Mar 19, 2025	KEV

CVE-2025-3928KEV

High

Commvault Web Server contains an unspecified vulnerability that allows a remote, authenticated attacker to create and execute webshells.

CommvaultEPSS 18.1%

CVE-2025-31200KEV

High

Apple iOS, iPadOS, macOS, and other Apple products contain a memory corruption vulnerability that allows for code execution when processing an audio stream in a maliciously crafted media file.

AppleEPSS 1.7%

CVE-2025-24054KEV

High

Microsoft Windows NTLM contains an external control of file name or path vulnerability that allows an unauthorized attacker to perform spoofing over a network.

MicrosoftEPSS 11.9%

CVE-2025-31201KEV

High

Apple iOS, iPadOS, macOS, and other Apple products contain an arbitrary read and write vulnerability that allows an attacker to bypass Pointer Authentication.

AppleEPSS 3.8%

CVE-2021-20035KEV

High

SonicWall SMA100 appliances contain an OS command injection vulnerability in the management interface that allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user, which could potentially lead to code execution.

SonicWallEPSS 4.0%

CVE-2024-53150KEV

High

Linux Kernel contains an out-of-bounds read vulnerability in the USB-audio driver that allows a local, privileged attacker to obtain potentially sensitive information.

LinuxEPSS 0.9%

CVE-2024-53197KEV

High

Linux Kernel contains an out-of-bounds access vulnerability in the USB-audio driver that allows an attacker with physical access to the system to use a malicious USB device to potentially manipulate system memory, escalate privileges, or execute arbitrary code.

LinuxEPSS 1.5%

CVE-2025-29824KEV

High

Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.

MicrosoftEPSS 0.4%

CVE-2025-30406KEV

High

Gladinet CentreStack and Triofox contains a use of hard-coded cryptographic key vulnerability in the way that the application manages keys used for ViewState integrity verification. Successful exploitation allows an attacker to forge ViewState payloads for server-side deserialization, allowing for remote code execution.

GladinetEPSS 83.4%

CVE-2025-31161KEV

High

CrushFTP contains an authentication bypass vulnerability in the HTTP authorization header that allows a remote unauthenticated attacker to authenticate to any known or guessable user account (e.g., crushadmin), potentially leading to a full compromise.

CrushFTPEPSS 87.3%

CVE-2025-22457KEV

High

Ivanti Connect Secure, Policy Secure, and ZTA Gateways contains a stack-based buffer overflow vulnerability that allows a remote unauthenticated attacker to achieve remote code execution.

IvantiEPSS 53.7%

CVE-2025-24813KEV

High

Apache Tomcat contains a path equivalence vulnerability that allows a remote attacker to execute code, disclose information, or inject malicious content via a partial PUT request.

ApacheEPSS 94.2%

CVE-2024-20439KEV

High

Cisco Smart Licensing Utility contains a static credential vulnerability that allows an unauthenticated, remote attacker to log in to an affected system and gain administrative credentials.

CiscoEPSS 86.3%

CVE-2025-2783KEV

High

Google Chromium Mojo on Windows contains a sandbox escape vulnerability caused by a logic error, which results from an incorrect handle being provided in unspecified circumstances. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 36.3%

CVE-2019-9875KEV

High

Sitecore CMS and Experience Platform (XP) contain a deserialization vulnerability in the Sitecore.Security.AntiCSRF module that allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter __CSRFTOKEN.

SitecoreEPSS 24.8%

CVE-2019-9874KEV

High

Sitecore CMS and Experience Platform (XP) contain a deserialization vulnerability in the Sitecore.Security.AntiCSRF module that allows an unauthenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter __CSRFTOKEN.

SitecoreEPSS 79.9%

CVE-2025-30154KEV

High

reviewdog action-setup GitHub Action contains an embedded malicious code vulnerability that dumps exposed secrets to Github Actions Workflow Logs.

reviewdogEPSS 15.4%

CVE-2025-1316KEV

High

Edimax IC-7100 IP camera contains an OS command injection vulnerability due to improper input sanitization that allows an attacker to achieve remote code execution via specially crafted requests. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

EdimaxEPSS 84.9%

CVE-2024-48248KEV

High

NAKIVO Backup and Replication contains an absolute path traversal vulnerability that enables an attacker to read arbitrary files.

NAKIVOEPSS 94.0%

CVE-2017-12637KEV

High

SAP NetWeaver Application Server (AS) Java contains a directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS that allows a remote attacker to read arbitrary files via a .. (dot dot) in the query string.

SAPEPSS 93.2%

11 12 13 14 15 16 17