CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2025-31161(1)	High	87.3%	CrushFTPCrushFTP	CrushFTP contains an authentication bypass vulnerability in the HTTP authorization header that allows a remote unauthenticated attacker to authenticate to any known or guessable user account (e.g., crushadmin), potentially leading to a full compromise.	Apr 7, 2025	KEV
CVE-2025-22457	High	53.7%	IvantiConnect Secure, Policy Secure, and ZTA Gateways	Ivanti Connect Secure, Policy Secure, and ZTA Gateways contains a stack-based buffer overflow vulnerability that allows a remote unauthenticated attacker to achieve remote code execution.	Apr 4, 2025	KEV
CVE-2025-24813	High	94.2%	ApacheTomcat	Apache Tomcat contains a path equivalence vulnerability that allows a remote attacker to execute code, disclose information, or inject malicious content via a partial PUT request.	Apr 1, 2025	KEV
CVE-2024-20439	High	86.3%	CiscoSmart Licensing Utility	Cisco Smart Licensing Utility contains a static credential vulnerability that allows an unauthenticated, remote attacker to log in to an affected system and gain administrative credentials.	Mar 31, 2025	KEV
CVE-2025-2783	High	36.3%	GoogleChromium Mojo	Google Chromium Mojo on Windows contains a sandbox escape vulnerability caused by a logic error, which results from an incorrect handle being provided in unspecified circumstances. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Mar 27, 2025	KEV
CVE-2019-9875	High	24.8%	SitecoreCMS and Experience Platform (XP)	Sitecore CMS and Experience Platform (XP) contain a deserialization vulnerability in the Sitecore.Security.AntiCSRF module that allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter __CSRFTOKEN.	Mar 26, 2025	KEV
CVE-2019-9874	High	79.9%	SitecoreCMS and Experience Platform (XP)	Sitecore CMS and Experience Platform (XP) contain a deserialization vulnerability in the Sitecore.Security.AntiCSRF module that allows an unauthenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter __CSRFTOKEN.	Mar 26, 2025	KEV
CVE-2025-30154	High	15.4%	reviewdogaction-setup GitHub Action	reviewdog action-setup GitHub Action contains an embedded malicious code vulnerability that dumps exposed secrets to Github Actions Workflow Logs.	Mar 24, 2025	KEV
CVE-2025-1316	High	84.9%	EdimaxIC-7100 IP Camera	Edimax IC-7100 IP camera contains an OS command injection vulnerability due to improper input sanitization that allows an attacker to achieve remote code execution via specially crafted requests. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.	Mar 19, 2025	KEV
CVE-2024-48248	High	94.0%	NAKIVOBackup and Replication	NAKIVO Backup and Replication contains an absolute path traversal vulnerability that enables an attacker to read arbitrary files.	Mar 19, 2025	KEV
CVE-2017-12637	High	93.2%	SAPNetWeaver	SAP NetWeaver Application Server (AS) Java contains a directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS that allows a remote attacker to read arbitrary files via a .. (dot dot) in the query string.	Mar 19, 2025	KEV
CVE-2025-24472	High	5.9%	FortinetFortiOS and FortiProxy	Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that allows a remote attacker to gain super-admin privileges via crafted CSF proxy requests.	Mar 18, 2025	KEV
CVE-2025-30066	High	86.6%	tj-actionschanged-files GitHub Action	tj-actions/changed-files GitHub Action contains an embedded malicious code vulnerability that allows a remote attacker to discover secrets by reading Github Actions Workflow Logs. These secrets may include, but are not limited to, valid AWS access keys, GitHub personal access tokens (PATs), npm tokens, and private RSA keys.	Mar 18, 2025	KEV
CVE-2025-21590	High	0.9%	JuniperJunos OS	Juniper Junos OS contains an improper isolation or compartmentalization vulnerability. This vulnerability could allows a local attacker with high privileges to inject arbitrary code.	Mar 13, 2025	KEV
CVE-2025-24201	High	0.1%	AppleMultiple Products	Apple iOS, iPadOS, macOS, and other Apple products contain an out-of-bounds write vulnerability in WebKit that may allow maliciously crafted web content to break out of Web Content sandbox. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.	Mar 13, 2025	KEV
CVE-2025-24984	High	5.0%	MicrosoftWindows	Microsoft Windows New Technology File System (NTFS) contains an insertion of sensitive Information into log file vulnerability that allows an unauthorized attacker to disclose information with a physical attack. An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.	Mar 11, 2025	KEV
CVE-2025-24985	High	1.1%	MicrosoftWindows	Microsoft Windows Fast FAT File System Driver contains an integer overflow or wraparound vulnerability that allows an unauthorized attacker to execute code locally.	Mar 11, 2025	KEV
CVE-2025-24983	High	0.7%	MicrosoftWindows	Microsoft Windows Win32 Kernel Subsystem contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.	Mar 11, 2025	KEV
CVE-2025-24991	High	0.7%	MicrosoftWindows	Microsoft Windows New Technology File System (NTFS) contains an out-of-bounds read vulnerability that allows an authorized attacker to disclose information locally.	Mar 11, 2025	KEV
CVE-2025-24993	High	1.5%	MicrosoftWindows	Microsoft Windows New Technology File System (NTFS) contains a heap-based buffer overflow vulnerability that allows an unauthorized attacker to execute code locally.	Mar 11, 2025	KEV

CVE-2025-31161KEV

High

CrushFTP contains an authentication bypass vulnerability in the HTTP authorization header that allows a remote unauthenticated attacker to authenticate to any known or guessable user account (e.g., crushadmin), potentially leading to a full compromise.

CrushFTPEPSS 87.3%

CVE-2025-22457KEV

High

Ivanti Connect Secure, Policy Secure, and ZTA Gateways contains a stack-based buffer overflow vulnerability that allows a remote unauthenticated attacker to achieve remote code execution.

IvantiEPSS 53.7%

CVE-2025-24813KEV

High

Apache Tomcat contains a path equivalence vulnerability that allows a remote attacker to execute code, disclose information, or inject malicious content via a partial PUT request.

ApacheEPSS 94.2%

CVE-2024-20439KEV

High

Cisco Smart Licensing Utility contains a static credential vulnerability that allows an unauthenticated, remote attacker to log in to an affected system and gain administrative credentials.

CiscoEPSS 86.3%

CVE-2025-2783KEV

High

Google Chromium Mojo on Windows contains a sandbox escape vulnerability caused by a logic error, which results from an incorrect handle being provided in unspecified circumstances. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 36.3%

CVE-2019-9875KEV

High

Sitecore CMS and Experience Platform (XP) contain a deserialization vulnerability in the Sitecore.Security.AntiCSRF module that allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter __CSRFTOKEN.

SitecoreEPSS 24.8%

CVE-2019-9874KEV

High

Sitecore CMS and Experience Platform (XP) contain a deserialization vulnerability in the Sitecore.Security.AntiCSRF module that allows an unauthenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter __CSRFTOKEN.

SitecoreEPSS 79.9%

CVE-2025-30154KEV

High

reviewdog action-setup GitHub Action contains an embedded malicious code vulnerability that dumps exposed secrets to Github Actions Workflow Logs.

reviewdogEPSS 15.4%

CVE-2025-1316KEV

High

Edimax IC-7100 IP camera contains an OS command injection vulnerability due to improper input sanitization that allows an attacker to achieve remote code execution via specially crafted requests. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

EdimaxEPSS 84.9%

CVE-2024-48248KEV

High

NAKIVO Backup and Replication contains an absolute path traversal vulnerability that enables an attacker to read arbitrary files.

NAKIVOEPSS 94.0%

CVE-2017-12637KEV

High

SAP NetWeaver Application Server (AS) Java contains a directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS that allows a remote attacker to read arbitrary files via a .. (dot dot) in the query string.

SAPEPSS 93.2%

CVE-2025-24472KEV

High

Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that allows a remote attacker to gain super-admin privileges via crafted CSF proxy requests.

FortinetEPSS 5.9%

CVE-2025-30066KEV

High

tj-actions/changed-files GitHub Action contains an embedded malicious code vulnerability that allows a remote attacker to discover secrets by reading Github Actions Workflow Logs. These secrets may include, but are not limited to, valid AWS access keys, GitHub personal access tokens (PATs), npm tokens, and private RSA keys.

tj-actionsEPSS 86.6%

CVE-2025-21590KEV

High

Juniper Junos OS contains an improper isolation or compartmentalization vulnerability. This vulnerability could allows a local attacker with high privileges to inject arbitrary code.

JuniperEPSS 0.9%

CVE-2025-24201KEV

High

Apple iOS, iPadOS, macOS, and other Apple products contain an out-of-bounds write vulnerability in WebKit that may allow maliciously crafted web content to break out of Web Content sandbox. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

AppleEPSS 0.1%

CVE-2025-24984KEV

High

Microsoft Windows New Technology File System (NTFS) contains an insertion of sensitive Information into log file vulnerability that allows an unauthorized attacker to disclose information with a physical attack. An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.

MicrosoftEPSS 5.0%

CVE-2025-24985KEV

High

Microsoft Windows Fast FAT File System Driver contains an integer overflow or wraparound vulnerability that allows an unauthorized attacker to execute code locally.

MicrosoftEPSS 1.1%

CVE-2025-24983KEV

High

Microsoft Windows Win32 Kernel Subsystem contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.

MicrosoftEPSS 0.7%

CVE-2025-24991KEV

High

Microsoft Windows New Technology File System (NTFS) contains an out-of-bounds read vulnerability that allows an authorized attacker to disclose information locally.

MicrosoftEPSS 0.7%

CVE-2025-24993KEV

High

Microsoft Windows New Technology File System (NTFS) contains a heap-based buffer overflow vulnerability that allows an unauthorized attacker to execute code locally.

MicrosoftEPSS 1.5%

44 45 46 47 48 49 50