Cybersecurity Alerts

Actively Exploited Vulnerabilities

The vulnerabilities listed below are sourced from the CISA Known Exploited Vulnerabilities catalog and represent security flaws that are actively being exploited in the wild. This list is updated daily. If you are unsure whether your systems are affected, contact us and we will help you assess your exposure.

CVE-2024-8068
Citrix | Session Recording
Citrix Session Recording Improper Privilege Management Vulnerability
Citrix Session Recording contains an improper privilege management vulnerability that could allow for privilege escalation to NetworkService Account access. An attacker must be an authenticated user in the same Windows Active Directory domain as the session recording server domain.
Added 2025-08-25
Remediation Deadline 2025-09-15
CVE-2025-43300
Apple | iOS, iPadOS, and macOS
Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability
Apple iOS, iPadOS, and macOS contain an out-of-bounds write vulnerability in the Image I/O framework.
Added 2025-08-21
Remediation Deadline 2025-09-11
CVE-2025-54948
Trend Micro | Apex One
Trend Micro Apex One OS Command Injection Vulnerability
Trend Micro Apex One Management Console (on-premise) contains an OS command injection vulnerability that could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations.
Added 2025-08-18
Remediation Deadline 2025-09-08
CVE-2025-8876
N-able | N-Central
N-able N-Central Command Injection Vulnerability
N-able N-Central contains a command injection vulnerability via improper sanitization of user input.
Added 2025-08-13
Remediation Deadline 2025-08-20
CVE-2025-8875
N-able | N-Central
N-able N-Central Insecure Deserialization Vulnerability
N-able N-Central contains an insecure deserialization vulnerability that could lead to command execution.
Added 2025-08-13
Remediation Deadline 2025-08-20
CVE-2025-8088
RARLAB | WinRAR
RARLAB WinRAR Path Traversal Vulnerability
RARLAB WinRAR contains a path traversal vulnerability affecting the Windows version of WinRAR. This vulnerability could allow an attacker to execute arbitrary code by crafting malicious archive files.
Added 2025-08-12
Remediation Deadline 2025-09-02
CVE-2013-3893
Microsoft | Internet Explorer
Microsoft Internet Explorer Resource Management Errors Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability that allows for remote code execution. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Added 2025-08-12
Remediation Deadline 2025-09-02
CVE-2007-0671
Microsoft | Office
Microsoft Office Excel Remote Code Execution Vulnerability
Microsoft Office Excel contains a remote code execution vulnerability that can be exploited when a specially crafted Excel file is opened. This malicious file could be delivered as an email attachment or hosted on a malicious website. An attacker could leverage this vulnerability by creating a specially crafted Excel file, which, when opened, allowing an attacker to execute remote code on the affected system.
Added 2025-08-12
Remediation Deadline 2025-09-02
CVE-2022-40799
D-Link | DNR-322L
D-Link DNR-322L Download of Code Without Integrity Check Vulnerability
D-Link DNR-322L contains a download of code without integrity check vulnerability that could allow an authenticated attacker to execute OS level commands on the device. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Added 2025-08-05
Remediation Deadline 2025-08-26
CVE-2020-25079
D-Link | DCS-2530L and DCS-2670L Devices
D-Link DCS-2530L and DCS-2670L Command Injection Vulnerability
D-Link DCS-2530L and DCS-2670L devices contains a command injection vulnerability in the cgi-bin/ddns_enc.cgi. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Added 2025-08-05
Remediation Deadline 2025-08-26
CVE-2020-25078
D-Link | DCS-2530L and DCS-2670L Devices
D-Link DCS-2530L and DCS-2670L Devices Unspecified Vulnerability
D-Link DCS-2530L and DCS-2670L devices contains an unspecified vulnerability that could allow for remote administrator password disclosure. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Added 2025-08-05
Remediation Deadline 2025-08-26
CVE-2025-20337
Cisco | Identity Services Engine
Cisco Identity Services Engine Injection Vulnerability
Cisco Identity Services Engine contains an injection vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC due to insufficient validation of user-supplied input allowing an attacker to exploit this vulnerability by submitting a crafted API request. Successful exploitation could allow an attacker to perform remote code execution and obtaining root privileges on an affected device.
Added 2025-07-28
Remediation Deadline 2025-08-18
CVE-2025-20281
Cisco | Identity Services Engine
Cisco Identity Services Engine Injection Vulnerability
Cisco Identity Services Engine contains an injection vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC due to insufficient validation of user-supplied input allowing an attacker to exploit this vulnerability by submitting a crafted API request. Successful exploitation could allow an attacker to perform remote code execution and obtaining root privileges on an affected device.
Added 2025-07-28
Remediation Deadline 2025-08-18
CVE-2023-2533
PaperCut | NG/MF
PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability
PaperCut NG/MF contains a cross-site request forgery (CSRF) vulnerability, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code.
Added 2025-07-28
Remediation Deadline 2025-08-18
CVE-2025-6558
Google | Chromium
Google Chromium ANGLE and GPU Improper Input Validation Vulnerability
Google Chromium contains an improper input validation vulnerability in ANGLE and GPU. This vulnerability could allow a remote attacker to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added 2025-07-22
Remediation Deadline 2025-08-12
CVE-2025-54309
CrushFTP | CrushFTP
CrushFTP Unprotected Alternate Channel Vulnerability
CrushFTP contains an unprotected alternate channel vulnerability. When the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS.
Added 2025-07-22
Remediation Deadline 2025-08-12
CVE-2025-49706Active Ransomware Campaign
Microsoft | SharePoint
Microsoft SharePoint Improper Authentication Vulnerability
Microsoft SharePoint contains an improper authentication vulnerability that allows an authorized attacker to perform spoofing over a network. Successfully exploitation could allow an attacker to view sensitive information and make some changes to disclosed information. This vulnerability could be chained with CVE-2025-49704. CVE-2025-53771 is a patch bypass for CVE-2025-49706, and the updates for CVE-2025-53771 include more robust protection than those for CVE-2025-49706.
Added 2025-07-22
Remediation Deadline 2025-07-23
CVE-2025-49704Active Ransomware Campaign
Microsoft | SharePoint
Microsoft SharePoint Code Injection Vulnerability
Microsoft SharePoint contains a code injection vulnerability that could allow an authorized attacker to execute code over a network. This vulnerability could be chained with CVE-2025-49706. CVE-2025-53770 is a patch bypass for CVE-2025-49704, and the updates for CVE-2025-53770 include more robust protection than those for CVE-2025-49704.
Added 2025-07-22
Remediation Deadline 2025-07-23
CVE-2025-2776
SysAid | SysAid On-Prem
SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability
SysAid On-Prem contains an improper restriction of XML external entity reference vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.
Added 2025-07-22
Remediation Deadline 2025-08-12
CVE-2025-2775
SysAid | SysAid On-Prem
SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability
SysAid On-Prem contains an improper restriction of XML external entity reference vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives.
Added 2025-07-22
Remediation Deadline 2025-08-12
CVE-2025-53770Active Ransomware Campaign
Microsoft | SharePoint
Microsoft SharePoint Deserialization of Untrusted Data Vulnerability
Microsoft SharePoint Server on-premises contains a deserialization of untrusted data vulnerability that could allow an unauthorized attacker to execute code over a network. This vulnerability could be chained with CVE-2025-53771. CVE-2025-53770 is a patch bypass for CVE-2025-49704, and the updates for CVE-2025-53770 include more robust protection than those for CVE-2025-49704.
Added 2025-07-20
Remediation Deadline 2025-07-21
CVE-2025-25257
Fortinet | FortiWeb
Fortinet FortiWeb SQL Injection Vulnerability
Fortinet FortiWeb contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
Added 2025-07-18
Remediation Deadline 2025-08-08
CVE-2025-47812
Wing FTP Server | Wing FTP Server
Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability
Wing FTP Server contains an improper neutralization of null byte or NUL character vulnerability that can allow injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default).
Added 2025-07-14
Remediation Deadline 2025-08-04
CVE-2025-5777Active Ransomware Campaign
Citrix | NetScaler ADC and Gateway
Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability
Citrix NetScaler ADC and Gateway contain an out-of-bounds read vulnerability due to insufficient input validation. This vulnerability can lead to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.
Added 2025-07-10
Remediation Deadline 2025-07-11
CVE-2019-9621
Synacor | Zimbra Collaboration Suite (ZCS)
Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerability
Synacor Zimbra Collaboration Suite (ZCS) contains a server-side request forgery (SSRF) vulnerability via the ProxyServlet component.
Added 2025-07-07
Remediation Deadline 2025-07-28
CVE-2019-5418
Rails | Ruby on Rails
Rails Ruby on Rails Path Traversal Vulnerability
Rails Ruby on Rails contains a path traversal vulnerability in Action View. Specially crafted accept headers in combination with calls to `render file:` can cause arbitrary files on the target server to be rendered, disclosing the file contents.
Added 2025-07-07
Remediation Deadline 2025-07-28
CVE-2016-10033
PHP | PHPMailer
PHPMailer Command Injection Vulnerability
PHPMailer contains a command injection vulnerability because it fails to sanitize user-supplied input. Specifically, this issue affects the 'mail()' function of 'class.phpmailer.php' script. An attacker can exploit this issue to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition.
Added 2025-07-07
Remediation Deadline 2025-07-28
CVE-2014-3931
Looking Glass | Multi-Router Looking Glass (MRLG)
Multi-Router Looking Glass (MRLG) Buffer Overflow Vulnerability
Multi-Router Looking Glass (MRLG) contains a buffer overflow vulnerability that could allow remote attackers to cause an arbitrary memory write and memory corruption.
Added 2025-07-07
Remediation Deadline 2025-07-28
CVE-2025-6554
Google | Chromium V8
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 contains a type confusion vulnerability that could allow a remote attacker to perform arbitrary read/write via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added 2025-07-02
Remediation Deadline 2025-07-23
CVE-2025-48928
TeleMessage | TM SGNL
TeleMessage TM SGNL Exposure of Core Dump File to an Unauthorized Control Sphere Vulnerability
TeleMessage TM SGNL contains an exposure of core dump file to an unauthorized control sphere Vulnerability. This vulnerability is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump.
Added 2025-07-01
Remediation Deadline 2025-07-22