Vulnerabilities
Vulnerable Software
Security Vulnerabilities - Known exploited
CVE-2025-20393
Known exploited
A vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to execute arbitrary system commands on an affected device with root privileges. This vulnerability is due to insufficient validation of HTTP requests by the Spam Quarantine feature. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges.
CVSS Score
10.0
EPSS Score
0.291
Published
2025-12-17
CVE-2025-59374
Known exploited
"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that met these conditions and installed the compromised versions were affected. The Live Update client has already reached End-of-Support (EOS) in October 2021, and no currently supported devices or products are affected by this issue.
CVSS Score
9.3
EPSS Score
0.011
Published
2025-12-17
CVE-2025-37164
Known exploited
A remote code execution issue exists in HPE OneView.
CVSS Score
10.0
EPSS Score
0.897
Published
2025-12-16
CVE-2025-43520
Known exploited
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious application may be able to cause unexpected system termination or write kernel memory.
CVSS Score
5.5
EPSS Score
0.004
Published
2025-12-12
CVE-2025-43510
Known exploited
A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious application may cause unexpected changes in memory shared between processes.
CVSS Score
7.8
EPSS Score
0.004
Published
2025-12-12
CVE-2025-14611
Known exploited
Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme. This degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially crafted request without authentication. This opens the door for future exploitation and can be leveraged with previous vulnerabilities to gain a full system compromise.
CVSS Score
7.1
EPSS Score
0.509
Published
2025-12-12
CVE-2025-14174
Known exploited
Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
CVSS Score
8.8
EPSS Score
0.227
Published
2025-12-12
CVE-2025-8110
Known exploited
Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.
CVSS Score
8.7
EPSS Score
0.765
Published
2025-12-10
CVE-2025-62221
Known exploited
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.024
Published
2025-12-09
CVE-2025-59718
Known exploited
A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0.0 through 7.0.21, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.
CVSS Score
9.8
EPSS Score
0.663
Published
2025-12-09


Contact Us

Shodan ® - All rights reserved