Vulnerabilities
Vulnerable Software
Security Vulnerabilities - Known exploited
CVE-2025-61757
Known exploited
Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in takeover of Identity Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVSS Score
9.8
EPSS Score
0.883
Published
2025-10-21
CVE-2025-61932
Known exploited
Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending specially crafted packets.
CVSS Score
9.3
EPSS Score
0.027
Published
2025-10-20
CVE-2025-53521
Known exploited
When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE).   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
9.3
EPSS Score
0.022
Published
2025-10-15
CVE-2025-59287
Known exploited
Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
CVSS Score
9.8
EPSS Score
1.0
Published
2025-10-14
CVE-2025-59230
Known exploited
Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.027
Published
2025-10-14
CVE-2025-24990
Known exploited
Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update. Fax modem hardware dependent on this specific driver will no longer work on Windows. Microsoft recommends removing any existing dependencies on this hardware.
CVSS Score
7.8
EPSS Score
0.06
Published
2025-10-14
CVE-2025-61884
Known exploited
Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configurator accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
CVSS Score
7.5
EPSS Score
0.978
Published
2025-10-12
CVE-2025-11371
Known exploited
In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild.  This issue impacts Gladinet CentreStack and Triofox: All versions prior to and including 16.7.10368.56560
CVSS Score
7.5
EPSS Score
0.921
Published
2025-10-09
CVE-2025-61882
Known exploited
Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks of this vulnerability can result in takeover of Oracle Concurrent Processing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVSS Score
9.8
EPSS Score
0.997
Published
2025-10-05
CVE-2025-41244
Known exploited
VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.
CVSS Score
7.8
EPSS Score
0.079
Published
2025-09-29


Contact Us

Shodan ® - All rights reserved