Security Vulnerabilities - Known exploited
CVE-2025-32706
Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
Known exploited
CVSS Score
7.8
EPSS Score
0.013
Published
2025-05-13
CVE-2025-30397
Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.
Known exploited
CVSS Score
7.5
EPSS Score
0.213
Published
2025-05-13
CVE-2025-30400
Use after free in Windows DWM allows an authorized attacker to elevate privileges locally.
Known exploited
CVSS Score
7.8
EPSS Score
0.008
Published
2025-05-13
CVE-2025-32701
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
Known exploited
CVSS Score
7.8
EPSS Score
0.021
Published
2025-05-13
CVE-2025-4427
An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.
Known exploited
CVSS Score
5.3
EPSS Score
0.916
Published
2025-05-13
CVE-2025-4428
Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests.
Known exploited
CVSS Score
7.2
EPSS Score
0.48
Published
2025-05-13
CVE-2025-32756
A stack-based buffer overflow vulnerability [CWE-121] vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCamera 2.0 all versions, FortiCamera 1.1 all versions, FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.7, FortiNDR 7.2.0 through 7.2.4, FortiNDR 7.0.0 through 7.0.6, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0.0 through 7.0.5, FortiRecorder 6.4.0 through 6.4.5, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6, FortiVoice 6.4.0 through 6.4.10 allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie.
Known exploited
CVSS Score
9.8
EPSS Score
0.361
Published
2025-05-13
CVE-2025-4632
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority.
Known exploited
CVSS Score
9.8
EPSS Score
0.492
Published
2025-05-13
CVE-2025-42999
SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.
Known exploited
CVSS Score
9.1
EPSS Score
0.678
Published
2025-05-13
CVE-2025-47729
The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL (aka Archive Signal) app users, which is different functionality than described in the TeleMessage "End-to-End encryption from the mobile phone through to the corporate archive" documentation, as exploited in the wild in May 2025.
Known exploited
CVSS Score
1.9
EPSS Score
0.041
Published
2025-05-08