Security Vulnerabilities - Known exploited
CVE-2025-30154
reviewdog/action-setup is a GitHub action that installs reviewdog. reviewdog/action-setup@v1 was compromised March 11, 2025, between 18:42 and 20:31 UTC, with malicious code added that dumps exposed secrets to Github Actions Workflow Logs. Other reviewdog actions that use `reviewdog/action-setup@v1` that would also be compromised, regardless of version or pinning method, are reviewdog/action-shellcheck, reviewdog/action-composite-template, reviewdog/action-staticcheck, reviewdog/action-ast-grep, and reviewdog/action-typos.
Known exploited
CVSS Score
8.6
EPSS Score
0.442
Published
2025-03-19
CVE-2025-30066
tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. (The tags v1 through v45.0.7 were affected on 2025-03-14 and 2025-03-15 because they were modified by a threat actor to point at commit 0e58ed8, which contained malicious updateFeatures code.)
Known exploited
CVSS Score
8.6
EPSS Score
0.454
Published
2025-03-15
CVE-2025-21590
An Improper Isolation or Compartmentalization vulnerability in the kernel of Juniper Networks Junos OS allows a local attacker with high privileges to compromise the integrity of the device.
A local attacker with access to the shell is able to inject arbitrary code which can compromise an affected device.
This issue is not exploitable from the Junos CLI.
This issue affects Junos OS:
* All versions before 21.2R3-S9,
* 21.4 versions before 21.4R3-S10,
* 22.2 versions before 22.2R3-S6,
* 22.4 versions before 22.4R3-S6,
* 23.2 versions before 23.2R2-S3,
* 23.4 versions before 23.4R2-S4,
* 24.2 versions before 24.2R1-S2, 24.2R2.
Known exploited
CVSS Score
4.4
EPSS Score
0.01
Published
2025-03-12
CVE-2025-24201
An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in visionOS 2.3.2, iOS 18.3.2 and iPadOS 18.3.2, macOS Sequoia 15.3.2, Safari 18.3.1, watchOS 11.4, iPadOS 17.7.6, iOS 16.7.11 and iPadOS 16.7.11, iOS 15.8.4 and iPadOS 15.8.4. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.).
Known exploited
CVSS Score
8.8
EPSS Score
0.001
Published
2025-03-11
CVE-2025-26633
Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.
Known exploited
CVSS Score
7.0
EPSS Score
0.027
Published
2025-03-11
CVE-2025-24991
Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally.
Known exploited
CVSS Score
5.5
EPSS Score
0.038
Published
2025-03-11
CVE-2025-24993
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
Known exploited
CVSS Score
7.8
EPSS Score
0.046
Published
2025-03-11
CVE-2025-24984
Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack.
Known exploited
CVSS Score
4.6
EPSS Score
0.238
Published
2025-03-11
CVE-2025-24985
Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally.
Known exploited
CVSS Score
7.8
EPSS Score
0.021
Published
2025-03-11
CVE-2025-24983
Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.
Known exploited
CVSS Score
7.0
EPSS Score
0.017
Published
2025-03-11