Security Vulnerabilities - Known exploited
CVE-2025-0411
7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-25456.
Known exploited
CVSS Score
7.0
EPSS Score
0.524
Published
2025-01-25
CVE-2025-23006
Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands.
Known exploited
CVSS Score
9.8
EPSS Score
0.608
Published
2025-01-23
CVE-2025-23209
Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. This is an remote code execution (RCE) vulnerability that affects Craft 4 and 5 installs where your security key has already been compromised. Anyone running an unpatched version of Craft with a compromised security key is affected. This vulnerability has been patched in Craft 5.5.8 and 4.13.8. Users who cannot update to a patched version, should rotate their security keys and ensure their privacy to help migitgate the issue.
Known exploited
CVSS Score
8.0
EPSS Score
0.174
Published
2025-01-18
CVE-2024-57727
SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing various secrets and hashed user passwords.
Known exploited
CVSS Score
7.5
EPSS Score
0.94
Published
2025-01-15
CVE-2025-21333
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.821
Published
2025-01-14
CVE-2025-21334
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.066
Published
2025-01-14
CVE-2025-21335
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.087
Published
2025-01-14
CVE-2024-13159
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
Known exploited
CVSS Score
9.8
EPSS Score
0.942
Published
2025-01-14
CVE-2024-13160
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
Known exploited
CVSS Score
9.8
EPSS Score
0.935
Published
2025-01-14
CVE-2024-13161
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
Known exploited
CVSS Score
9.8
EPSS Score
0.926
Published
2025-01-14