Security Vulnerabilities - Known exploited
CVE-2025-48928
The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025.
Known exploited
CVSS Score
4.0
EPSS Score
0.099
Published
2025-05-28
CVE-2025-48927
The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025.
Known exploited
CVSS Score
5.3
EPSS Score
0.14
Published
2025-05-28
CVE-2025-32709
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Known exploited
CVSS Score
7.8
EPSS Score
0.043
Published
2025-05-13
CVE-2025-32706
Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
Known exploited
CVSS Score
7.8
EPSS Score
0.137
Published
2025-05-13
CVE-2025-30397
Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.
Known exploited
CVSS Score
7.5
EPSS Score
0.205
Published
2025-05-13
CVE-2025-30400
Use after free in Windows DWM allows an authorized attacker to elevate privileges locally.
Known exploited
CVSS Score
7.8
EPSS Score
0.043
Published
2025-05-13
CVE-2025-32701
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
Known exploited
CVSS Score
7.8
EPSS Score
0.048
Published
2025-05-13
CVE-2025-4427
An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.
Known exploited
CVSS Score
5.3
EPSS Score
0.835
Published
2025-05-13
CVE-2025-4428
Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests.
Known exploited
CVSS Score
7.2
EPSS Score
0.202
Published
2025-05-13
CVE-2025-32756
A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiVoice versions 7.2.0, 7.0.0 through 7.0.6, 6.4.0 through 6.4.10, FortiRecorder versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.5, 6.4.0 through 6.4.5, FortiMail versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.4, 7.2.0 through 7.2.7, 7.0.0 through 7.0.8, FortiNDR versions 7.6.0, 7.4.0 through 7.4.7, 7.2.0 through 7.2.4, 7.0.0 through 7.0.6, FortiCamera versions 2.1.0 through 2.1.3, 2.0 all versions, 1.1 all versions, allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie.
Known exploited
CVSS Score
9.8
EPSS Score
0.111
Published
2025-05-13