Security Vulnerabilities - Known exploited
CVE-2025-22457
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.
Known exploited
CVSS Score
9.0
EPSS Score
0.346
Published
2025-04-03
CVE-2025-2783
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)
Known exploited
CVSS Score
8.3
EPSS Score
0.077
Published
2025-03-26
CVE-2025-30154
reviewdog/action-setup is a GitHub action that installs reviewdog. reviewdog/action-setup@v1 was compromised March 11, 2025, between 18:42 and 20:31 UTC, with malicious code added that dumps exposed secrets to Github Actions Workflow Logs. Other reviewdog actions that use `reviewdog/action-setup@v1` that would also be compromised, regardless of version or pinning method, are reviewdog/action-shellcheck, reviewdog/action-composite-template, reviewdog/action-staticcheck, reviewdog/action-ast-grep, and reviewdog/action-typos.
Known exploited
CVSS Score
8.6
EPSS Score
0.386
Published
2025-03-19
CVE-2025-30066
tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. (The tags v1 through v45.0.7 were affected on 2025-03-14 and 2025-03-15 because they were modified by a threat actor to point at commit 0e58ed8, which contained malicious updateFeatures code.)
Known exploited
CVSS Score
8.6
EPSS Score
0.65
Published
2025-03-15
CVE-2025-21590
An Improper Isolation or Compartmentalization vulnerability in the kernel of Juniper Networks Junos OS allows a local attacker with high privileges to compromise the integrity of the device.
A local attacker with access to the shell is able to inject arbitrary code which can compromise an affected device.
This issue is not exploitable from the Junos CLI.
This issue affects Junos OS:
* All versions before 21.2R3-S9,
* 21.4 versions before 21.4R3-S10,
* 22.2 versions before 22.2R3-S6,
* 22.4 versions before 22.4R3-S6,
* 23.2 versions before 23.2R2-S3,
* 23.4 versions before 23.4R2-S4,
* 24.2 versions before 24.2R1-S2, 24.2R2.
Known exploited
CVSS Score
4.4
EPSS Score
0.01
Published
2025-03-12
CVE-2025-24201
An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in visionOS 2.3.2, iOS 18.3.2 and iPadOS 18.3.2, macOS Sequoia 15.3.2, Safari 18.3.1, watchOS 11.4, iPadOS 17.7.6, iOS 16.7.11 and iPadOS 16.7.11, iOS 15.8.4 and iPadOS 15.8.4. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.).
Known exploited
CVSS Score
8.8
EPSS Score
0.001
Published
2025-03-11
CVE-2025-26633
Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.
Known exploited
CVSS Score
7.0
EPSS Score
0.049
Published
2025-03-11
CVE-2025-24991
Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally.
Known exploited
CVSS Score
5.5
EPSS Score
0.031
Published
2025-03-11
CVE-2025-24993
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
Known exploited
CVSS Score
7.8
EPSS Score
0.024
Published
2025-03-11
CVE-2025-24984
Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack.
Known exploited
CVSS Score
4.6
EPSS Score
0.187
Published
2025-03-11