Vulnerabilities
Vulnerable Software
Security Vulnerabilities - Known exploited
CVE-2025-30066
Known exploited
tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. (The tags v1 through v45.0.7 were affected on 2025-03-14 and 2025-03-15 because they were modified by a threat actor to point at commit 0e58ed8, which contained malicious updateFeatures code.)
CVSS Score
8.6
EPSS Score
0.789
Published
2025-03-15
CVE-2025-21590
Known exploited
An Improper Isolation or Compartmentalization vulnerability in the kernel of Juniper Networks Junos OS allows a local attacker with high privileges to compromise the integrity of the device. A local attacker with access to the shell is able to inject arbitrary code which can compromise an affected device. This issue is not exploitable from the Junos CLI. This issue affects Junos OS:  * All versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S10,  * 22.2 versions before 22.2R3-S6,  * 22.4 versions before 22.4R3-S6,  * 23.2 versions before 23.2R2-S3,  * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R1-S2, 24.2R2.
CVSS Score
4.4
EPSS Score
0.01
Published
2025-03-12
CVE-2025-24201
Known exploited
An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in visionOS 2.3.2, iOS 18.3.2 and iPadOS 18.3.2, macOS Sequoia 15.3.2, Safari 18.3.1, watchOS 11.4, iPadOS 17.7.6, iOS 16.7.11 and iPadOS 16.7.11, iOS 15.8.4 and iPadOS 15.8.4. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.).
CVSS Score
8.8
EPSS Score
0.001
Published
2025-03-11
CVE-2025-26633
Known exploited
Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.
CVSS Score
7.0
EPSS Score
0.074
Published
2025-03-11
CVE-2025-24991
Known exploited
Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally.
CVSS Score
5.5
EPSS Score
0.035
Published
2025-03-11
CVE-2025-24993
Known exploited
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
CVSS Score
7.8
EPSS Score
0.032
Published
2025-03-11
CVE-2025-24984
Known exploited
Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack.
CVSS Score
4.6
EPSS Score
0.194
Published
2025-03-11
CVE-2025-24985
Known exploited
Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally.
CVSS Score
7.8
EPSS Score
0.009
Published
2025-03-11
CVE-2025-24983
Known exploited
Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.
CVSS Score
7.0
EPSS Score
0.015
Published
2025-03-11
CVE-2025-24054
Known exploited
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
CVSS Score
6.5
EPSS Score
0.387
Published
2025-03-11


Contact Us

Shodan ® - All rights reserved