Security Vulnerabilities - Known exploited
CVE-2025-5777
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Known exploited
CVSS Score
7.5
EPSS Score
0.72
Published
2025-06-17
CVE-2025-43200
This issue was addressed with improved checks. This issue is fixed in watchOS 11.3.1, macOS Ventura 13.7.4, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iPadOS 17.7.5, visionOS 2.3.1, macOS Sequoia 15.3.1, iOS 18.3.1 and iPadOS 18.3.1, macOS Sonoma 14.7.4. A logic issue existed when processing a maliciously crafted photo or video shared via an iCloud Link. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
Known exploited
CVSS Score
4.2
EPSS Score
0.002
Published
2025-06-16
CVE-2025-33073
Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.
Known exploited
CVSS Score
8.8
EPSS Score
0.484
Published
2025-06-10
CVE-2025-33053
External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network.
Known exploited
CVSS Score
8.8
EPSS Score
0.347
Published
2025-06-10
CVE-2025-47827
In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image.
Known exploited
CVSS Score
4.6
EPSS Score
0.009
Published
2025-06-05
CVE-2025-21479
Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
Known exploited
CVSS Score
8.6
EPSS Score
0.001
Published
2025-06-03
CVE-2025-27038
Memory corruption while rendering graphics using Adreno GPU drivers in Chrome.
Known exploited
CVSS Score
7.5
EPSS Score
0.011
Published
2025-06-03
CVE-2025-21480
Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
Known exploited
CVSS Score
8.6
EPSS Score
0.011
Published
2025-06-03
CVE-2025-5419
Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Known exploited
CVSS Score
8.8
EPSS Score
0.014
Published
2025-06-03
CVE-2025-5086
A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code execution.
Known exploited
CVSS Score
9.0
EPSS Score
0.398
Published
2025-06-02