Report Name: pt_trend_cve_combined2025 report
Generated: 2025-12-20 01:30:35

Product Name	Prevalence	U	C	H	M	L	A	Comment
Apache HTTP Server	0.9	1					1	Apache HTTP Server is a free and open-source web server that delivers web content through the internet
Django	0.9		1				1	Django is a high-level Python web framework that encourages rapid development and clean, pragmatic design. It provides built-in tools for database models, authentication, URL routing, templates, and security features, making it one of the most widely used frameworks for building scalable and maintainable web applications.
Linux Kernel	0.9			1			1	The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
Sudo	0.9	1					1	Sudo is a widely used Unix/Linux utility that allows permitted users to execute commands with elevated (typically root) privileges while providing extensive logging and fine-grained security controls. It is a foundational component in most Linux and BSD distributions.
Windows Kernel	0.9	1					1	Windows Kernel
Windows NTLM	0.9	1					1	A suite of security protocols to authenticate users' identity and protect the integrity and confidentiality of their activity
Windows SMB Client	0.9	1					1	Windows component
Cisco ASA	0.8	2					2	Cisco Secure Firewall Adaptive Security Appliance (ASA) Software is a security platform that combines firewall, VPN, intrusion prevention, and advanced threat protection capabilities.
Microsoft DWM Core Library	0.8	1					1	Windows component
Microsoft Management Console	0.8	1					1	Microsoft Management Console (MMC) is a component of Microsoft Windows that provides system administrators and advanced users an interface for configuring and monitoring the system
Microsoft Windows File Explorer	0.8	1					1	Windows component
React Server Components	0.8	1					1	React Server Components is a React architecture feature that enables rendering components on the server, allowing efficient data fetching and reduced client-side JavaScript by streaming rendered UI to the client.
WinRAR	0.8	2					2	WinRAR is a trialware file archiver utility for Windows, developed by Eugene Roshal of win.rar GmbH
Windows Agere Modem Driver	0.8	1					1	Windows component
Windows Ancillary Function Driver for WinSock	0.8	1					1	Windows component
Windows Cloud Files Mini Filter Driver	0.8	1	1				2	Windows component
Windows Common Log File System Driver	0.8	2	1				3	Common Log File System is a general-purpose logging subsystem that is accessible to both kernel-mode as well as user-mode applications for building high-performance transaction logs
Windows Fast FAT File System Driver	0.8	1					1	Windows component
Windows Hyper-V NT Kernel Integration VSP	0.8	3					3	Windows component
Windows Lightweight Directory Access Protocol (LDAP)	0.8		1				1	Windows component
Windows NTFS	0.8	1					1	The default file system of the Windows NT family
Windows OLE	0.8		1				1	Windows component
Windows Process Activation	0.8		1				1	Windows component
Windows Remote Access Connection Manager	0.8	1					1	Windows component
Windows Server Update Service (WSUS)	0.8	1					1	Windows component
Windows Storage	0.8		1				1	Windows component
Windows Update Service	0.8		1				1	Windows component
Windows Win32 Kernel Subsystem	0.8	1					1	Windows component
Apache Tomcat	0.7	1					1	Apache Tomcat is a free and open-source implementation of the Jakarta Servlet, Jakarta Expression Language, and WebSocket technologies
ESXi	0.7	1	2				3	VMware ESXi (formerly ESX) is an enterprise-class, type-1 hypervisor developed by VMware for deploying and serving virtual computers
Kubernetes	0.7		1				1	Kubernetes is an open-source container orchestration system for automating software deployment, scaling, and management
Microsoft SharePoint	0.7	1					1	Microsoft SharePoint
XWiki Platform	0.7	1					1	XWiki offers a generic platform for developing projects and collaborative applications using the wiki paradigm
Control Web Panel	0.6	1					1	Control Web Panel (CWP), formerly known as CentOS Web Panel, is a Linux server administration interface that provides a graphical dashboard for managing web hosting environments. It includes tools for user management, file operations, service control, security configuration, and system monitoring.
MDaemon Email Server	0.6	1					1	MDaemon Email Server is an email server application with groupware functions for Microsoft Windows. MDaemon supports multiple client-side protocols, including IMAP, POP3, SMTP/MSA, webmail, CalDAV, CardDAV, and optionally ActiveSync for mobile clients and Outlook, and its Connector for Outlook add-on.
Redis	0.6		1				1	Redis is an open-source in-memory storage, used as a distributed, in-memory key–value database, cache and message broker, with optional durability
Roundcube	0.6	1					1	Roundcube is a web-based IMAP email client
expr-eval	0.6		1				1	expr-eval is a lightweight JavaScript expression parser and evaluator used to safely parse and compute mathematical expressions. It supports variables, functions, and custom operators, making it useful in applications requiring dynamic math evaluation.
7-Zip	0.5	1		2			3	7-Zip is a free and open-source file archiver, a utility used to place groups of files within compressed containers known as "archives"
FortiOS	0.5	1					1	FortiOS is Fortinet's operating system used in their hardware, such as the Fortigate firewall and switches
Internet Shortcut Files	0.5	1					1	Internet Shortcut Files
Microsoft Configuration Manager	0.5		1				1	Microsoft Configuration Manager
Microsoft SharePoint Server	0.5	1					1	Microsoft SharePoint Server
PAN-OS	0.5	1					1	PAN-OS is the software that runs all Palo Alto Networks next-generation firewalls
SAP NetWeaver	0.5	2					2	SAP NetWeaver is a software stack for many of SAP SE's applications
TrueConf Server	0.5		3				3	TrueConf Server
Windows LNK File	0.5		1				1	Windows shortcut files use the .lnk file extension and function as a virtual link that allows people to easily access other files without having to navigate through multiple folders on a Windows host
CommuniGate Pro	0.4		1				1	CommuniGate Pro is a highly scalable carrier grade unified communications server, as well as a development platform
Erlang/OTP	0.4	1					1	Erlang/OTP is a set of libraries for the Erlang programming language
Zimbra Collaboration	0.3	1	1				2	Zimbra Collaboration is a collaborative software suite that includes an email server and a web client

Vulnerability Type	Criticality	U	C	H	M	L	A
Remote Code Execution	1.0	20	9	2			31
Authentication Bypass	0.98	3	1				4
Code Injection	0.97		1				1
Security Feature Bypass	0.9	1					1
Elevation of Privilege	0.85	14	5	1			20
Arbitrary File Reading	0.83		1				1
Information Disclosure	0.83		1				1
Cross Site Scripting	0.8	2	1				3
Memory Corruption	0.5		1				1
Spoofing	0.4	2					2

Urgent (42)

1. Remote Code Execution - Apache HTTP Server (CVE-2024-38475) - Urgent [971]

Description: Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained.

2. Remote Code Execution - React Server Components (CVE-2025-55182) - Urgent [966]

Description: A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

3. Remote Code Execution - Windows Server Update Service (WSUS) (CVE-2025-59287) - Urgent [966]

Description: Windows Server Update Service (WSUS) Remote Code Execution Vulnerability

4. Remote Code Execution - Apache Tomcat (CVE-2025-24813) - Urgent [950]

Description: Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads - attacker knowledge of the names of security sensitive files being uploaded - the security sensitive files also being uploaded via partial PUT If all of the following were true, a malicious user was able to perform remote code execution: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - application was using Tomcat's file based session persistence with the default storage location - application included a library that may be leveraged in a deserialization attack Users are recommended to upgrade to version 11.0.3, 10.1.35 or 9.0.99, which fixes the issue.

5. Remote Code Execution - XWiki Platform (CVE-2025-24893) - Urgent [950]

Description: XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any guest can perform arbitrary remote code execution through a request to `SolrSearch`. This impacts the confidentiality, integrity and availability of the whole XWiki installation. To reproduce on an instance, without being logged in, go to `<host>/xwiki/bin/get/Main/SolrSearch?media=rss&text=%7D%7D%7D%7B%7Basync%20async%3Dfalse%7D%7D%7B%7Bgroovy%7D%7Dprintln%28"Hello%20from"%20%2B%20"%20search%20text%3A"%20%2B%20%2823%20%2B%2019%29%29%7B%7B%2Fgroovy%7D%7D%7B%7B%2Fasync%7D%7D%20`. If there is an output, and the title of the RSS feed contains `Hello from search text:42`, then the instance is vulnerable. This vulnerability has been patched in XWiki 15.10.11, 16.4.1 and 16.5.0RC1. Users are advised to upgrade. Users unable to upgrade may edit `Main.SolrSearchMacros` in `SolrSearchMacros.xml` on line 955 to match the `rawResponse` macro in `macros.vm#L2824` with a content type of `application/xml`, instead of simply outputting the content of the feed.

6. Elevation of Privilege - Sudo (CVE-2025-32463) - Urgent [944]

Description: Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

7. Elevation of Privilege - Windows SMB Client (CVE-2025-33073) - Urgent [944]

Description: Windows SMB Client Elevation of Privilege Vulnerability

8. Remote Code Execution - WinRAR (CVE-2025-8088) - Urgent [942]

Description: A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.

9. Remote Code Execution - Microsoft SharePoint (CVE-2025-49704) - Urgent [938]

Description: Microsoft SharePoint Remote Code Execution Vulnerability

10. Remote Code Execution - Roundcube (CVE-2025-49113) - Urgent [933]

Description: Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.

11. Remote Code Execution - WinRAR (CVE-2025-6218) - Urgent [930]

Description: RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of file paths within archive files. A crafted file path can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27198.

12. Remote Code Execution - Control Web Panel (CVE-2025-48703) - Urgent [921]

Description: CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in the t_total parameter in a filemanager changePerm request. A valid non-root username must be known.

13. Remote Code Execution - Windows Fast FAT File System Driver (CVE-2025-24985) - Urgent [919]

Description: Windows Fast FAT File System Driver Remote Code Execution Vulnerability

14. Elevation of Privilege - Windows Hyper-V NT Kernel Integration VSP (CVE-2025-21333) - Urgent [916]

Description: Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

15. Remote Code Execution - Microsoft SharePoint Server (CVE-2025-53770) - Urgent [916]

Description: Microsoft SharePoint Server Remote Code Execution Vulnerability

16. Remote Code Execution - SAP NetWeaver (CVE-2025-31324) - Urgent [916]

Description: SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.

17. Authentication Bypass - FortiOS (CVE-2024-55591) - Urgent [913]

Description: An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.

18. Elevation of Privilege - Windows Agere Modem Driver (CVE-2025-24990) - Urgent [904]

Description: Windows Agere Modem Driver Elevation of Privilege Vulnerability

19. Remote Code Execution - Internet Shortcut Files (CVE-2025-33053) - Urgent [904]

Description: Internet Shortcut Files Remote Code Execution Vulnerability

20. Remote Code Execution - SAP NetWeaver (CVE-2025-42999) - Urgent [904]

Description: SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.

21. Authentication Bypass - PAN-OS (CVE-2025-0108) - Urgent [901]

Description: An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PHP scripts does not enable remote code execution, it can negatively impact integrity and confidentiality of PAN-OS. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access software.

22. Security Feature Bypass - Microsoft Management Console (CVE-2025-26633) - Urgent [901]

Description: Microsoft Management Console Security Feature Bypass Vulnerability

23. Remote Code Execution - Erlang/OTP (CVE-2025-32433) - Urgent [899]

Description: Erlang/OTP SSH Vulnerable to Pre-Authentication RCE

24. Elevation of Privilege - Windows Kernel (CVE-2025-62215) - Urgent [897]

Description: Windows Kernel Elevation of Privilege Vulnerability

25. Elevation of Privilege - Microsoft DWM Core Library (CVE-2025-30400) - Urgent [892]

Description: Microsoft DWM Core Library Elevation of Privilege Vulnerability

26. Elevation of Privilege - Windows Cloud Files Mini Filter Driver (CVE-2025-62221) - Urgent [892]

Description: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

27. Elevation of Privilege - Windows Common Log File System Driver (CVE-2025-29824) - Urgent [892]

Description: Windows Common Log File System Driver Elevation of Privilege Vulnerability

28. Elevation of Privilege - Windows Common Log File System Driver (CVE-2025-32706) - Urgent [892]

Description: Windows Common Log File System Driver Elevation of Privilege Vulnerability

29. Remote Code Execution - 7-Zip (CVE-2025-0411) - Urgent [880]

Description: 7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-25456.

30. Elevation of Privilege - Windows Win32 Kernel Subsystem (CVE-2025-24983) - Urgent [868]

Description: Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

31. Remote Code Execution - Cisco ASA (CVE-2025-20333) - Urgent [853]

Description: A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An attacker with valid VPN user credentials could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as root, possibly resulting in the complete compromise of the affected device.

32. Authentication Bypass - Cisco ASA (CVE-2025-20362) - Urgent [850]

Description: Update: On November 5, 2025, Cisco became aware of a new attack variant against devices running Cisco Secure ASA Software or Cisco Secure FTD Software releases that are affected by CVE-2025-20333 and CVE-2025-20362. This attack can cause unpatched devices to unexpectedly reload, leading to denial of service (DoS) conditions. Cisco strongly recommends that all customers upgrade to the fixed software releases that are listed in the Fixed Software ["#fs"] section of this advisory. A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to access restricted URL endpoints that are related to remote access VPN that should otherwise be inaccessible without authentication. This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted web server on a device. A successful exploit could allow the attacker to access a restricted URL without authentication.

33. Cross Site Scripting - MDaemon Email Server (CVE-2024-11182) - Urgent [850]

Description: An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window.

34. Spoofing - Windows NTLM (CVE-2025-24054) - Urgent [828]

Description: NTLM Hash Disclosure Spoofing Vulnerability

35. Remote Code Execution - ESXi (CVE-2025-22224) - Urgent [825]

Description: VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

36. Spoofing - Microsoft Windows File Explorer (CVE-2025-24071) - Urgent [823]

Description: Microsoft Windows File Explorer Spoofing Vulnerability

37. Remote Code Execution - Windows NTFS (CVE-2025-24993) - Urgent [817]

Description: Windows NTFS Remote Code Execution Vulnerability

38. Elevation of Privilege - Windows Ancillary Function Driver for WinSock (CVE-2025-21418) - Urgent [802]

Description: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

39. Elevation of Privilege - Windows Hyper-V NT Kernel Integration VSP (CVE-2025-21334) - Urgent [802]

Description: Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

40. Elevation of Privilege - Windows Hyper-V NT Kernel Integration VSP (CVE-2025-21335) - Urgent [802]

Description: Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

41. Elevation of Privilege - Windows Remote Access Connection Manager (CVE-2025-59230) - Urgent [802]

Description: Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

42. Cross Site Scripting - Zimbra Collaboration (CVE-2024-27443) - Urgent [800]

Description: An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. A Cross-Site Scripting (XSS) vulnerability exists in the CalendarInvite feature of the Zimbra webmail classic user interface, because of improper input validation in the handling of the calendar header. An attacker can exploit this via an email message containing a crafted calendar header with an embedded XSS payload. When a victim views this message in the Zimbra webmail classic interface, the payload is executed in the context of the victim's session, potentially leading to execution of arbitrary JavaScript code.

Critical (20)

43. Elevation of Privilege - Windows Common Log File System Driver (CVE-2025-32701) - Critical [791]

Description: Windows Common Log File System Driver Elevation of Privilege Vulnerability

44. Cross Site Scripting - Zimbra Collaboration (CVE-2025-27915) - Critical [788]

Description: An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A stored cross-site scripting (XSS) vulnerability exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an e-mail message containing a malicious ICS entry, its embedded JavaScript executes via an ontoggle event inside a <details> tag. This allows an attacker to run arbitrary JavaScript within the victim's session, potentially leading to unauthorized actions such as setting e-mail filters to redirect messages to an attacker-controlled address. As a result, an attacker can perform unauthorized actions on the victim's account, including e-mail redirection and data exfiltration.

45. Elevation of Privilege - Windows Storage (CVE-2025-21391) - Critical [779]

Description: Windows Storage Elevation of Privilege Vulnerability

46. Remote Code Execution - Windows LNK File (CVE-2025-9491) - Critical [773]

Description: Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of .LNK files. Crafted data in an .LNK file can cause hazardous content in the file to be invisible to a user who inspects the file via the Windows-provided user interface. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25373.

47. Information Disclosure - ESXi (CVE-2025-22226) - Critical [758]

Description: VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.

48. Remote Code Execution - Windows Lightweight Directory Access Protocol (LDAP) (CVE-2024-49112) - Critical [752]

Description: Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

49. Remote Code Execution - Windows OLE (CVE-2025-21298) - Critical [752]

Description: Windows OLE Remote Code Execution Vulnerability

50. Remote Code Execution - Kubernetes (CVE-2025-1974) - Critical [735]

Description: A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

51. Memory Corruption - ESXi (CVE-2025-22225) - Critical [723]

Description: VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.

52. Remote Code Execution - Redis (CVE-2025-49844) - Critical [707]

Description: Redis Lua Use-After-Free may lead to remote code execution

53. Remote Code Execution - Microsoft Configuration Manager (CVE-2024-43468) - Critical [702]

Description: Microsoft Configuration Manager Remote Code Execution Vulnerability

54. Elevation of Privilege - Windows Cloud Files Mini Filter Driver (CVE-2024-30085) - Critical [701]

Description: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

55. Remote Code Execution - TrueConf Server (BDU:2025-10116) - Critical [696]

Description: The discovered vulnerability allows a potential attacker to inject and execute arbitrary OS commands.

56. Remote Code Execution - CommuniGate Pro (BDU:2025-01331) - Critical [679]

Description: The CommuniGate Pro mail server is vulnerable to a stack-based buffer overflow. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code.

57. Authentication Bypass - TrueConf Server (BDU:2025-10114) - Critical [669]

Description: Insufficient access control allows a potential attacker to make requests to some administrative endpoints (/admin/*) without checking permissions and authentication.

58. Code Injection - Django (CVE-2025-64459) - Critical [668]

Description: An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank cyberstan for reporting this issue.

59. Elevation of Privilege - Windows Process Activation (CVE-2025-21204) - Critical [666]

Description: Windows Process Activation Elevation of Privilege Vulnerability

60. Arbitrary File Reading - TrueConf Server (BDU:2025-10115) - Critical [642]

Description: The discovered vulnerability allows a potential attacker to read arbitrary files in the system.

61. Remote Code Execution - expr-eval (CVE-2025-12735) - Critical [623]

Description: The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted context object or use MEMBER of the context object into the evaluate() function and trigger arbitrary code execution.

62. Elevation of Privilege - Windows Update Service (CVE-2025-48799) - Critical [618]

Description: Windows Update Service Elevation of Privilege Vulnerability

High (3)

63. Elevation of Privilege - Linux Kernel (CVE-2025-38001) - High [599]

Description: A vulnerability in the Linux Kernel HFSC network packet scheduler module. Exploitation of the vulnerability allows an authenticated attacker to escalate their privileges to superuser (root). A publicly available exploit exists for the vulnerability.

64. Remote Code Execution - 7-Zip (BDU:2025-01793) - High [535]

Description: The vulnerability in the Mark-of-the-Web protection mechanism of the 7-Zip archiver is related to the violation of the data protection mechanism. Exploitation of the vulnerability may allow an attacker to execute arbitrary code when a user unpacks an archive containing a specially crafted file.

65. Remote Code Execution - 7-Zip (CVE-2025-55188) - High [523]

Description: 7-Zip before 25.01 does not always properly handle symbolic links during extraction.

Medium (0)

Low (0)

Exploitation in the wild detected (52)

Remote Code Execution (23)

• Apache HTTP Server (CVE-2024-38475)
• React Server Components (CVE-2025-55182)
• Windows Server Update Service (WSUS) (CVE-2025-59287)
• Apache Tomcat (CVE-2025-24813)
• XWiki Platform (CVE-2025-24893)
• WinRAR (CVE-2025-6218, CVE-2025-8088)
• Microsoft SharePoint (CVE-2025-49704)
• Roundcube (CVE-2025-49113)
• Control Web Panel (CVE-2025-48703)
• Windows Fast FAT File System Driver (CVE-2025-24985)
• Microsoft SharePoint Server (CVE-2025-53770)
• SAP NetWeaver (CVE-2025-31324, CVE-2025-42999)
• Internet Shortcut Files (CVE-2025-33053)
• Erlang/OTP (CVE-2025-32433)
• 7-Zip (CVE-2025-0411)
• Cisco ASA (CVE-2025-20333)
• ESXi (CVE-2025-22224)
• Windows NTFS (CVE-2025-24993)
• Windows LNK File (CVE-2025-9491)
• TrueConf Server (BDU:2025-10116)
• CommuniGate Pro (BDU:2025-01331)

Elevation of Privilege (16)

• Sudo (CVE-2025-32463)
• Windows SMB Client (CVE-2025-33073)
• Windows Hyper-V NT Kernel Integration VSP (CVE-2025-21333, CVE-2025-21334, CVE-2025-21335)
• Windows Agere Modem Driver (CVE-2025-24990)
• Windows Kernel (CVE-2025-62215)
• Microsoft DWM Core Library (CVE-2025-30400)
• Windows Cloud Files Mini Filter Driver (CVE-2025-62221)
• Windows Common Log File System Driver (CVE-2025-29824, CVE-2025-32701, CVE-2025-32706)
• Windows Win32 Kernel Subsystem (CVE-2025-24983)
• Windows Ancillary Function Driver for WinSock (CVE-2025-21418)
• Windows Remote Access Connection Manager (CVE-2025-59230)
• Windows Storage (CVE-2025-21391)

Authentication Bypass (4)

• FortiOS (CVE-2024-55591)
• PAN-OS (CVE-2025-0108)
• Cisco ASA (CVE-2025-20362)
• TrueConf Server (BDU:2025-10114)

Security Feature Bypass (1)

• Microsoft Management Console (CVE-2025-26633)

Cross Site Scripting (3)

• MDaemon Email Server (CVE-2024-11182)
• Zimbra Collaboration (CVE-2024-27443, CVE-2025-27915)

Spoofing (2)

• Windows NTLM (CVE-2025-24054)
• Microsoft Windows File Explorer (CVE-2025-24071)

Information Disclosure (1)

• ESXi (CVE-2025-22226)

Memory Corruption (1)

• ESXi (CVE-2025-22225)

Arbitrary File Reading (1)

• TrueConf Server (BDU:2025-10115)

Public exploit exists, but exploitation in the wild is NOT detected (13)

Remote Code Execution (8)

• Windows Lightweight Directory Access Protocol (LDAP) (CVE-2024-49112)
• Windows OLE (CVE-2025-21298)
• Kubernetes (CVE-2025-1974)
• Redis (CVE-2025-49844)
• Microsoft Configuration Manager (CVE-2024-43468)
• expr-eval (CVE-2025-12735)
• 7-Zip (BDU:2025-01793, CVE-2025-55188)

Elevation of Privilege (4)

• Windows Cloud Files Mini Filter Driver (CVE-2024-30085)
• Windows Process Activation (CVE-2025-21204)
• Windows Update Service (CVE-2025-48799)
• Linux Kernel (CVE-2025-38001)

Code Injection (1)

• Django (CVE-2025-64459)

Other Vulnerabilities (0)