CVE-2023-0386 - Linux Kernel Improper Ownership Management Vulnerability -

Action Due Jul 08, 2025 ( 17 days left ) Target Vendor : Linux

Description : Linux Kernel contains an improper ownership management vulnerability, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f11ada10d0a ; https://access.redhat.com/security/cve/cve-2023-0386 ; https://security.netapp.com/advisory/ntap-20230420-0004/ ; https://nvd.nist.gov/vuln/detail/CVE-2023-0386

CVE-2025-43200 - Apple Multiple Products Unspecified Vulnerability -

Action Due Jul 07, 2025 ( 16 days left ) Target Vendor : Apple

Description : Apple iOS, iPadOS, macOS, watchOS, and visionOS, contain an unspecified vulnerability when processing a maliciously crafted photo or video shared via an iCloud Link.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://support.apple.com/en-us/122174 ; https://support.apple.com/en-us/122173 ; https://support.apple.com/en-us/122900 ; https://support.apple.com/en-us/122901 ; https://support.apple.com/en-us/122902 ; https://support.apple.com/en-us/122903 ; https://support.apple.com/en-us/122904 ; https://nvd.nist.gov/vuln/detail/CVE-2025-43200

CVE-2023-33538 - TP-Link Multiple Routers Command Injection Vulnerability -

Action Due Jul 07, 2025 ( 16 days left ) Target Vendor : TP-Link

Description : TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://www.tp-link.com/nordic/support/faq/3562/ ; https://nvd.nist.gov/vuln/detail/CVE-2023-33538

CVE-2025-24016 - Wazuh Server Deserialization of Untrusted Data Vulnerability -

Action Due Jul 01, 2025 ( 10 days left ) Target Vendor : Wazuh

Description : Wazuh contains a deserialization of untrusted data vulnerability that allows for remote code execution on Wazuh servers.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://github.com/wazuh/wazuh/security/advisories/GHSA-hcrc-79hj-m3qh ; https://nvd.nist.gov/vuln/detail/CVE-2025-24016

CVE-2025-33053 - Web Distributed Authoring and Versioning (WebDAV) External Control of File Name or Path Vulnerability -

Action Due Jul 01, 2025 ( 10 days left ) Target Vendor : Web Distributed Authoring and Versioning

Description : Web Distributed Authoring and Versioning (WebDAV) contains an external control of file name or path vulnerability. This vulnerability could allow an unauthorized attacker to execute code over a network. This vulnerability could affect various products that implement WebDAV, including but not limited to Microsoft Windows.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : This vulnerability affects a common open-source project, third-party library, or a protocol used by different products. For more information, please see: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-33053 ; https://nvd.nist.gov/vuln/detail/CVE-2025-33053

CVE-2025-32433 - Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability -

Action Due Jun 30, 2025 ( 9 days left ) Target Vendor : Erlang

Description : Erlang Erlang/OTP SSH server contains a missing authentication for critical function vulnerability. This could allow an attacker to execute arbitrary commands without valid credentials, potentially leading to unauthenticated remote code execution (RCE). By exploiting a flaw in how SSH protocol messages are handled, a malicious actor could gain unauthorized access to affected systems. This vulnerability could affect various products that implement Erlang/OTP SSH server, including—but not limited to—Cisco, NetApp, and SUSE.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : This vulnerability affects a common open-source project, third-party library, or a protocol used by different products. For more information, please see: https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2 ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy ; https://nvd.nist.gov/vuln/detail/CVE-2025-32433

CVE-2024-42009 - RoundCube Webmail Cross-Site Scripting Vulnerability -

Action Due Jun 30, 2025 ( 9 days left ) Target Vendor : Roundcube

Description : RoundCube Webmail contains a cross-site scripting vulnerability. This vulnerability could allow a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8 ; https://nvd.nist.gov/vuln/detail/CVE-2024-42009

CVE-2025-5419 - Google Chromium V8 Out-of-Bounds Read and Write Vulnerability -

Action Due Jun 26, 2025 ( 5 days left ) Target Vendor : Google

Description : Google Chromium V8 contains an out-of-bounds read and write vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop.html; https://nvd.nist.gov/vuln/detail/CVE-2025-5419",

CVE-2025-27038 - Qualcomm Multiple Chipsets Use-After-Free Vulnerability -

Action Due Jun 24, 2025 ( 3 days left ) Target Vendor : Qualcomm

Description : Multiple Qualcomm chipsets contain a use-after-free vulnerability. This vulnerability allows for memory corruption while rendering graphics using Adreno GPU drivers in Chrome.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : Please check with specific vendors (OEMs,) for information on patching status. For more information, please see: https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-27038

CVE-2025-21480 - Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability -

Action Due Jun 24, 2025 ( 3 days left ) Target Vendor : Qualcomm

Description : Multiple Qualcomm chipsets contain an incorrect authorization vulnerability. This vulnerability allows for memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : Please check with specific vendors (OEMs,) for information on patching status. For more information, please see: https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-21480

CVE-2025-21479 - Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability -

Action Due Jun 24, 2025 ( 3 days left ) Target Vendor : Qualcomm

Description : Multiple Qualcomm chipsets contain an incorrect authorization vulnerability. This vulnerability allows for memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : Please check with specific vendors (OEMs,) for information on patching status. For more information, please see: https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-21479

CVE-2023-39780 - ASUS RT-AX55 Routers OS Command Injection Vulnerability -

Action Due Jun 23, 2025 ( 2 days left ) Target Vendor : ASUS

Description : ASUS RT-AX55 devices contain a OS command injection vulnerability that could allow a remote, authenticated attacker to execute arbitrary commands.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://www.asus.com/networking-iot-servers/wifi-6/all-series/rt-ax55/helpdesk_bios/?model2Name=RT-AX55 ; https://www.asus.com/content/asus-product-security-advisory/ ; https://nvd.nist.gov/vuln/detail/CVE-2023-39780

CVE-2024-56145 - Craft CMS Code Injection Vulnerability -

Action Due Jun 23, 2025 ( 2 days left ) Target Vendor : Craft CMS

Description : Craft CMS contains a code injection vulnerability. Users with affected versions are vulnerable to remote code execution if their php.ini configuration has `register_argc_argv` enabled.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://github.com/craftcms/cms/security/advisories/GHSA-2p6p-9rc9-62j9 ; https://nvd.nist.gov/vuln/detail/CVE-2024-56145

CVE-2025-35939 - Craft CMS External Control of Assumed-Immutable Web Parameter Vulnerability -

Action Due Jun 23, 2025 ( 2 days left ) Target Vendor : Craft CMS

Description : Craft CMS contains an external control of assumed-immutable web parameter vulnerability. This vulnerability could allow an unauthenticated client to introduce arbitrary values, such as PHP code, to a known local file location on the server. This vulnerability could be chained with CVE-2024-58136 as represented by CVE-2025-32432.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://github.com/craftcms/cms/pull/17220 ; https://nvd.nist.gov/vuln/detail/CVE-2025-35939

CVE-2025-3935 - ConnectWise ScreenConnect Improper Authentication Vulnerability -

Action Due Jun 23, 2025 ( 2 days left ) Target Vendor : ConnectWise

Description : ConnectWise ScreenConnect contains an improper authentication vulnerability. This vulnerability could allow a ViewState code injection attack, which could allow remote code execution if machine keys are compromised.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://www.connectwise.com/company/trust/security-bulletins/screenconnect-security-patch-2025.4 ; https://nvd.nist.gov/vuln/detail/CVE-2025-3935

CVE-2021-32030 - ASUS Routers Improper Authentication Vulnerability -

Action Due Jun 23, 2025 ( 2 days left ) Target Vendor : ASUS

Description : ASUS Lyra Mini and ASUS GT-AC2900 devices contain an improper authentication vulnerability that allows an attacker to gain unauthorized access to the administrative interface. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://www.asus.com/us/supportonly/lyra%20mini/helpdesk_bios/ ; https://www.asus.com/us/supportonly/rog%20rapture%20gt-ac2900/helpdesk_bios/; https://nvd.nist.gov/vuln/detail/CVE-2021-32030

CVE-2025-4632 - Samsung MagicINFO 9 Server Path Traversal Vulnerability -

Action Due Jun 12, 2025 Target Vendor : Samsung

Description : Samsung MagicINFO 9 Server contains a path traversal vulnerability that allows an attacker to write arbitrary file as system authority.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://security.samsungtv.com/securityUpdates#SVP-MAY-2025 ; https://nvd.nist.gov/vuln/detail/CVE-2025-4632

CVE-2025-4427 - Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability -

Action Due Jun 09, 2025 Target Vendor : Ivanti

Description : Ivanti Endpoint Manager Mobile (EPMM) contains an authentication bypass vulnerability in the API component that allows an attacker to access protected resources without proper credentials via crafted API requests. This vulnerability results from an insecure implementation of the Spring Framework open-source library.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM ; https://nvd.nist.gov/vuln/detail/CVE-2025-4427

CVE-2023-38950 - ZKTeco BioTime Path Traversal Vulnerability -

Action Due Jun 09, 2025 Target Vendor : ZKTeco

Description : ZKTeco BioTime contains a path traversal vulnerability in the iclock API that allows an unauthenticated attacker to read arbitrary files via supplying a crafted payload.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://www.zkteco.com/en/Security_Bulletinsibs ; https://nvd.nist.gov/vuln/detail/CVE-2023-38950

CVE-2024-27443 - Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability -

Action Due Jun 09, 2025 Target Vendor : Synacor

Description : Zimbra Collaboration contains a cross-site scripting (XSS) vulnerability in the CalendarInvite feature of the Zimbra webmail classic user interface. An attacker can exploit this vulnerability via an email message containing a crafted calendar header, leading to the execution of arbitrary JavaScript code.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P46#Security_Fixes ; https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P39#Security_Fixes ; https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.7#Security_Fixes ; https://nvd.nist.gov/vuln/detail/CVE-2024-27443