Loading HuntDB...

Known Exploited Vulnerabilities

Search through CISA's catalog of actively exploited vulnerabilities

Press Enter to search
241,129 vulnerabilities found
Showing 21 - 40

Microsoft SharePoint Deserialization of Untrusted Data Vulnerability

Added July 20, 2025 CVE-2025-53770
Overdue

Microsoft SharePoint Server on-premises contains a deserialization of untrusted data vulnerability that could allow an unauthorized attacker to execute code over a network.

Microsoft SharePoint
Due by July 21, 2025
Catalog 2025.07.22

Microsoft SharePoint Deserialization of Untrusted Data Vulnerability

Added July 20, 2025 CVE-2025-53770
Overdue

Microsoft SharePoint Server on-premises contains a deserialization of untrusted data vulnerability that could allow an unauthorized attacker to execute code over a network.

Microsoft SharePoint
Due by July 21, 2025
Catalog 2025.07.22

Microsoft SharePoint Deserialization of Untrusted Data Vulnerability

Added July 20, 2025 CVE-2025-53770
Overdue

Microsoft SharePoint Server on-premises contains a deserialization of untrusted data vulnerability that could allow an unauthorized attacker to execute code over a network.

Microsoft SharePoint
Due by July 21, 2025
Catalog 2025.07.24

Fortinet FortiWeb SQL Injection Vulnerability

Added July 18, 2025 CVE-2025-25257
Due Soon

Fortinet FortiWeb contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.

Fortinet FortiWeb
Due by August 8, 2025
Catalog 2025.07.18

Fortinet FortiWeb SQL Injection Vulnerability

Added July 18, 2025 CVE-2025-25257
Due Soon

Fortinet FortiWeb contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.

Fortinet FortiWeb
Due by August 8, 2025
Catalog 2025.07.18

Fortinet FortiWeb SQL Injection Vulnerability

Added July 18, 2025 CVE-2025-25257
Due Soon

Fortinet FortiWeb contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.

Fortinet FortiWeb
Due by August 8, 2025
Catalog 2025.07.20

Fortinet FortiWeb SQL Injection Vulnerability

Added July 18, 2025 CVE-2025-25257
Due Soon

Fortinet FortiWeb contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.

Fortinet FortiWeb
Due by August 8, 2025
Catalog 2025.07.20

Fortinet FortiWeb SQL Injection Vulnerability

Added July 18, 2025 CVE-2025-25257
Due Soon

Fortinet FortiWeb contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.

Fortinet FortiWeb
Due by August 8, 2025
Catalog 2025.07.22

Fortinet FortiWeb SQL Injection Vulnerability

Added July 18, 2025 CVE-2025-25257
Due Soon

Fortinet FortiWeb contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.

Fortinet FortiWeb
Due by August 8, 2025
Catalog 2025.07.22

Fortinet FortiWeb SQL Injection Vulnerability

Added July 18, 2025 CVE-2025-25257
Due Soon

Fortinet FortiWeb contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.

Fortinet FortiWeb
Due by August 8, 2025
Catalog 2025.07.24

Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability

Added July 14, 2025 CVE-2025-47812
Due Soon

Wing FTP Server contains an improper neutralization of null byte or NUL character vulnerability that can allow injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default).

Wing FTP Server Wing FTP Server
Due by August 4, 2025
Catalog 2025.07.14

Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability

Added July 14, 2025 CVE-2025-47812
Due Soon

Wing FTP Server contains an improper neutralization of null byte or NUL character vulnerability that can allow injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default).

Wing FTP Server Wing FTP Server
Due by August 4, 2025
Catalog 2025.07.14

Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability

Added July 14, 2025 CVE-2025-47812
Due Soon

Wing FTP Server contains an improper neutralization of null byte or NUL character vulnerability that can allow injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default).

Wing FTP Server Wing FTP Server
Due by August 4, 2025
Catalog 2025.07.14

Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability

Added July 14, 2025 CVE-2025-47812
Due Soon

Wing FTP Server contains an improper neutralization of null byte or NUL character vulnerability that can allow injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default).

Wing FTP Server Wing FTP Server
Due by August 4, 2025
Catalog 2025.07.14

Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability

Added July 14, 2025 CVE-2025-47812
Due Soon

Wing FTP Server contains an improper neutralization of null byte or NUL character vulnerability that can allow injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default).

Wing FTP Server Wing FTP Server
Due by August 4, 2025
Catalog 2025.07.18

Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability

Added July 14, 2025 CVE-2025-47812
Due Soon

Wing FTP Server contains an improper neutralization of null byte or NUL character vulnerability that can allow injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default).

Wing FTP Server Wing FTP Server
Due by August 4, 2025
Catalog 2025.07.18

Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability

Added July 14, 2025 CVE-2025-47812
Due Soon

Wing FTP Server contains an improper neutralization of null byte or NUL character vulnerability that can allow injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default).

Wing FTP Server Wing FTP Server
Due by August 4, 2025
Catalog 2025.07.20

Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability

Added July 14, 2025 CVE-2025-47812
Due Soon

Wing FTP Server contains an improper neutralization of null byte or NUL character vulnerability that can allow injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default).

Wing FTP Server Wing FTP Server
Due by August 4, 2025
Catalog 2025.07.20

Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability

Added July 14, 2025 CVE-2025-47812
Due Soon

Wing FTP Server contains an improper neutralization of null byte or NUL character vulnerability that can allow injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default).

Wing FTP Server Wing FTP Server
Due by August 4, 2025
Catalog 2025.07.22

Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability

Added July 14, 2025 CVE-2025-47812
Due Soon

Wing FTP Server contains an improper neutralization of null byte or NUL character vulnerability that can allow injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default).

Wing FTP Server Wing FTP Server
Due by August 4, 2025
Catalog 2025.07.22