Cyber_Comply


Known Exploited Vulnerabilities and counting....

A known exploited vulnerability (KEV) refers to a software vulnerability that is being actively exploited by cybercriminals or threat actors. When a vulnerability becomes known to be exploited in the wild, it signals that the vulnerability poses a significant and imminent risk to organizations.

Begin by

Knowing

which assets are at risk.
Woman Looking at Computer Screen
Man in scary mask
Accurate

Inventory

is a fundamental security tool.

Inventory is an important aspect of cybersecurity because it helps organizations identify and manage their technology assets, which is crucial for securing their systems and data. Inventory helps with the identification of the devices, software, or configurations that can become a security risk. By maintaining a current inventory, organizations can quickly identify any unpatched devices or outdated software that requires updating or removal.

CVE Horror Poster

CVEs form a database of known security vulnerabilities that are actively tracked and managed by a group of organizations, such as the U.S. National Cyber Security Alliance. CVEs are an important tool for network security management because they not only provide an inventory of existing vulnerabilities, but also provide information about how the vulnerability can be exploited and instructions on how to protect against it.

Zombie hands

Zombie CVE?

When an older computer on your network is missing a security patch...

Due to the urgent risks they represent, KEVs are prioritized by software vendors and security organizations for patches and remediation.

Man in scary mask

Slasher CVE?

A small group of CVEs can cause a lot of damage. See which vendors have been targets...

Search Known Exploits
Man in scary mask

Vampire CVEs?

KEVs allow attackers to compromise systems and networks to conduct malicious activities like stealing data, installing ransomware, or creating botnets.


Upcoming Patch Due Dates

via Binding Operational Directive 22-01

(BOD) 22-01 is a directive issued by the Cybersecurity and Infrastructure Security Agency (CISA) in the United States to federal agencies and federal contractors in order to improve their cybersecurity practices. It provides a set of guidelines and requirements that these agencies and contractors must follow to increase their defenses against cyber threats.

Microsoft

Power Pages
Patch deadline: in 19 days on 03/14/2025

CVE-2025-24989

Microsoft Power Pages contains an improper access control vulnerability that allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control.

Microsoft Power Pages Improper Access Control Vulnerability

Palo Alto Networks

PAN-OS
Patch deadline: in 18 days on 03/13/2025

CVE-2025-0111

Palo Alto Networks PAN-OS contains an external control of file name or path vulnerability. Successful exploitation enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user.

Palo Alto Networks PAN-OS File Read Vulnerability

Craft CMS

Craft CMS
Patch deadline: in 18 days on 03/13/2025

CVE-2025-23209

Craft CMS contains a code injection vulnerability that allows for remote code execution as vulnerable versions have compromised user security keys.

Craft CMS Code Injection Vulnerability

SonicWall

SonicOS
Patch deadline: in 16 days on 03/11/2025

CVE-2024-53704

SonicWall SonicOS contains an improper authentication vulnerability in the SSLVPN authentication mechanism that allows a remote attacker to bypass authentication.

SonicWall SonicOS SSLVPN Improper Authentication Vulnerability

Palo Alto

PAN-OS
Patch deadline: in 2 months on 04/08/2025

CVE-2025-0108

Palo Alto PAN-OS contains an authentication bypass vulnerability in its management web interface. This vulnerability allows an unauthenticated attacker with network access to the management web interface to bypass the authentication normally required and invoke certain PHP scripts.

Palo Alto PAN-OS Authentication Bypass Vulnerability

SimpleHelp

SimpleHelp
Patch deadline: in 11 days on 03/06/2025

CVE-2024-57727

SimpleHelp remote support software contains multiple path traversal vulnerabilities that allow unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files may include server configuration files and hashed user passwords.

SimpleHelp Path Traversal Vulnerability

Zombie hands

CVE = Common Vulnerability and Exposure

CVE OF THE WEEK:

Palo Alto Networks

PAN-OS
Patch deadline: a month ago on 01/20/2025

CVE-2024-3393

Palo Alto Networks PAN-OS contains a vulnerability in parsing and logging malformed DNS packets in the DNS Security feature that, when exploited, allows an unauthenticated attacker to remotely reboot the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.

Palo Alto Networks PAN-OS Malformed DNS Packet Vulnerability

Learn more about this CVE: paloaltonetworks.com


Cyber Security News

You may have missed...

Zombie hands