?day POC 漏洞数据库

Microsoft Edge Chromium: CVE-2025-21404 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/07/2025 Created 02/11/2025 Added 02/07/2025 Modified 02/10/2025 Description Microsoft Edge (Chromium-based) Spoofing Vulnerability Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2025-21404 CVE - 2025-21404 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21404

Microsoft Edge Chromium: CVE-2025-21279 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/07/2025 Created 02/11/2025 Added 02/07/2025 Modified 02/14/2025 Description Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2025-21279 CVE - 2025-21279 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21279

Microsoft Edge Chromium: CVE-2025-21342 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/07/2025 Created 02/11/2025 Added 02/07/2025 Modified 02/10/2025 Description Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2025-21342 CVE - 2025-21342 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21342

SUSE: CVE-2025-24366: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/07/2025 Created 02/13/2025 Added 02/12/2025 Modified 02/12/2025 Description SFTPGo is an open source, event-driven file transfer solution. SFTPGo supports execution of a defined set of commands via SSH. Besides a set of default commands some optional commands can be activated, one of them being `rsync`. It is disabled in the default configuration and it is limited to the local filesystem, it does not work with cloud/remote storage backends. Due to missing sanitization of the client provided `rsync` command, an authenticated remote user can …

Microsoft Edge Chromium: CVE-2025-21283 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/07/2025 Created 02/11/2025 Added 02/07/2025 Modified 02/14/2025 Description Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2025-21283 CVE - 2025-21283 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21283

Ivanti Pulse Connect Secure: February Security Advisory Ivanti Connect Secure (ICS),Ivanti Policy Secure (IPS) and Ivanti Secure Access Client (ISAC) (Multiple CVEs) Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 02/11/2025 Created 02/13/2025 Added 02/12/2025 Modified 02/12/2025 Description Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required. Solution(s) pulse-secure-pulse-connect-secure-upgrade-22_7r2_6 References https://attackerkb.com/topics/cve-2024-13830 …

Microsoft Windows: CVE-2025-21406: Windows Telephony Service Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Microsoft Windows: CVE-2025-21406: Windows Telephony Service Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5052040 microsoft-windows-windows_10-1607-kb5052006 microsoft-windows-windows_10-1809-kb5052000 microsoft-windows-windows_10-21h2-kb5051974 microsoft-windows-windows_10-22h2-kb5051974 microsoft-windows-windows_11-22h2-kb5051989 microsoft-windows-windows_11-23h2-kb…

Microsoft Windows: CVE-2025-21181: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Severity 7 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Microsoft Windows: CVE-2025-21181: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5052040 microsoft-windows-windows_10-1607-kb5052006 microsoft-windows-windows_10-1809-kb5052000 microsoft-windows-windows_10-21h2-kb5051974 microsoft-windows-windows_10-22h2-kb5051974 microsoft-windows-windows_11-22h2-kb5051989 microsoft-windows-windows_11-2…

Microsoft Windows: CVE-2025-21200: Windows Telephony Service Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Microsoft Windows: CVE-2025-21200: Windows Telephony Service Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5052040 microsoft-windows-windows_10-1607-kb5052006 microsoft-windows-windows_10-1809-kb5052000 microsoft-windows-windows_10-21h2-kb5051974 microsoft-windows-windows_10-22h2-kb5051974 microsoft-windows-windows_11-22h2-kb5051989 microsoft-windows-windows_11-23h2-kb…

Microsoft Windows: CVE-2025-21367: Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Microsoft Windows: CVE-2025-21367: Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1809-kb5052000 microsoft-windows-windows_10-21h2-kb5051974 microsoft-windows-windows_10-22h2-kb5051974 microsoft-windows-windows_11-22h2-kb5051989 microsoft-windows-windows_11-23h2-kb5051989 microsoft-windows-windows_11-24h2-kb5051987 microsoft-windows-window…

Adobe Illustrator: CVE-2025-21160: Security updates available for Adobe Illustrator (APSB25-11) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 02/11/2025 Created 02/14/2025 Added 02/12/2025 Modified 02/12/2025 Description Adobe has released an update for Adobe Illustrator. This update resolves critical vulnerabilities that could lead to arbitrary code execution. Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates. Solution(s) adobe-illustrator-upgrade-latest References https://attackerkb.com/topics/cve-2025-21160 CVE - 2025-21160 https://helpx.adobe.com/security/products/…

Ivanti Pulse Connect Secure: February Security Advisory Ivanti Connect Secure (ICS),Ivanti Policy Secure (IPS) and Ivanti Secure Access Client (ISAC) (Multiple CVEs) Severity 4 CVSS (AV:L/AC:L/Au:M/C:C/I:N/A:N) Published 02/11/2025 Created 02/13/2025 Added 02/12/2025 Modified 02/12/2025 Description A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.3 allows a local unauthenticated attacker to read sensitive data. Solution(s) pulse-secure-pulse-connect-secure-upgrade-22_7r2_3 References https://attackerkb.com/topics/cve-2024-13842 CVE - 2024-13842 https://forums.i…

Microsoft Windows: CVE-2025-21350: Windows Kerberos Denial of Service Vulnerability Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Microsoft Windows: CVE-2025-21350: Windows Kerberos Denial of Service Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5052040 microsoft-windows-windows_10-1607-kb5052006 microsoft-windows-windows_10-1809-kb5052000 microsoft-windows-windows_10-21h2-kb5051974 microsoft-windows-windows_10-22h2-kb5051974 microsoft-windows-windows_11-22h2-kb5051989 microsoft-windows-windows_11-23h2-kb5051989 microsoft-windows-…

Microsoft Windows: CVE-2025-21212: Internet Connection Sharing (ICS) Denial of Service Vulnerability Severity 6 CVSS (AV:A/AC:L/Au:N/C:N/I:N/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Microsoft Windows: CVE-2025-21212: Internet Connection Sharing (ICS) Denial of Service Vulnerability Solution(s) microsoft-windows-windows_10-1607-kb5052006 microsoft-windows-windows_10-1809-kb5052000 microsoft-windows-windows_10-21h2-kb5051974 microsoft-windows-windows_10-22h2-kb5051974 microsoft-windows-windows_11-22h2-kb5051989 microsoft-windows-windows_11-23h2-kb5051989 microsoft-windows-windows_11…

Microsoft Windows: CVE-2025-21182: Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability Severity 6 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Microsoft Windows: CVE-2025-21182: Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_11-24h2-kb5051987 microsoft-windows-windows_server_2025-24h2-kb5051987 References https://attackerkb.com/topics/cve-2025-21182 CVE - 2025-21182 https://support.microsoft.com/help/5051987

Microsoft Windows: CVE-2025-21373: Windows Installer Elevation of Privilege Vulnerability Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Microsoft Windows: CVE-2025-21373: Windows Installer Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5052040 microsoft-windows-windows_10-1607-kb5052006 microsoft-windows-windows_10-1809-kb5052000 microsoft-windows-windows_10-21h2-kb5051974 microsoft-windows-windows_10-22h2-kb5051974 microsoft-windows-windows_11-22h2-kb5051989 microsoft-windows-windows_11-23h2-kb5051989 micros…

Adobe Illustrator: CVE-2025-21159: Security updates available for Adobe Illustrator (APSB25-11) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 02/11/2025 Created 02/14/2025 Added 02/12/2025 Modified 02/12/2025 Description Adobe has released an update for Adobe Illustrator. This update resolves critical vulnerabilities that could lead to arbitrary code execution. Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates. Solution(s) adobe-illustrator-upgrade-latest References https://attackerkb.com/topics/cve-2025-21159 CVE - 2025-21159 https://helpx.adobe.com/security/products/…

Microsoft Windows: CVE-2025-21375: Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Microsoft Windows: CVE-2025-21375: Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5052040 microsoft-windows-windows_10-1607-kb5052006 microsoft-windows-windows_10-1809-kb5052000 microsoft-windows-windows_10-21h2-kb5051974 microsoft-windows-windows_10-22h2-kb5051974 microsoft-windows-windows_11-22h2-kb5051989 mi…

Microsoft Windows: CVE-2025-21419: Windows Setup Files Cleanup Elevation of Privilege Vulnerability Severity 6 CVSS (AV:L/AC:L/Au:S/C:N/I:C/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Microsoft Windows: CVE-2025-21419: Windows Setup Files Cleanup Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5052040 microsoft-windows-windows_10-1607-kb5052006 microsoft-windows-windows_10-1809-kb5052000 microsoft-windows-windows_10-21h2-kb5051974 microsoft-windows-windows_10-22h2-kb5051974 microsoft-windows-windows_11-22h2-kb5051989 microsoft-windows-windows_11-2…

Oracle Linux: CVE-2024-12797: ELSA-2025-1330:openssl security update (IMPORTANT) (Multiple Advisories) Severity 7 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:N) Published 02/11/2025 Created 02/15/2025 Added 02/13/2025 Modified 02/13/2025 Description A flaw was found in OpenSSL's RFC7250 Raw Public Key (RPK) authentication. This vulnerability allows man-in-the-middle (MITM) attacks via failure to abort TLS/DTLS handshakes when the server's RPK does not match the expected key despite the SSL_VERIFY_PEER verification mode being set. Solution(s) oracle-linux-upgrade-openssl oracle-linux-upgrade-openssl-devel oracle-linux-upgrade-opens…

Microsoft Windows: CVE-2025-21407: Windows Telephony Service Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Microsoft Windows: CVE-2025-21407: Windows Telephony Service Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5052040 microsoft-windows-windows_10-1607-kb5052006 microsoft-windows-windows_10-1809-kb5052000 microsoft-windows-windows_10-21h2-kb5051974 microsoft-windows-windows_10-22h2-kb5051974 microsoft-windows-windows_11-22h2-kb5051989 microsoft-windows-windows_11-23h2-kb…

FreeBSD: VID-D598266D-7772-4A31-9594-83B76B1FB837 (CVE-2024-39355): Intel CPUs -- multiple vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/11/2025 Created 02/15/2025 Added 02/13/2025 Modified 02/13/2025 Description Improper handling of physical or environmental conditions in some Intel(R) Processors may allow an authenticated user to enable denial of service via local access. Solution(s) freebsd-upgrade-package-cpu-microcode-intel References CVE-2024-39355

Microsoft Windows: CVE-2025-21254: Internet Connection Sharing (ICS) Denial of Service Vulnerability Severity 6 CVSS (AV:A/AC:L/Au:N/C:N/I:N/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Microsoft Windows: CVE-2025-21254: Internet Connection Sharing (ICS) Denial of Service Vulnerability Solution(s) microsoft-windows-windows_10-1607-kb5052006 microsoft-windows-windows_10-1809-kb5052000 microsoft-windows-windows_10-21h2-kb5051974 microsoft-windows-windows_10-22h2-kb5051974 microsoft-windows-windows_11-22h2-kb5051989 microsoft-windows-windows_11-23h2-kb5051989 microsoft-windows-windows_11…

Microsoft Office: CVE-2025-21386: Microsoft Excel Remote Code Execution Vulnerability Severity 6 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Microsoft Office: CVE-2025-21386: Microsoft Excel Remote Code Execution Vulnerability Solution(s) microsoft-excel_2016-kb5002687 microsoft-office_online_server-kb5002679 office-click-to-run-upgrade-latest References https://attackerkb.com/topics/cve-2025-21386 CVE - 2025-21386 https://support.microsoft.com/help/5002679 https://support.microsoft.com/help/5002687

Ivanti Pulse Connect Secure: February Security Advisory Ivanti Connect Secure (ICS),Ivanti Policy Secure (IPS) and Ivanti Secure Access Client (ISAC) (Multiple CVEs) Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 02/11/2025 Created 02/13/2025 Added 02/12/2025 Modified 02/12/2025 Description A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution. Solution(s) pulse-secure-pulse-connect-secure-upgrade-22_7r2_6 References https://attackerkb.com/topics/cve-2025-22467 CVE - 2025-22467 https://forums.ivanti.com/s/article/Februa…