Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

state:in-the-wild — CVE vulnerabilities tagged 396

396 CVE security advisories tagged "state:in-the-wild" with AI Chinese analysis, CVSS, references and POCs.

The tag "state:in-the-wild" signifies that a disclosed vulnerability has been actively exploited by attackers in real-world environments, rather than remaining theoretical or limited to controlled laboratory testing. This classification is critical because it indicates an immediate and tangible threat to public infrastructure, demanding urgent mitigation strategies from administrators and developers. Typically, these vulnerabilities involve remote code execution, authentication bypasses, or critical logic flaws that allow adversaries to compromise systems without physical access. The presence of this tag implies that exploit code is likely circulating in the wild, increasing the risk of widespread data breaches, service disruptions, or lateral movement within networks. Consequently, organizations must prioritize patching these specific CVEs to prevent active intrusion, as the window between disclosure and exploitation has effectively closed, leaving systems exposed to sophisticated threat actors seeking immediate gain.

CVE IDTitleCVSSSeverityPublished
CVE-2025-54309 CrushFTP 安全漏洞 — CrushFTPCWE-420 9.0 Critical2025-07-18
CVE-2025-34130 LILIN DVR Arbitrary File Read via net_html.cgi — DVR FirmwareCWE-306 9.8AICriticalAI2025-07-16
CVE-2025-34129 LILIN DVR RCE via Malicious FTP/NTP Configuration — DVR FirmwareCWE-78 7.2AIHighAI2025-07-16
CVE-2025-49831 Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) vulnerable to IAM Authenticator Bypass via Mis-configured Network Device — conjurCWE-287 9.3AICriticalAI2025-07-15
CVE-2025-52572 Hikka vulnerable to RCE through dangling web interface — HikkaCWE-287 10.0 Critical2025-06-24
CVE-2025-34037 Linksys Routers E/WAG/WAP/WES/WET/WRT-Series — E4200CWE-78 9.8AICriticalAI2025-06-24
CVE-2025-48928 TeleMessage 安全漏洞 — serviceCWE-528 4.0 Medium2025-05-28
CVE-2025-48927 TeleMessage 安全漏洞 — serviceCWE-1188 5.3 Medium2025-05-28
CVE-2025-48828 Internet Brands vBulletin 安全漏洞 — vBulletinCWE-424 9.0 Critical2025-05-27
CVE-2025-48827 Internet Brands vBulletin 安全漏洞 — vBulletinCWE-424 10.0 Critical2025-05-27
CVE-2024-48766 NetAlertX 安全漏洞 — NetAlertXCWE-698 8.6 High2025-05-13
CVE-2024-46506 NetAlertX 安全漏洞 — NetAlertXCWE-306 10.0 Critical2025-05-13
CVE-2025-47729 TeleMessage archiving backend 安全漏洞 — archiving backendCWE-912 1.9 Low2025-05-08
CVE-2024-51991 October CMS Allows Unprotected SVG Rename in Media Manager — octoberCWE-434 4.8AIMediumAI2025-05-05
CVE-2024-58136 Yii 安全漏洞 — YiiCWE-424 9.0 Critical2025-04-10
CVE-2025-30401 Facebook WhatsApp 安全漏洞 — WhatsApp Desktop for Windows 8.1AIHighAI2025-04-05
CVE-2025-31161 CrushFTP 安全漏洞 — CrushFTPCWE-305 9.8 Critical2025-04-03
CVE-2025-30406 Gladinet CentreStack 安全漏洞 — CentreStackCWE-321 9.0 Critical2025-04-03
CVE-2025-2857 Incorrect handle could lead to sandbox escapes — Firefox 9.6AICriticalAI2025-03-27
CVE-2025-30355 Synapse vulnerable to federation denial of service via malformed events — synapseCWE-20 7.1 High2025-03-27
CVE-2025-30349 IMP 安全漏洞 — IMPCWE-79 7.2 High2025-03-21
CVE-2025-30259 WhatsApp 安全漏洞 — WhatsApp cloud service 3.5 Low2025-03-19
CVE-2025-27363 FreeType 缓冲区错误漏洞 — FreeType 8.1 High2025-03-11
CVE-2025-24888 Path traversal in SecureDrop Client API.download_reply() — securedrop-clientCWE-22 8.1 High2025-02-13
CVE-2025-1146 CrowdStrike Falcon Sensor for Linux TLS Issue — Falcon sensor for LinuxCWE-296 8.1 High2025-02-12
CVE-2025-24085 Apple iOS和Apple iPadOS 资源管理错误漏洞 — iOS and iPadOS 7.8 -2025-01-27
CVE-2024-12847 NETGEAR DGN setup.cgi OS Command Injection — DGN1000CWE-78 9.8 Critical2025-01-10
CVE-2024-44309 Apple iOS和Apple iPadOS 安全漏洞 — Safari 6.1AIMediumAI2024-11-19
CVE-2024-44308 Apple iOS和Apple iPadOS 安全漏洞 — Safari 8.8AIHighAI2024-11-19
CVE-2024-4741 Use After Free with SSL_free_buffers — OpenSSLCWE-416 9.8 -2024-11-13

Vulnerabilities classified as state:in-the-wild represent 396 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.