N-day Feed Updates - Crowdfense

Exploits Feed

Below is the list of vulnerabilities and CVEs that have been thoroughly analysed by Crowdfense and are now part of our N-day Vulnerabilities Feed.

Each entry includes a comprehensive technical report, featuring:

In-depth root cause analysis
Exploitation context and impact assessment

A fully weaponised exploit accompanies most vulnerabilities, while others include a crash trigger or minimal proof-of-concept (PoC) to demonstrate exploitability.

How do we choose Exploits to prioritize?

With an increasing number of CVEs being reported every year, the vulnerability landscape is vast. Not every vulnerability poses the same level of risk, and others may be practically unexploitable.

Our process draws on sources such as CISA’s KEV catalogue, and we continuously track and analyse vulnerabilities exploited in the wild by APT groups, ransomware operators, and other cybercriminals. To determine whether an exploit is worth developing, we consider which attacks are most critical from an attacker’s perspective, which newly disclosed vulnerabilities are most likely to be used in real-world scenarios, and which exploits would provide the greatest value to our clients.

ID	CVE Year	CVE	Description	Vendor	Capability	Status	CISA KEV	Released Year
1	2020	CVE-2020-17096	Microsoft Windows NTFS (ntfs.sys) Memory Corruption	Microsoft	DoS	poc	False	2024
2	2021	CVE-2021-31956	Microsoft Windows NTFS (ntfs.sys) Heap Buffer Overflow	Microsoft	LPE	weaponized	True	2024
3	2021	CVE-2021-40466	Microsoft Windows Common Log File System Driver (clfs.sys) Heap Buffer Overflow	Microsoft	LPE	weaponized	False	2024
4	2023	CVE-2023-36845	Juniper Firewall/VPN (JunOS) PHP External Variable Modification	Juniper	pre-auth RCE	weaponized	True	2024
5	2024	CVE-2024-11477	7-Zip Zstandard Decompression Integer Underflow	7-Zip	unexploitable	poc	False	2024
6	2024	CVE-2024-21338	Microsoft Windows AppLocker (appid.sys) Untrusted Pointer Dereference	Microsoft	LPE	weaponized	True	2024
7	2024	CVE-2024-30078	Microsoft Windows Wi-Fi Driver (nwifi.sys) OOB Write	Microsoft	DoS	poc	False	2024
8	2024	CVE-2024-30085	Microsoft Windows Cloud Files Mini Filter (cldflt.sys) Heap Buffer Overflow	Microsoft	LPE	weaponized	False	2024
9	2024	CVE-2024-30088	Microsoft Windows Kernel TOCTOU Race Condition	Microsoft	LPE	weaponized	True	2024
10	2024	CVE-2024-35250	Microsoft Windows Kernel Streaming (ks.sys and ksthink.sys) Untrusted Pointer Dereference	Microsoft	LPE	weaponized	True	2025
11	2024	CVE-2024-38054	Microsoft Windows Kernel Streaming WOW Thunk Service (ksthunk.sys) Heap Based Overflow	Microsoft	LPE	weaponized	False	2024
12	2024	CVE-2024-38077	Microsoft Windows Remote Desktop Licensing Service (TermServLicensing) Heap Overflow (madlicense)	Microsoft	pre-auth RCE	weaponized	False	2024
13	2024	CVE-2024-38080	Microsoft Windows Hyper-V Integer Overflow	Microsoft	LPE	weaponized	True	2024
14	2024	CVE-2024-38193	Microsoft Windows Ancillary Function Driver for WinSock (afd.sys) Use After Free	Microsoft	LPE	weaponized	True	2024
15	2024	CVE-2024-43572	Microsoft Windows Management Console	Microsoft	RCE	weaponized	True	2024
16	2024	CVE-2024-43639	Microsoft Windows KDC Proxy (kpssvc.dll) Numeric Truncation Error	Microsoft	unexploitable	poc	False	2024
17	2024	CVE-2024-46740	Google Android (Linux Binder) Use After Free	Google	LPE	weaponized	False	2025
18	2024	CVE-2024-47575	Fortinet Fortimanager Missing Authentication	Fortinet	pre-auth RCE	weaponized	True	2024
19	2024	CVE-2024-7965	Google Chrome Android TurboFan Instruction Selection Bug	Google	RCE	weaponized	True	2024
20	2024	CVE-2024-43511	Microsoft Windows Kernel TOCTOU Race Condition	Microsoft	unexploitable	poc	False	2024
21	2024	CVE-2024-38178	Microsoft Windows Scripting Engine (JScript9.dll) Internet Explorer/Edge Chakra Engine Type Confusion	Microsoft	RCE	weaponized	True	2025
22	2024	CVE-2024-49090	Microsoft Windows Common Log File System Driver (clfs.sys) Untrusted Pointer Dereference	Microsoft	LPE	weaponized	False	2025
23	2025	CVE-2025-21298	Microsoft Windows OLE Double Free	Microsoft	unexploitable	poc	False	2025
24	2025	CVE-2025-9491	Microsoft Windows LNK File UI Misrepresentation (ZDI-CAN-25373)	Microsoft	RCE	weaponized	False	2025
25	2024	CVE-2024-38189	Microsoft Project Improper Input Validation	Microsoft	RCE	weaponized	True	2025
26	2024	CVE-2024-43454	Microsoft Windows Remote Desktop Licensing Service (TermServLicensing) Relative Path Traversal	Microsoft	Arbitrary File Deletion	weaponized	False	2025
27	2025	CVE-2025-21293	Active Directory Domain Services Improper Access Control	Microsoft	LPE	weaponized	False	2025
28	2020	CVE-2020-9054	Zyxel NAS and Firewall Devices Command Injection	ZyXel	pre-auth RCE	weaponized	True	2025
29	2025	CVE-2025-24054	Microsoft Windows File Explorer Spoofing Vulnerability	Microsoft	NTLM Hash Disclosure	weaponized	True	2025
30	2021	CVE-2021-21551	Dell DBUtil Driver (dbutil_2_3.sys) Insufficient Access Control	Dell	LPE	weaponized	True	2025
31	2023	CVE-2023-36205	Zemana AntiMalware/AntiLogger Driver (zamguard64.sys, zam64.sys) Incorrect Access Control	Zemana	LPE, Arbitrary Process Termination (PPL)	weaponized	False	2025
32	2025	CVE-2025-24985	Microsoft Windows Fast FAT File System Driver Heap Buffer Overflow	Microsoft	DoS	poc	True	2025
33	2025	0DAY-2025-0001	Microsoft Management Console (MMC)	Microsoft	NTLM Hash Disclosure	weaponized	False	2025
34	2025	CVE-2025-26633	Microsoft Management Console (MMC) Security Feature Bypass	Microsoft	RCE	weaponized	True	2025
35	2025	CVE-2025-21333	Microsoft Windows Hyper-V NT Kernel Integration VSP Driver (vkrnlintvsp.sys) Heap-based Buffer Overflow	Microsoft	LPE	weaponized	True	2025
36	2025	0DAY-2025-0002	Flexense Computing System SyncBreeze	Flexense Computing System	pre-auth RCE	weaponized	False	2025
37	2025	CVE-2025-21375	Microsoft Windows Kernel Streaming WOW Thunk Service Driver (ksthunk.sys) Buffer Overflow	Microsoft	DoS	poc	False	2025
38	2025	CVE-2025-29824	Microsoft Windows Common Log File System driver (CLFS.sys) Use After Free	Microsoft	DoS	poc	True	2025
39	2025	CVE-2025-32756	Fortinet multiple products API Stack-based Buffer Overflow	Fortinet	pre-auth RCE	weaponized	True	2025
40	2025	CVE-2025-47955	Microsoft Windows Remote Access Connection Manager (RasMan) Improper Privilege Management	Microsoft	LPE	weaponized	False	2025
41	2025	CVE-2025-1758	Progress Kemp LoadMaster Stack-based Buffer Overflow	Progress	unexploitable	poc	False	2025
42	2024	CVE-2024-51324	Baidu Antivirus BdApiUtil64.sys Driver Incorrect Access Control Arbitrary Process Termination	Baidu	Arbitrary Process Termination (PPL)	weaponized	False	2025
43	2025	CVE-2025-25257	Fortinet FortiWeb SQL Injection and Command Injection	Fortinet	pre-auth RCE	weaponized	True	2025
44	2025	0DAY-2025-0003	Asus MyAsus Arbitrary File Write	Asus	LPE	weaponized	False	2025
45	2025	CVE-2025-8088	RARLAB WinRAR Directory Traversal	RARLAB	RCE	weaponized	True	2025
46	2025	ZDI-CAN-26372	Microsoft Windows Theme File Parsing Improper Input Validation	Microsoft	NTLM Hash Disclosure	weaponized	False	2025
47	2025	CVE-2025-50154	Microsoft Windows File Explorer Spoofing Vulnerability	Microsoft	NTLM Hash Disclosure	weaponized	False	2025
48	2025	CVE-2025-33053	Internet Shortcut Files Remote Code Execution Vulnerability	Microsoft	RCE	weaponized	True	2025
49	2025	0DAY-2025-0004	SQLite3 Command Injection Vulnerability	SQLite	RCE	weaponized	False	2025
50	2025	CVE-2025-53136	Microsoft Windows NT OS Kernel Information Disclosure Vulnerability	Microsoft	KASLR Bypass (Info Disclosure)	weaponized	False	2025
51	2025	CVE-2025-30397	Microsoft Windows Scripting Engine (JScript9.dll) Internet Explorer/Edge Chakra Engine Type Confusion	Microsoft	RCE	weaponized	True	2025
52	2025	CVE-2025-59287	Microsoft Windows Server Update Service (WSUS) Unsafe Deserialization	Microsoft	pre-auth RCE	weaponized	True	2025
53	2025	CVE-2025-24893	XWiki Unauthenticated Groovy Injection via SolrSearch Macro	XWiki	pre-auth RCE	weaponized	True	2025
55	2025	CVE-2025-64446	Fortinet Fortiweb Path Traversal and Command Injection	Fortinet	pre-auth RCE	weaponized	True	2025