N-day Feed Updates - Crowdfense

List of analysed vulnerabilities

Below is the list of vulnerabilities and CVEs that have been thoroughly analysed by Crowdfense and are now part of our N-day Vulnerability Intelligence Feed.

Each entry includes a comprehensive technical report, featuring:

In-depth root cause analysis
Exploitation context and impact assessment

A fully weaponised exploit accompanies most vulnerabilities, while others include a crash trigger or minimal proof-of-concept (PoC) to demonstrate exploitability.

ID	CVE Year	CVE	Description	Vendor	Capability	Status	CISA KEV	Released Year
1	2020	CVE-2020-17096	Microsoft Windows NTFS (ntfs.sys) Memory Corruption	Microsoft Windows	DoS	poc	False	2024
2	2021	CVE-2021-31956	Microsoft Windows NTFS (ntfs.sys) Heap Buffer Overflow	Microsoft Windows	LPE	weaponized	True	2024
3	2021	CVE-2021-40466	Microsoft Windows Common Log File System Driver (clfs.sys) Heap Buffer Overflow	Microsoft Windows	LPE	weaponized	False	2024
4	2023	CVE-2023-36845	Juniper Firewall/VPN (JunOS) PHP External Variable Modification	Juniper	pre-auth RCE	weaponized	True	2024
5	2024	CVE-2024-11477	7-Zip Zstandard Decompression Integer Underflow	7-Zip	unexploitable	poc	False	2024
6	2024	CVE-2024-21338	Microsoft Windows AppLocker (appid.sys) Untrusted Pointer Dereference	Microsoft Windows	LPE	weaponized	True	2024
7	2024	CVE-2024-30078	Microsoft Windows Wi-Fi Driver (nwifi.sys) OOB Write	Microsoft Windows	DoS	poc	False	2024
8	2024	CVE-2024-30085	Microsoft Windows Cloud Files Mini Filter (cldflt.sys) Heap Buffer Overflow	Microsoft Windows	LPE	weaponized	False	2024
9	2024	CVE-2024-30088	Microsoft Windows Kernel TOCTOU Race Condition	Microsoft Windows	LPE	weaponized	True	2024
10	2024	CVE-2024-35250	Microsoft Windows Kernel Streaming (ks.sys and ksthink.sys) Untrusted Pointer Dereference	Microsoft Windows	LPE	weaponized	True	2025
11	2024	CVE-2024-38054	Microsoft Windows Kernel Streaming WOW Thunk Service (ksthunk.sys) Heap Based Overflow	Microsoft Windows	LPE	weaponized	False	2024
12	2024	CVE-2024-38077	Microsoft Windows Remote Desktop Licensing Service (TermServLicensing) Heap Overflow (madlicense)	Microsoft Windows	pre-auth RCE	weaponized	False	2024
13	2024	CVE-2024-38080	Microsoft Windows Hyper-V Integer Overflow	Microsoft Windows	LPE	weaponized	True	2024
14	2024	CVE-2024-38193	Microsoft Windows Ancillary Function Driver for WinSock (afd.sys) Use After Free	Microsoft Windows	LPE	weaponized	True	2024
15	2024	CVE-2024-43572	Microsoft Windows Management Console	Microsoft Windows	RCE	weaponized	True	2024
16	2024	CVE-2024-43639	Microsoft Windows KDC Proxy (kpssvc.dll) Numeric Truncation Error	Microsoft Windows	unexploitable	poc	False	2024
17	2024	CVE-2024-46740	Google Android (Linux Binder) Use After Free	Google Android	LPE	weaponized	False	2025
18	2024	CVE-2024-47575	Fortinet Fortimanager Missing Authentication	Fortinet	pre-auth RCE	weaponized	True	2024
19	2024	CVE-2024-7965	Google Chrome Android TurboFan Instruction Selection Bug	Google Chrome	RCE	weaponized	True	2024
20	2024	CVE-2024-43511	Microsoft Windows Kernel TOCTOU Race Condition	Microsoft Windows	unexploitable	poc	False	2024
21	2024	CVE-2024-38178	Microsoft Windows Scripting Engine (JScript9.dll) Internet Explorer/Edge Chakra Engine Type Confusion	Microsoft Windows	RCE	weaponized	True	2025
22	2024	CVE-2024-49090	Microsoft Windows Common Log File System Driver (clfs.sys) Untrusted Pointer Dereference	Microsoft Windows	LPE	weaponized	False	2025
23	2025	CVE-2025-21298	Microsoft Windows OLE Double Free	Microsoft Windows	unexploitable	poc	False	2025
24	2025	ZDI-CAN-25373	Microsoft Windows LNK File UI Misrepresentation	Microsoft Windows	RCE	weaponized	False	2025
25	2024	CVE-2024-38189	Microsoft Project Improper Input Validation	Microsoft Project	RCE	weaponized	True	2025
26	2024	CVE-2024-43454	Microsoft Windows Remote Desktop Licensing Service (TermServLicensing) Relative Path Traversal	Microsoft Windows	Arbitrary File Deletion	weaponized	False	2025
27	2025	CVE-2025-21293	Active Directory Domain Services Improper Access Control	Microsoft Windows	LPE	weaponized	False	2025
28	2020	CVE-2020-9054	Zyxel NAS and Firewall Devices Command Injection	ZyXel	pre-auth RCE	weaponized	True	2025
29	2025	CVE-2025-24054	Microsoft Windows File Explorer Spoofing Vulnerability	Microsoft Windows	NTLM Hash Disclosure	weaponized	True	2025
30	2021	CVE-2021-21551	Dell DBUtil Driver (dbutil_2_3.sys) Insufficient Access Control	Dell	LPE	weaponized	True	2025
31	2023	CVE-2023-36205	Zemana AntiMalware/AntiLogger Driver (zamguard64.sys, zam64.sys) Incorrect Access Control	Zemana	LPE, Arbitrary Process Termination (PPL)	weaponized	False	2025
32	2025	CVE-2025-24985	Microsoft Windows Fast FAT File System Driver Heap Buffer Overflow	Microsoft Windows	DoS	poc	True	2025
33	2025	0DAY-2025-0001	Microsoft Management Console (MMC)	Microsoft Windows	NTLM Hash Disclosure	weaponized	False	2025
34	2025	CVE-2025-26633	Microsoft Management Console (MMC) Security Feature Bypass	Microsoft Windows	RCE	weaponized	True	2025
35	2025	CVE-2025-21333	Microsoft Windows Hyper-V NT Kernel Integration VSP Driver (vkrnlintvsp.sys) Heap-based Buffer Overflow	Microsoft Windows	LPE	weaponized	True	2025
36	2025	0DAY-2025-0002	Flexense Computing System SyncBreeze	Flexense Computing System	RCE	weaponized	False	2025
37	2025	CVE-2025-21375	Microsoft Windows Kernel Streaming WOW Thunk Service Driver (ksthunk.sys) Buffer Overflow	Microsoft Windows	DoS	poc	False	2025
38	2025	CVE-2025-29824	Microsoft Windows Common Log File System driver (CLFS.sys) Use After Free	Microsoft Windows	DoS	poc	True	2025
39	2025	CVE-2025-32756	Fortinet multiple products API Stack-based Buffer Overflow	Fortinet	RCE	weaponized	True	2025
40	2025	CVE-2025-47955	Microsoft Windows Remote Access Connection Manager (RasMan) Improper Privilege Management	Microsoft Windows	LPE	weaponized	False	2025
41	2025	CVE-2025-1758	Progress Kemp LoadMaster Stack-based Buffer Overflow	Progress	unexploitable	poc	False	2025
42	2024	CVE-2024-51324	Baidu Antivirus BdApiUtil64.sys Driver Incorrect Access Control Arbitrary Process Termination	Baidu	Arbitrary Process Termination (PPL)	weaponized	False	2025
43	2025	CVE-2025-25257	Fortinet FortiWeb SQL Injection and Command Injection	Fortinet	pre-auth RCE	weaponized	False	2025
44	2025	0DAY-2025-0003	Asus MyAsus Arbitrary File Write	Asus	LPE	weaponized	False	2025
45	2025	CVE-2025-8088	RARLAB WinRAR Directory Traversal	RARLAB	RCE	weaponized	True	2025
46	2025	ZDI-CAN-26372	Microsoft Windows Theme File Parsing Improper Input Validation	Microsoft Windows	NTLM Hash Disclosure	weaponized	False	2025
47	2025	CVE-2025-50154	Microsoft Windows File Explorer Spoofing Vulnerability	Microsoft Windows	NTLM Hash Disclosure	weaponized	False	2025
48	2025	CVE-2025-33053	Internet Shortcut Files Remote Code Execution Vulnerability	Microsoft Windows	RCE	weaponized	True	2025
49	2025	0DAY-2025-0004	SQLite3 Command Injection Vulnerability	SQLite	RCE	weaponized	False	2025
50	2025	CVE-2025-30397	Microsoft Windows Scripting Engine (JScript9.dll) Internet Explorer/Edge Chakra Engine Type Confusion	Microsoft Windows	RCE	weaponized	True	2025