Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-29814 |
Description: Improper authorization in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.
CVSS: CRITICAL (9.3) EPSS Score: 0.15% SSVC Exploitation: none
March 21st, 2025 (29 days ago)
|
|
CVE-2025-21198 |
Description: Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability
CVSS: CRITICAL (9.0) EPSS Score: 0.05%
February 12th, 2025 (2 months ago)
|
|
CVE-2024-21413 |
Description: Microsoft Outlook contains an improper input validation vulnerability that allows for remote code execution. Successful exploitation of this vulnerability would allow an attacker to bypass the Office Protected View and open in editing mode rather than protected mode.
CVSS: CRITICAL (9.8)
February 6th, 2025 (2 months ago)
|
|
CVE-2025-21415 |
Description: Authentication bypass by spoofing in Azure AI Face Service allows an authorized attacker to elevate privileges over a network.
CVSS: CRITICAL (9.9) EPSS Score: 0.09%
January 30th, 2025 (3 months ago)
|
|
CVE-2025-21311 |
Description: Windows NTLM V1 Elevation of Privilege Vulnerability
CVSS: CRITICAL (9.8) EPSS Score: 0.11%
January 28th, 2025 (3 months ago)
|
|
CVE-2025-21307 |
Description: Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
January 28th, 2025 (3 months ago)
|
|
CVE-2025-21298 |
Description: Windows OLE Remote Code Execution Vulnerability
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
January 28th, 2025 (3 months ago)
|
|
CVE-2024-12802 |
Description: SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases due to the separate handling of UPN (User Principal Name) and SAM (Security Account Manager) account names when integrated with Microsoft Active Directory, allowing MFA to be configured independently for each login method and potentially enabling attackers to bypass MFA by exploiting the alternative account name.
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
January 10th, 2025 (3 months ago)
|
|
CVE-2024-43491 |
Description: Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015). This means that an attacker could exploit these previously mitigated vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) systems that have installed the Windows security update released on March 12, 2024—KB5035858 (OS Build 10240.20526) or other updates released until August 2024. All later versions of Windows 10 are not impacted by this vulnerability.
This servicing stack vulnerability is addressed by installing the September 2024 Servicing stack update (SSU KB5043936) AND the September 2024 Windows security update (KB5043083), in that order.
Note: Windows 10, version 1507 reached the end of support (EOS) on May 9, 2017 for devices running the Pro, Home, Enterprise, Education, and Enterprise IoT editions. Only Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB editions are still under support.
CVSS: CRITICAL (9.8) EPSS Score: 0.1%
January 1st, 2025 (4 months ago)
|
|
CVE-2024-38220 |
Description: Azure Stack Hub Elevation of Privilege Vulnerability
CVSS: CRITICAL (9.0) EPSS Score: 0.04%
January 1st, 2025 (4 months ago)
|