Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-21191 |
Description: Time-of-check time-of-use (toctou) race condition in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally.
CVSS: HIGH (7.0) EPSS Score: 0.03%
April 8th, 2025 (11 days ago)
|
|
CVE-2025-21174 |
Description: Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.
CVSS: HIGH (7.5) EPSS Score: 1.59%
April 8th, 2025 (11 days ago)
|
|
CVE-2024-3661 |
Description:
Nessus Plugin ID 233997 with High Severity
Synopsis
The remote HPE Aruba Networking Virtual Intranet Access (VIA) Client is missing a security update.
Description
The version of HPE Aruba Networking Virtual Intranet Access (VIA) Client running on the remote host is affected by multiple vulnerabilities, as referenced in the hpesbnw04841 advisory. - DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN. (CVE-2024-3661) - [Windows only] A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow malicious users to overwrite arbitrary files as NT AUTHORITY\SYSTEM (root). A successful exploit could allow the creation of a Denial-of-Service (DoS) condition affecting the Microsoft Windows Operating System. This vulnerability does not affect Linux and Android based clients. (CVE-2025-25041)Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade to HPE Aruba Networking Virtual Intranet Access (VIA) Client version 4.7.2 or later.
Read more at https://www.tenable.com/plugins/nessus/233997...
CVSS: HIGH (7.6)
April 8th, 2025 (11 days ago)
|
|
CVE-2025-25000 |
Description: Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVSS: HIGH (8.8) EPSS Score: 0.14% SSVC Exploitation: none
April 4th, 2025 (15 days ago)
|
|
CVE-2025-29815 |
Description: Use after free in Microsoft Edge (Chromium-based) allows an authorized attacker to execute code over a network.
CVSS: HIGH (7.6) EPSS Score: 0.06% SSVC Exploitation: none
April 4th, 2025 (15 days ago)
|
|
CVE-2025-21384 |
Description: An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.
CVSS: HIGH (8.3) EPSS Score: 0.09%
April 1st, 2025 (19 days ago)
|
|
CVE-2025-26683 |
Description: Improper authorization in Azure Playwright allows an unauthorized attacker to elevate privileges over a network.
CVSS: HIGH (8.1) EPSS Score: 0.08%
March 31st, 2025 (19 days ago)
|
|
Description: The threat actors behind the zero-day exploitation of a recently-patched security vulnerability in Microsoft Windows have been found to deliver two new backdoors called SilentPrism and DarkWisp.
The activity has been attributed to a suspected Russian hacking group called Water Gamayun, which is also known as EncryptHub and LARVA-208.
"The threat actor deploys payloads primarily by means of
CVSS: HIGH (7.0) EPSS Score: 1.47%
March 31st, 2025 (19 days ago)
|
|
CVE-2025-29795 |
Description: Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally.
CVSS: HIGH (7.8) EPSS Score: 0.04%
March 23rd, 2025 (27 days ago)
|
|
CVE-2025-29807 |
Description: Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network.
CVSS: HIGH (8.7) EPSS Score: 0.65% SSVC Exploitation: none
March 21st, 2025 (29 days ago)
|