CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-29826 |
Description: Improper handling of insufficient permissions or privileges in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.
CVSS: HIGH (7.3) EPSS Score: 0.05%
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-27468 |
Description: Improper privilege management in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally.
CVSS: HIGH (7.0) EPSS Score: 0.04%
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-26677 |
Description: Uncontrolled resource consumption in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network.
CVSS: HIGH (7.5) EPSS Score: 1.67%
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-24063 |
Description: Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVSS: HIGH (7.8) EPSS Score: 0.05%
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-21264 |
Description: Files or directories accessible to external parties in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
CVSS: HIGH (7.1) EPSS Score: 0.07%
May 13th, 2025 (about 1 month ago)
|
|
CVE-2024-36339 |
Description: A DLL hijacking vulnerability in the AMD Optimizing CPU Libraries could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
CVSS: HIGH (7.3) EPSS Score: 0.01%
May 13th, 2025 (about 1 month ago)
|
|
CVE-2024-21960 |
Description: Incorrect default permissions in the AMD Optimizing CPU Libraries (AOCL) installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
CVSS: HIGH (7.3) EPSS Score: 0.01%
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-47276 |
Description: Actualizer is a single shell script solution to allow developers and embedded engineers to create Debian operating systems (OS). Prior to version 1.2.0, Actualizer uses OpenSSL's "-passwd" function, which uses SHA512 instead of a more suitable password hasher like Yescript/Argon2i. All Actualizer users building a full Debian Operating System are affected. Users should upgrade to version 1.2.0 of Actualizer. Existing OS deployment requires manual password changes against the alpha and root accounts. The change will deploy's Debian's yescript overriding the older SHA512 hash created by OpenSSL. As a workaround, users need to reset both `root` and "Alpha" users' passwords.
CVSS: HIGH (7.5) EPSS Score: 0.02%
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-4428 |
🚨 Marked as known exploited on May 19th, 2025 (about 1 month ago).
Description: Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests.
CVSS: HIGH (7.2) EPSS Score: 38.95%
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-28057 |
Description: owl-admin v3.2.2~ to v4.10.2 is vulnerable to SQL Injection in /admin-api/system/admin_menus/save_order.
CVSS: HIGH (7.2) EPSS Score: 0.04%
May 13th, 2025 (about 1 month ago)
|