Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-24993 |
Description: Microsoft Windows New Technology File System (NTFS) contains a heap-based buffer overflow vulnerability that could allow an authorized attacker to execute code locally.
CVSS: HIGH (7.8) EPSS Score: 4.05%
March 11th, 2025 (about 1 month ago)
|
|
CVE-2018-8639 |
Description: Microsoft Windows Win32k contains an improper resource shutdown or release vulnerability that allows for local, authenticated privilege escalation. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
CVSS: HIGH (7.8)
March 3rd, 2025 (about 2 months ago)
|
|
CVE-2024-49035 |
Description: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday placed two security flaws impacting Microsoft Partner Center and Synacor Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerabilities in question are as follows -
CVE-2024-49035 (CVSS score: 8.7) - An improper access control
CVSS: HIGH (8.7)
February 26th, 2025 (about 2 months ago)
|
|
CVE-2024-49035 |
Description: CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2024-49035 Microsoft Partner Center Improper Access Control Vulnerability
CVE-2023-34192 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability
Users and administrators are also encouraged to review the Palo Alto Threat Brief: Operation Lunar Peek related to CVE-2024-0012, the Palo Alto Security Bulletin for CVE-2024-0012, and the Palo Alto Security Bulletin for CVE-2024-9474 for additional information.
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vuln...
CVSS: HIGH (8.7)
February 25th, 2025 (about 2 months ago)
|
|
CVE-2024-49035 |
Description: Microsoft Partner Center contains an improper access control vulnerability that allows an attacker to escalate privileges.
CVSS: HIGH (8.7)
February 25th, 2025 (about 2 months ago)
|
|
CVE-2025-24989 |
Description: CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2025-24989 Microsoft Power Pages Improper Access Control Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CVSS: HIGH (8.2) EPSS Score: 25.72%
February 21st, 2025 (about 2 months ago)
|
|
CVE-2025-24989 |
Description: Microsoft Power Pages contains an improper access control vulnerability that allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control.
CVSS: HIGH (8.2) EPSS Score: 25.72%
February 21st, 2025 (about 2 months ago)
|
|
CVE-2025-21355 |
Description: Microsoft has released security updates to address two Critical-rated flaws impacting Bing and Power Pages, including one that has come under active exploitation in the wild.
The vulnerabilities are listed below -
CVE-2025-21355 (CVSS score: 8.6) - Microsoft Bing Remote Code Execution Vulnerability
CVE-2025-24989 (CVSS score: 8.2) - Microsoft Power Pages Elevation of Privilege Vulnerability
"
CVSS: HIGH (8.6) EPSS Score: 1.08%
February 20th, 2025 (about 2 months ago)
|
|
CVE-2025-24989 |
🚨 Marked as known exploited on February 21st, 2025 (about 2 months ago).
Description: An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control.
This vulnerability has already been mitigated in the service and all affected cusomters have been notified. This update addressed the registration control bypass. Affected customers have been given instructions on reviewing their sites for potential exploitation and clean up methods. If you've not been notified this vulnerability does not affect you.
CVSS: HIGH (8.2) EPSS Score: 25.72%
February 20th, 2025 (about 2 months ago)
|
|
CVE-2025-21355 |
Description: Missing Authentication for Critical Function in Microsoft Bing allows an unauthorized attacker to execute code over a network
CVSS: HIGH (8.6) EPSS Score: 1.08%
February 20th, 2025 (about 2 months ago)
|