Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-21222 |
Description: Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
CVSS: HIGH (8.8) EPSS Score: 0.06%
April 8th, 2025 (14 days ago)
|
|
CVE-2025-21221 |
Description: Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
CVSS: HIGH (8.8) EPSS Score: 0.06%
April 8th, 2025 (14 days ago)
|
|
CVE-2025-21205 |
Description: Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
CVSS: HIGH (8.8) EPSS Score: 0.06%
April 8th, 2025 (14 days ago)
|
|
CVE-2025-21204 |
Description: Improper link resolution before file access ('link following') in Windows Update Stack allows an authorized attacker to elevate privileges locally.
CVSS: HIGH (7.8) EPSS Score: 0.06%
April 8th, 2025 (14 days ago)
|
|
CVE-2025-21191 |
Description: Time-of-check time-of-use (toctou) race condition in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally.
CVSS: HIGH (7.0) EPSS Score: 0.03%
April 8th, 2025 (14 days ago)
|
|
CVE-2025-21174 |
Description: Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.
CVSS: HIGH (7.5) EPSS Score: 1.59%
April 8th, 2025 (14 days ago)
|
|
CVE-2025-27083 |
Description: Authenticated command injection vulnerabilities exist in the AOS-10 GW and AOS-8 Controller/Mobility Conductor web-based management interface. Successful exploitation of these vulnerabilities allows an Authenticated attacker to execute arbitrary commands as a privileged user on the underlying operating system.
CVSS: HIGH (7.2) EPSS Score: 0.19%
April 8th, 2025 (14 days ago)
|
|
CVE-2025-27082 |
Description: Arbitrary File Write vulnerabilities exist in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an Authenticated attacker to upload arbitrary files and execute arbitrary commands on the underlying host operating system.
CVSS: HIGH (7.2) EPSS Score: 0.06%
April 8th, 2025 (14 days ago)
|
|
CVE-2025-3289 |
Description: A local code execution vulnerability exists in the Rockwell Automation Arena® due to a stack-based memory buffer overflow. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file.
CVSS: HIGH (8.5) EPSS Score: 0.02%
April 8th, 2025 (14 days ago)
|
|
CVE-2025-3288 |
Description: A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file.
CVSS: HIGH (8.5) EPSS Score: 0.02%
April 8th, 2025 (14 days ago)
|