Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-32780 |
Description: BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.6.2 is vulnerable to a DLL Hijacking vulnerability. By placing a malicious DLL with the name uuid.dll in the folder C:\Users\\AppData\Local\Microsoft\WindowsApps\, an attacker can execute arbitrary code every time BleachBit is run. This issue has been patched in version 4.9.0.
CVSS: HIGH (7.3) EPSS Score: 0.01%
April 15th, 2025 (4 days ago)
|
|
CVE-2025-29834 |
Description: Out-of-bounds read in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVSS: HIGH (7.5) EPSS Score: 0.06%
April 12th, 2025 (8 days ago)
|
|
CVE-2025-29803 |
Description: Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally.
CVSS: HIGH (7.3) EPSS Score: 0.06%
April 12th, 2025 (8 days ago)
|
|
🚨 Marked as known exploited on April 10th, 2025 (9 days ago).
Description: Microsoft’s April 2025 Patch Tuesday rollout includes a critical fix for an actively exploited zero-day vulnerability in the Windows Common Log File System (CLFS), tracked as CVE-2025-29824, which threat actors have used to launch ransomware attacks across multiple sectors. The vulnerability was discovered by the Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center …
The post Microsoft Fixes Actively Exploited CLFS Zero-Day Used in Ransomware Attacks appeared first on CyberInsider.
CVSS: HIGH (7.8) EPSS Score: 4.44%
April 8th, 2025 (11 days ago)
|
|
🚨 Marked as known exploited on April 10th, 2025 (9 days ago).
Description: 11Critical110Important0Moderate0LowMicrosoft addresses 121 CVEs including one zero-day which was exploited in the wild.Microsoft patched 121 CVEs in its April 2025 Patch Tuesday release, with 11 rated critical and 110 rated as important.This month’s update includes patches for:ASP.NET CoreActive Directory Domain ServicesAzure LocalAzure Local ClusterAzure Portal Windows Admin CenterDynamics Business CentralMicrosoft AutoUpdate (MAU)Microsoft Edge (Chromium-based)Microsoft Edge for iOSMicrosoft OfficeMicrosoft Office ExcelMicrosoft Office OneNoteMicrosoft Office SharePointMicrosoft Office WordMicrosoft Streaming ServiceMicrosoft Virtual Hard DriveOpenSSH for WindowsOutlook for AndroidPower AutomateRPC Endpoint Mapper ServiceRemote Desktop ClientRemote Desktop Gateway ServiceSystem CenterVisual StudioVisual Studio CodeVisual Studio Tools for Applications and SQL Server Management StudioWindows Active Directory Certificate ServicesWindows BitLockerWindows Bluetooth ServiceWindows Common Log File System DriverWindows Cryptographic ServicesWindows DWM Core LibraryWindows Defender Application Control (WDAC)Windows Digital MediaWindows HTTP.sysWindows HelloWindows Hyper-VWindows InstallerWindows KerberosWindows KernelWindows Kernel MemoryWindows Kernel-Mode DriversWindows LDAP - Lightweight Directory Access ProtocolWindows Local Security Authority (LSA)Windows Local Session Manager (LSM)Windows Mark of the Web (MOTW)Windows MediaWindows Mobile BroadbandWindows NTFSWindows Power D...
CVSS: HIGH (7.8) EPSS Score: 4.44%
April 8th, 2025 (11 days ago)
|
|
CVE-2025-29824 |
🚨 Marked as known exploited on April 8th, 2025 (11 days ago).
Description: Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVSS: HIGH (7.8) EPSS Score: 4.44% SSVC Exploitation: active
April 8th, 2025 (11 days ago)
|
|
CVE-2025-29823 |
Description: Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVSS: HIGH (7.8) EPSS Score: 0.06%
April 8th, 2025 (11 days ago)
|
|
CVE-2025-29822 |
Description: Incomplete list of disallowed inputs in Microsoft Office OneNote allows an unauthorized attacker to bypass a security feature locally.
CVSS: HIGH (7.8) EPSS Score: 0.48%
April 8th, 2025 (11 days ago)
|
|
CVE-2025-29820 |
Description: Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVSS: HIGH (7.8) EPSS Score: 0.06%
April 8th, 2025 (11 days ago)
|
|
CVE-2025-29816 |
Description: Improper input validation in Microsoft Office Word allows an unauthorized attacker to bypass a security feature over a network.
CVSS: HIGH (7.5) EPSS Score: 0.02%
April 8th, 2025 (11 days ago)
|