Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-32371 |
Description: DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A url could be crafted to the DNN ImageHandler to render text from a querystring parameter. This text would display in the resulting image and a user that trusts the domain might think that the information is legitimate. This vulnerability is fixed in 9.13.4.
CVSS: MEDIUM (4.3) EPSS Score: 0.03% SSVC Exploitation: none
April 9th, 2025 (10 days ago)
|
|
CVE-2025-32016 |
Description: Microsoft Identity Web is a library which contains a set of reusable classes used in conjunction with ASP.NET Core for integrating with the Microsoft identity platform (formerly Azure AD v2.0 endpoint) and AAD B2C. This vulnerability affects confidential client applications, including daemons, web apps, and web APIs. Under specific circumstances, sensitive information such as client secrets or certificate details may be exposed in the service logs of these applications. Service logs are intended to be handled securely. Service logs generated at the information level or credential descriptions containing local file paths with passwords, Base64 encoded values, or Client secret. Additionally, logs of services using Base64 encoded certificates or certificate paths with password credential descriptions are also affected if the certificates are invalid or expired, regardless of the log level. Note that these credentials are not usable due to their invalid or expired status. To mitigate this vulnerability, update to Microsoft.Identity.Web 3.8.2 or Microsoft.Identity.Abstractions 9.0.0.
CVSS: MEDIUM (4.7) EPSS Score: 0.01%
April 9th, 2025 (10 days ago)
|
|
CVE-2025-32036 |
Description: DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. The algorithm used to generate the captcha image shows the least complexity of the desired image. For this reason, the created image can be easily read by OCR tools, and the intruder can send automatic requests by building a robot and using this tool. This vulnerability is fixed in 9.13.8.
CVSS: MEDIUM (4.2) EPSS Score: 0.03% SSVC Exploitation: none
April 8th, 2025 (11 days ago)
|
|
CVE-2025-29821 |
Description: Improper input validation in Dynamics Business Central allows an authorized attacker to disclose information locally.
CVSS: MEDIUM (5.5) EPSS Score: 0.06%
April 8th, 2025 (11 days ago)
|
|
CVE-2025-29819 |
Description: External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized attacker to disclose information locally.
CVSS: MEDIUM (6.2) EPSS Score: 0.07%
April 8th, 2025 (11 days ago)
|
|
CVE-2025-29808 |
Description: Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally.
CVSS: MEDIUM (5.5) EPSS Score: 0.02%
April 8th, 2025 (11 days ago)
|
|
CVE-2025-27742 |
Description: Out-of-bounds read in Windows NTFS allows an unauthorized attacker to disclose information locally.
CVSS: MEDIUM (5.5) EPSS Score: 0.05%
April 8th, 2025 (11 days ago)
|
|
CVE-2025-27738 |
Description: Improper access control in Windows Resilient File System (ReFS) allows an authorized attacker to disclose information over a network.
CVSS: MEDIUM (6.5) EPSS Score: 0.09%
April 8th, 2025 (11 days ago)
|
|
CVE-2025-27736 |
Description: Exposure of sensitive information to an unauthorized actor in Windows Power Dependency Coordinator allows an authorized attacker to disclose information locally.
CVSS: MEDIUM (5.5) EPSS Score: 0.04%
April 8th, 2025 (11 days ago)
|
|
CVE-2025-27735 |
Description: Insufficient verification of data authenticity in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.
CVSS: MEDIUM (6.0) EPSS Score: 0.03%
April 8th, 2025 (11 days ago)
|