Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-29836 |
Description: Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVSS: MEDIUM (6.5) EPSS Score: 0.06%
May 13th, 2025 (22 days ago)
|
|
CVE-2025-29835 |
Description: Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVSS: MEDIUM (6.5) EPSS Score: 0.07%
May 13th, 2025 (22 days ago)
|
|
CVE-2025-29832 |
Description: Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVSS: MEDIUM (6.5) EPSS Score: 0.06%
May 13th, 2025 (22 days ago)
|
|
CVE-2025-29830 |
Description: Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVSS: MEDIUM (6.5) EPSS Score: 0.17%
May 13th, 2025 (22 days ago)
|
|
CVE-2025-29829 |
Description: Use of uninitialized resource in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally.
CVSS: MEDIUM (5.5) EPSS Score: 0.11%
May 13th, 2025 (22 days ago)
|
|
CVE-2025-27488 |
Description: Use of hard-coded credentials in Windows Hardware Lab Kit allows an authorized attacker to elevate privileges locally.
CVSS: MEDIUM (6.7) EPSS Score: 0.06%
May 13th, 2025 (22 days ago)
|
|
CVE-2025-26685 |
Description: Improper authentication in Microsoft Defender for Identity allows an unauthorized attacker to perform spoofing over an adjacent network.
CVSS: MEDIUM (6.5) EPSS Score: 0.1%
May 13th, 2025 (22 days ago)
|
|
CVE-2025-26684 |
Description: External control of file name or path in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.
CVSS: MEDIUM (6.7) EPSS Score: 0.17%
May 13th, 2025 (22 days ago)
|
|
CVE-2024-25618 |
Description: Mastodon is a free, open-source social network server based on ActivityPub. Mastodon allows new identities from configured authentication providers (CAS, SAML, OIDC) to attach to existing local users with the same e-mail address. This results in a possible account takeover if the authentication provider allows changing the e-mail address or multiple authentication providers are configured. When a user logs in through an external authentication provider for the first time, Mastodon checks the e-mail address passed by the provider to find an existing account. However, using the e-mail address alone means that if the authentication provider allows changing the e-mail address of an account, the Mastodon account can immediately be hijacked. All users logging in through external authentication providers are affected. The severity is medium, as it also requires the external authentication provider to misbehave. However, some well-known OIDC providers (like Microsoft Azure) make it very easy to accidentally allow unverified e-mail changes. Moreover, OpenID Connect also allows dynamic client registration. This issue has been addressed in versions 4.2.6, 4.1.14, 4.0.14, and 3.5.18. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS: MEDIUM (4.2) EPSS Score: 0.22% SSVC Exploitation: poc
May 12th, 2025 (23 days ago)
|
|
CVE-2025-29825 |
Description: User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVSS: MEDIUM (6.5) EPSS Score: 0.07%
May 2nd, 2025 (about 1 month ago)
|