Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-26637 |
Description: Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVSS: MEDIUM (6.8) EPSS Score: 0.1%
April 8th, 2025 (11 days ago)
|
|
CVE-2025-26635 |
Description: Weak authentication in Windows Hello allows an authorized attacker to bypass a security feature over a network.
CVSS: MEDIUM (6.5) EPSS Score: 0.07%
April 8th, 2025 (11 days ago)
|
|
CVE-2025-25002 |
Description: Insertion of sensitive information into log file in Azure Local Cluster allows an authorized attacker to disclose information over an adjacent network.
CVSS: MEDIUM (6.8) EPSS Score: 0.15%
April 8th, 2025 (11 days ago)
|
|
CVE-2025-21203 |
Description: Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVSS: MEDIUM (6.5) EPSS Score: 0.06%
April 8th, 2025 (11 days ago)
|
|
CVE-2025-21197 |
Description: Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the attacker doesn't have permission to list content.
CVSS: MEDIUM (6.5) EPSS Score: 0.09%
April 8th, 2025 (11 days ago)
|
|
CVE-2024-11859 |
Description: DLL Search Order Hijacking vulnerability potentially allowed an attacker with administrator privileges to load a malicious dynamic-link library and execute its code.
CVSS: MEDIUM (6.8) EPSS Score: 0.03%
April 7th, 2025 (12 days ago)
|
|
CVE-2025-29796 |
Description: User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network.
CVSS: MEDIUM (4.7) EPSS Score: 0.04% SSVC Exploitation: none
April 4th, 2025 (14 days ago)
|
|
CVE-2025-25001 |
Description: Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVSS: MEDIUM (4.3) EPSS Score: 0.05% SSVC Exploitation: none
April 4th, 2025 (14 days ago)
|
|
CVE-2025-25041 |
Description: A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow malicious users to overwrite arbitrary files as NT AUTHORITY\SYSTEM (root). A successful exploit could allow the creation of a Denial-of-Service (DoS) condition affecting the Microsoft Windows Operating System. This vulnerability does not affect Linux and Android based clients.
CVSS: MEDIUM (5.5) EPSS Score: 0.01%
April 1st, 2025 (18 days ago)
|
|
CVE-2025-29806 |
Description: No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVSS: MEDIUM (6.5) EPSS Score: 0.15%
March 23rd, 2025 (27 days ago)
|