Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-1888 |
Description: The Leica Web Viewer within the Aperio Eslide Manager Application is vulnerable to reflected cross-site scripting (XSS). An authenticated user can access the slides within a project and injecting malicious JavaScript into the "memo" field. The memo field has a hover over action that will display a Microsoft Tool Tip which a user can use to quickly view the memo associated with the slide and execute the JavaScript.
CVSS: MEDIUM (4.6) EPSS Score: 0.03%
March 14th, 2025 (about 1 month ago)
|
|
Description: Improper isolation or compartmentalization in Azure PromptFlow allows an unauthorized attacker to execute code over a network.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-24986
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24986
https://github.com/microsoft/promptflow/commit/5f4a41ab4cb15607ade7f26138b0b863b4e4eb0a
https://github.com/microsoft/promptflow/commit/625061724c51533d28fe6e0e3014b1042afdb07f
https://github.com/advisories/GHSA-gprr-v9f2-px3c
CVSS: MEDIUM (6.5) EPSS Score: 0.09%
March 11th, 2025 (about 1 month ago)
|
|
|
Description: Improper isolation or compartmentalization in Azure PromptFlow allows an unauthorized attacker to execute code over a network.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-24986
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24986
https://github.com/microsoft/promptflow/commit/5f4a41ab4cb15607ade7f26138b0b863b4e4eb0a
https://github.com/microsoft/promptflow/commit/625061724c51533d28fe6e0e3014b1042afdb07f
https://github.com/advisories/GHSA-gprr-v9f2-px3c
CVSS: MEDIUM (6.5) EPSS Score: 0.09%
March 11th, 2025 (about 1 month ago)
|
|
CVE-2025-24997 |
Description: Null pointer dereference in Windows Kernel Memory allows an authorized attacker to deny service locally.
CVSS: MEDIUM (4.4) EPSS Score: 0.06%
March 11th, 2025 (about 1 month ago)
|
|
CVE-2025-24996 |
Description: External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
CVSS: MEDIUM (6.5) EPSS Score: 0.12%
March 11th, 2025 (about 1 month ago)
|
|
CVE-2025-24992 |
Description: Buffer over-read in Windows NTFS allows an unauthorized attacker to disclose information locally.
CVSS: MEDIUM (5.5) EPSS Score: 0.06%
March 11th, 2025 (about 1 month ago)
|
|
CVE-2025-24991 |
🚨 Marked as known exploited on March 11th, 2025 (about 1 month ago).
Description: Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally.
CVSS: MEDIUM (5.5) EPSS Score: 2.97% SSVC Exploitation: active
March 11th, 2025 (about 1 month ago)
|
|
CVE-2025-24988 |
Description: Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack.
CVSS: MEDIUM (6.6) EPSS Score: 0.07%
March 11th, 2025 (about 1 month ago)
|
|
CVE-2025-24987 |
Description: Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack.
CVSS: MEDIUM (6.6) EPSS Score: 0.07%
March 11th, 2025 (about 1 month ago)
|
|
CVE-2025-24986 |
Description: Improper isolation or compartmentalization in Azure PromptFlow allows an unauthorized attacker to execute code over a network.
CVSS: MEDIUM (6.5) EPSS Score: 0.09%
March 11th, 2025 (about 1 month ago)
|