CyberAlerts

CVE-2025-26651

Windows Local Session Manager (LSM) Denial of Service Vulnerability

Description: Exposed dangerous method or function in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.

CVSS: MEDIUM (6.5)

EPSS Score: 2.48%

Source: CVE

April 8th, 2025 (about 2 months ago)

CVE-2025-26644

Windows Hello Spoofing Vulnerability

Description: Automated recognition mechanism with inadequate detection or handling of adversarial input perturbations in Windows Hello allows an unauthorized attacker to perform spoofing locally.

CVSS: MEDIUM (5.1)

EPSS Score: 0.05%

Source: CVE

April 8th, 2025 (about 2 months ago)

CVE-2025-26637

BitLocker Security Feature Bypass Vulnerability

Description: Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

CVSS: MEDIUM (6.8)

EPSS Score: 0.1%

Source: CVE

April 8th, 2025 (about 2 months ago)

CVE-2025-26635

Windows Hello Security Feature Bypass Vulnerability

Description: Weak authentication in Windows Hello allows an authorized attacker to bypass a security feature over a network.

CVSS: MEDIUM (6.5)

EPSS Score: 0.07%

Source: CVE

April 8th, 2025 (about 2 months ago)

CVE-2025-25002

Azure Local Cluster Information Disclosure Vulnerability

Description: Insertion of sensitive information into log file in Azure Local Cluster allows an authorized attacker to disclose information over an adjacent network.

CVSS: MEDIUM (6.8)

EPSS Score: 0.13%

Source: CVE

April 8th, 2025 (about 2 months ago)

CVE-2025-21203

Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability

Description: Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

CVSS: MEDIUM (6.5)

EPSS Score: 0.06%

Source: CVE

April 8th, 2025 (about 2 months ago)

CVE-2025-21197

Windows NTFS Information Disclosure Vulnerability

Description: Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the attacker doesn't have permission to list content.

CVSS: MEDIUM (6.5)

EPSS Score: 0.09%

Source: CVE

April 8th, 2025 (about 2 months ago)

CVE-2024-11859

DLL Search Order Hijacking in ESET products for Windows

Description: DLL Search Order Hijacking vulnerability potentially allowed an attacker with administrator privileges to load a malicious dynamic-link library and execute its code.

CVSS: MEDIUM (6.8)

EPSS Score: 0.03%

Source: CVE

April 7th, 2025 (about 2 months ago)

CVE-2025-29796

Microsoft Edge for iOS Spoofing Vulnerability

Description: User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network.

CVSS: MEDIUM (4.7)

EPSS Score: 0.04%

SSVC Exploitation: none

Source: CVE

April 4th, 2025 (2 months ago)

CVE-2025-25001

Microsoft Edge for iOS Spoofing Vulnerability

Description: Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

CVSS: MEDIUM (4.3)

EPSS Score: 0.05%

SSVC Exploitation: none

Source: CVE

April 4th, 2025 (2 months ago)

Threat and Vulnerability Intelligence Database

Example Searches: