CyberAlerts

CVE-2025-27201

Description: Animate versions 24.0.7, 23.0.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS: MEDIUM (5.5)

EPSS Score: 0.02%

SSVC Exploitation: none

Source: CVE

April 8th, 2025 (14 days ago)

CVE-2025-32279

WordPress Live Forms plugin <= 4.8.5 - Broken Access Control vulnerability

Description: Missing Authorization vulnerability in Shahjada Live Forms. This issue affects Live Forms: from n/a through 4.8.5.

CVSS: MEDIUM (4.3)

EPSS Score: 0.03%

Source: CVE

April 8th, 2025 (14 days ago)

CVE-2025-32211

WordPress Broadstreet plugin <= 1.51.2 - Cross Site Scripting (XSS) vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Broadstreet Broadstreet allows Stored XSS. This issue affects Broadstreet: from n/a through 1.51.2.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE

April 8th, 2025 (14 days ago)

CVE-2025-32164

WordPress m1.DownloadList plugin <= 0.21 - Sensitive Data Exposure vulnerability

Description: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in maennchen1.de m1.DownloadList. This issue affects m1.DownloadList: from n/a through 0.21.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE

April 8th, 2025 (14 days ago)

CVE-2025-29821

Microsoft Dynamics Business Central Information Disclosure Vulnerability

Description: Improper input validation in Dynamics Business Central allows an authorized attacker to disclose information locally.

CVSS: MEDIUM (5.5)

EPSS Score: 0.06%

Source: CVE

April 8th, 2025 (14 days ago)

CVE-2025-29819

Windows Admin Center in Azure Portal Information Disclosure Vulnerability

Description: External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized attacker to disclose information locally.

CVSS: MEDIUM (6.2)

EPSS Score: 0.07%

Source: CVE

April 8th, 2025 (14 days ago)

CVE-2025-29808

Windows Cryptographic Services Information Disclosure Vulnerability

Description: Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally.

CVSS: MEDIUM (5.5)

EPSS Score: 0.02%

Source: CVE

April 8th, 2025 (14 days ago)

CVE-2025-27742

NTFS Information Disclosure Vulnerability

Description: Out-of-bounds read in Windows NTFS allows an unauthorized attacker to disclose information locally.

CVSS: MEDIUM (5.5)

EPSS Score: 0.05%

Source: CVE

April 8th, 2025 (14 days ago)

CVE-2025-27738

Windows Resilient File System (ReFS) Information Disclosure Vulnerability

Description: Improper access control in Windows Resilient File System (ReFS) allows an authorized attacker to disclose information over a network.

CVSS: MEDIUM (6.5)

EPSS Score: 0.09%

Source: CVE

April 8th, 2025 (14 days ago)

CVE-2025-27736

Windows Power Dependency Coordinator Information Disclosure Vulnerability

Description: Exposure of sensitive information to an unauthorized actor in Windows Power Dependency Coordinator allows an authorized attacker to disclose information locally.

CVSS: MEDIUM (5.5)

EPSS Score: 0.04%

Source: CVE

April 8th, 2025 (14 days ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-27201	Animate \| Out-of-bounds Read (CWE-125) Description: Animate versions 24.0.7, 23.0.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. CVSS: MEDIUM (5.5) EPSS Score: 0.02% SSVC Exploitation: none Source: CVE April 8th, 2025 (14 days ago)
CVE-2025-32279	WordPress Live Forms plugin <= 4.8.5 - Broken Access Control vulnerability Description: Missing Authorization vulnerability in Shahjada Live Forms. This issue affects Live Forms: from n/a through 4.8.5. CVSS: MEDIUM (4.3) EPSS Score: 0.03% Source: CVE April 8th, 2025 (14 days ago)
CVE-2025-32211	WordPress Broadstreet plugin <= 1.51.2 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Broadstreet Broadstreet allows Stored XSS. This issue affects Broadstreet: from n/a through 1.51.2. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE April 8th, 2025 (14 days ago)
CVE-2025-32164	WordPress m1.DownloadList plugin <= 0.21 - Sensitive Data Exposure vulnerability Description: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in maennchen1.de m1.DownloadList. This issue affects m1.DownloadList: from n/a through 0.21. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE April 8th, 2025 (14 days ago)
CVE-2025-29821	Microsoft Dynamics Business Central Information Disclosure Vulnerability Description: Improper input validation in Dynamics Business Central allows an authorized attacker to disclose information locally. CVSS: MEDIUM (5.5) EPSS Score: 0.06% Source: CVE April 8th, 2025 (14 days ago)
CVE-2025-29819	Windows Admin Center in Azure Portal Information Disclosure Vulnerability Description: External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized attacker to disclose information locally. CVSS: MEDIUM (6.2) EPSS Score: 0.07% Source: CVE April 8th, 2025 (14 days ago)
CVE-2025-29808	Windows Cryptographic Services Information Disclosure Vulnerability Description: Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally. CVSS: MEDIUM (5.5) EPSS Score: 0.02% Source: CVE April 8th, 2025 (14 days ago)
CVE-2025-27742	NTFS Information Disclosure Vulnerability Description: Out-of-bounds read in Windows NTFS allows an unauthorized attacker to disclose information locally. CVSS: MEDIUM (5.5) EPSS Score: 0.05% Source: CVE April 8th, 2025 (14 days ago)
CVE-2025-27738	Windows Resilient File System (ReFS) Information Disclosure Vulnerability Description: Improper access control in Windows Resilient File System (ReFS) allows an authorized attacker to disclose information over a network. CVSS: MEDIUM (6.5) EPSS Score: 0.09% Source: CVE April 8th, 2025 (14 days ago)
CVE-2025-27736	Windows Power Dependency Coordinator Information Disclosure Vulnerability Description: Exposure of sensitive information to an unauthorized actor in Windows Power Dependency Coordinator allows an authorized attacker to disclose information locally. CVSS: MEDIUM (5.5) EPSS Score: 0.04% Source: CVE April 8th, 2025 (14 days ago)