CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-32715 |
Description: Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network.
CVSS: MEDIUM (6.5) EPSS Score: 0.06% SSVC Exploitation: none
June 10th, 2025 (7 days ago)
|
|
CVE-2025-32714 |
Description: Improper access control in Windows Installer allows an authorized attacker to elevate privileges locally.
CVSS: HIGH (7.8) EPSS Score: 0.05% SSVC Exploitation: none
June 10th, 2025 (7 days ago)
|
|
CVE-2025-32713 |
Description: Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVSS: HIGH (7.8) EPSS Score: 0.05% SSVC Exploitation: none
June 10th, 2025 (7 days ago)
|
|
CVE-2025-32712 |
Description: Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVSS: HIGH (7.8) EPSS Score: 0.05% SSVC Exploitation: none
June 10th, 2025 (7 days ago)
|
|
CVE-2025-32710 |
Description: Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
CVSS: HIGH (8.1) EPSS Score: 0.11% SSVC Exploitation: none
June 10th, 2025 (7 days ago)
|
|
CVE-2025-3117 |
Description: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability
exists impacting configuration file paths that could cause an unvalidated data injected by authenticated
malicious user leading to modify or read data in a victim’s browser.
CVSS: MEDIUM (5.1) EPSS Score: 0.03% SSVC Exploitation: none
June 10th, 2025 (7 days ago)
|
|
CVE-2025-3116 |
Description: CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an
authenticated malicious user sends special malformed HTTPS request containing improper formatted body
data to the controller.
CVSS: HIGH (7.1) EPSS Score: 0.05% SSVC Exploitation: none
June 10th, 2025 (7 days ago)
|
|
CVE-2025-3112 |
Description: CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause Denial of Service when an
authenticated malicious user sends manipulated HTTPS Content-Length header to the webserver.
CVSS: MEDIUM (6.5) EPSS Score: 0.04% SSVC Exploitation: none
June 10th, 2025 (7 days ago)
|
|
CVE-2025-31104 |
Description: An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiADC 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.7, 7.1.0 through 7.1.4, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated attacker to execute unauthorized code via crafted HTTP requests.
CVSS: HIGH (7.0) EPSS Score: 0.22% SSVC Exploitation: none
June 10th, 2025 (7 days ago)
|
|
CVE-2025-3052 |
Description: An arbitrary write vulnerability in Microsoft signed UEFI firmware allows for code execution of untrusted software. This allows an attacker to control its value, leading to arbitrary memory writes, including modification of critical firmware settings stored in NVRAM. Exploiting this vulnerability could enable security bypasses, persistence mechanisms, or full system compromise.
EPSS Score: 0.02% SSVC Exploitation: poc
June 10th, 2025 (7 days ago)
|