Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-47732
Microsoft Dataverse Remote Code Execution Vulnerability
Description: Microsoft Dataverse Remote Code Execution Vulnerability

CVSS: HIGH (8.7)

EPSS Score: 0.2%

Source: CVE
May 8th, 2025 (about 1 month ago)

CVE-2025-33072
Microsoft msagsfeedback.azurewebsites.net Information Disclosure Vulnerability
Description: Improper access control in Azure allows an unauthorized attacker to disclose information over a network.

CVSS: HIGH (8.1)

EPSS Score: 0.1%

Source: CVE
May 8th, 2025 (about 1 month ago)

CVE-2025-29972
Azure Storage Resource Provider Spoofing Vulnerability
Description: Server-Side Request Forgery (SSRF) in Azure allows an authorized attacker to perform spoofing over a network.

CVSS: CRITICAL (9.9)

EPSS Score: 0.42%

Source: CVE
May 8th, 2025 (about 1 month ago)

CVE-2025-29827
Azure Automation Elevation of Privilege Vulnerability
Description: Improper Authorization in Azure Automation allows an authorized attacker to elevate privileges over a network.

CVSS: CRITICAL (9.9)

EPSS Score: 0.1%

Source: CVE
May 8th, 2025 (about 1 month ago)

CVE-2025-29813
Azure DevOps Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when Visual Studio improperly handles pipeline job tokens. An attacker who successfully exploited this vulnerability could extend their access to a project. To exploit this vulnerability, an attacker would first have to have access to the project and swap the short-term token for a long-term one. The update addresses the vulnerability by correcting how the Visual Studio updater handles these tokens.

CVSS: CRITICAL (10.0)

EPSS Score: 0.13%

Source: CVE
May 8th, 2025 (about 1 month ago)
Play Ransomware Group Used Windows Zero-Day
Description: Previously, Microsoft reported that Storm-2460 had also used the privilege escalation bug to deploy ransomware on organizations in several countries.
Source: Dark Reading
May 7th, 2025 (about 1 month ago)
Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization
Description: Threat actors with links to the Play ransomware family exploited a recently patched security flaw in Microsoft Windows as a zero-day as part of an attack targeting an unnamed organization in the United States. The attack, per the Symantec Threat Hunter Team, part of Broadcom, leveraged CVE-2025-29824, a privilege escalation flaw in the Common Log File System (CLFS) driver. It was patched by

CVSS: HIGH (7.8)

EPSS Score: 4.49%

Source: TheHackerNews
May 7th, 2025 (about 1 month ago)
Microsoft: April updates cause Windows Server auth issues
Description: Microsoft says the April 2025 security updates are causing authentication issues on some Windows Server 2025 domain controllers. [...]
Source: BleepingComputer
May 7th, 2025 (about 1 month ago)
New Microsoft 365 outage impacts Teams and other services
Description: Microsoft is investigating a new Microsoft 365 outage affecting multiple services across North America, including the company's Teams collaboration platform. [...]
Source: BleepingComputer
May 6th, 2025 (about 1 month ago)
Microsoft unveils new AI agents that can modify Windows settings
Description: Today, Microsoft announced new Windows experiences for Copilot+ PCs, including AI agents that will make changing settings on your Windows computer easier. [...]
Source: BleepingComputer
May 6th, 2025 (about 1 month ago)