CVE-2025-47732 |
Description: Microsoft Dataverse Remote Code Execution Vulnerability
CVSS: HIGH (8.7) EPSS Score: 0.2%
May 8th, 2025 (about 1 month ago)
|
CVE-2025-33072 |
Description: Improper access control in Azure allows an unauthorized attacker to disclose information over a network.
CVSS: HIGH (8.1) EPSS Score: 0.1%
May 8th, 2025 (about 1 month ago)
|
CVE-2025-29972 |
Description: Server-Side Request Forgery (SSRF) in Azure allows an authorized attacker to perform spoofing over a network.
CVSS: CRITICAL (9.9) EPSS Score: 0.42%
May 8th, 2025 (about 1 month ago)
|
CVE-2025-29827 |
Description: Improper Authorization in Azure Automation allows an authorized attacker to elevate privileges over a network.
CVSS: CRITICAL (9.9) EPSS Score: 0.1%
May 8th, 2025 (about 1 month ago)
|
CVE-2025-29813 |
Description: An elevation of privilege vulnerability exists when Visual Studio improperly handles pipeline job tokens. An attacker who successfully exploited this vulnerability could extend their access to a project.
To exploit this vulnerability, an attacker would first have to have access to the project and swap the short-term token for a long-term one.
The update addresses the vulnerability by correcting how the Visual Studio updater handles these tokens.
CVSS: CRITICAL (10.0) EPSS Score: 0.13%
May 8th, 2025 (about 1 month ago)
|
![]() |
Description: Previously, Microsoft reported that Storm-2460 had also used the privilege escalation bug to deploy ransomware on organizations in several countries.
May 7th, 2025 (about 1 month ago)
|
![]() |
Description: Threat actors with links to the Play ransomware family exploited a recently patched security flaw in Microsoft Windows as a zero-day as part of an attack targeting an unnamed organization in the United States.
The attack, per the Symantec Threat Hunter Team, part of Broadcom, leveraged CVE-2025-29824, a privilege escalation flaw in the Common Log File System (CLFS) driver. It was patched by
CVSS: HIGH (7.8) EPSS Score: 4.49%
May 7th, 2025 (about 1 month ago)
|
![]() |
Description: Microsoft says the April 2025 security updates are causing authentication issues on some Windows Server 2025 domain controllers. [...]
May 7th, 2025 (about 1 month ago)
|
![]() |
Description: Microsoft is investigating a new Microsoft 365 outage affecting multiple services across North America, including the company's Teams collaboration platform. [...]
May 6th, 2025 (about 1 month ago)
|
![]() |
Description: Today, Microsoft announced new Windows experiences for Copilot+ PCs, including AI agents that will make changing settings on your Windows computer easier. [...]
May 6th, 2025 (about 1 month ago)
|