CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-32713 |
Description: Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVSS: HIGH (7.8) EPSS Score: 0.05% SSVC Exploitation: none
June 10th, 2025 (9 days ago)
|
|
CVE-2025-32712 |
Description: Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVSS: HIGH (7.8) EPSS Score: 0.05% SSVC Exploitation: none
June 10th, 2025 (9 days ago)
|
|
CVE-2025-32710 |
Description: Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
CVSS: HIGH (8.1) EPSS Score: 0.11% SSVC Exploitation: none
June 10th, 2025 (9 days ago)
|
|
CVE-2025-3117 |
Description: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability
exists impacting configuration file paths that could cause an unvalidated data injected by authenticated
malicious user leading to modify or read data in a victim’s browser.
CVSS: MEDIUM (5.1) EPSS Score: 0.03% SSVC Exploitation: none
June 10th, 2025 (9 days ago)
|
|
CVE-2025-3116 |
Description: CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an
authenticated malicious user sends special malformed HTTPS request containing improper formatted body
data to the controller.
CVSS: HIGH (7.1) EPSS Score: 0.05% SSVC Exploitation: none
June 10th, 2025 (9 days ago)
|
|
CVE-2025-3112 |
Description: CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause Denial of Service when an
authenticated malicious user sends manipulated HTTPS Content-Length header to the webserver.
CVSS: MEDIUM (6.5) EPSS Score: 0.04% SSVC Exploitation: none
June 10th, 2025 (9 days ago)
|
|
CVE-2025-31104 |
Description: An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiADC 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.7, 7.1.0 through 7.1.4, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated attacker to execute unauthorized code via crafted HTTP requests.
CVSS: HIGH (7.0) EPSS Score: 0.22% SSVC Exploitation: none
June 10th, 2025 (9 days ago)
|
|
CVE-2025-3052 |
Description: An arbitrary write vulnerability in Microsoft signed UEFI firmware allows for code execution of untrusted software. This allows an attacker to control its value, leading to arbitrary memory writes, including modification of critical firmware settings stored in NVRAM. Exploiting this vulnerability could enable security bypasses, persistence mechanisms, or full system compromise.
EPSS Score: 0.02% SSVC Exploitation: poc
June 10th, 2025 (9 days ago)
|
|
CVE-2025-30327 |
Description: InCopy versions 20.2, 19.5.3 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS: HIGH (7.8) EPSS Score: 0.03% SSVC Exploitation: none
June 10th, 2025 (9 days ago)
|
|
CVE-2025-30321 |
Description: InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS: MEDIUM (5.5) EPSS Score: 0.02% SSVC Exploitation: none
June 10th, 2025 (9 days ago)
|