CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-32718	Windows SMB Client Elevation of Privilege Vulnerability Description: Integer overflow or wraparound in Windows SMB allows an authorized attacker to elevate privileges locally. CVSS: HIGH (7.8) EPSS Score: 0.07% SSVC Exploitation: none Source: CVE June 10th, 2025 (9 days ago)
CVE-2025-32716	Windows Media Elevation of Privilege Vulnerability Description: Out-of-bounds read in Windows Media allows an authorized attacker to elevate privileges locally. CVSS: HIGH (7.8) EPSS Score: 0.05% SSVC Exploitation: none Source: CVE June 10th, 2025 (9 days ago)
CVE-2025-32715	Remote Desktop Protocol Client Information Disclosure Vulnerability Description: Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network. CVSS: MEDIUM (6.5) EPSS Score: 0.06% SSVC Exploitation: none Source: CVE June 10th, 2025 (9 days ago)
CVE-2025-32714	Windows Installer Elevation of Privilege Vulnerability Description: Improper access control in Windows Installer allows an authorized attacker to elevate privileges locally. CVSS: HIGH (7.8) EPSS Score: 0.05% SSVC Exploitation: none Source: CVE June 10th, 2025 (9 days ago)
CVE-2025-32713	Windows Common Log File System Driver Elevation of Privilege Vulnerability Description: Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. CVSS: HIGH (7.8) EPSS Score: 0.05% SSVC Exploitation: none Source: CVE June 10th, 2025 (9 days ago)
CVE-2025-32712	Win32k Elevation of Privilege Vulnerability Description: Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. CVSS: HIGH (7.8) EPSS Score: 0.05% SSVC Exploitation: none Source: CVE June 10th, 2025 (9 days ago)
CVE-2025-32710	Windows Remote Desktop Services Remote Code Execution Vulnerability Description: Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. CVSS: HIGH (8.1) EPSS Score: 0.11% SSVC Exploitation: none Source: CVE June 10th, 2025 (9 days ago)
CVE-2025-3117	CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists impacting configuration file... Description: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists impacting configuration file paths that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser. CVSS: MEDIUM (5.1) EPSS Score: 0.03% SSVC Exploitation: none Source: CVE June 10th, 2025 (9 days ago)
CVE-2025-3116	CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends special... Description: CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends special malformed HTTPS request containing improper formatted body data to the controller. CVSS: HIGH (7.1) EPSS Score: 0.05% SSVC Exploitation: none Source: CVE June 10th, 2025 (9 days ago)
CVE-2025-3112	CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause Denial of Service when an authenticated malicious user sends... Description: CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause Denial of Service when an authenticated malicious user sends manipulated HTTPS Content-Length header to the webserver. CVSS: MEDIUM (6.5) EPSS Score: 0.04% SSVC Exploitation: none Source: CVE June 10th, 2025 (9 days ago)