Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-21953
net: mana: cleanup mana struct after debugfs_remove()
Description: In the Linux kernel, the following vulnerability has been resolved: net: mana: cleanup mana struct after debugfs_remove() When on a MANA VM hibernation is triggered, as part of hibernate_snapshot(), mana_gd_suspend() and mana_gd_resume() are called. If during this mana_gd_resume(), a failure occurs with HWC creation, mana_port_debugfs pointer does not get reinitialized and ends up pointing to older, cleaned-up dentry. Further in the hibernation path, as part of power_down(), mana_gd_shutdown() is triggered. This call, unaware of the failures in resume, tries to cleanup the already cleaned up mana_port_debugfs value and hits the following bug: [ 191.359296] mana 7870:00:00.0: Shutdown was called [ 191.359918] BUG: kernel NULL pointer dereference, address: 0000000000000098 [ 191.360584] #PF: supervisor write access in kernel mode [ 191.361125] #PF: error_code(0x0002) - not-present page [ 191.361727] PGD 1080ea067 P4D 0 [ 191.362172] Oops: Oops: 0002 [#1] SMP NOPTI [ 191.362606] CPU: 11 UID: 0 PID: 1674 Comm: bash Not tainted 6.14.0-rc5+ #2 [ 191.363292] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 11/21/2024 [ 191.364124] RIP: 0010:down_write+0x19/0x50 [ 191.364537] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 55 48 89 e5 53 48 89 fb e8 de cd ff ff 31 c0 ba 01 00 00 00 48 0f b1 13 75 16 65 48 8b 05 88 24 4c 6a 48 89 43 08 48 8b 5d [ 191.365867] RSP: 0000:ff45fbe0c1c037b8 EFLAGS...

EPSS Score: 0.01%

Source: CVE
April 1st, 2025 (18 days ago)
Microsoft to mark five decades of Ctrl-Alt-Deleting the competition
Source: TheRegister
April 1st, 2025 (18 days ago)

CVE-2025-21384
Azure Health Bot Elevation of Privilege Vulnerability
Description: An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.

CVSS: HIGH (8.3)

EPSS Score: 0.09%

Source: CVE
April 1st, 2025 (19 days ago)

CVE-2025-26683
Azure Playwright Elevation of Privilege Vulnerability
Description: Improper authorization in Azure Playwright allows an unauthorized attacker to elevate privileges over a network.

CVSS: HIGH (8.1)

EPSS Score: 0.08%

Source: CVE
March 31st, 2025 (19 days ago)
Microsoft uses AI to find flaws in GRUB2, U-Boot, Barebox bootloaders
Description: Microsoft used its AI-powered Security Copilot to discover 20 previously unknown vulnerabilities in the GRUB2, U-Boot, and Barebox open-source bootloaders. [...]
Source: BleepingComputer
March 31st, 2025 (19 days ago)
Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp
Description: The threat actors behind the zero-day exploitation of a recently-patched security vulnerability in Microsoft Windows have been found to deliver two new backdoors called SilentPrism and DarkWisp. The activity has been attributed to a suspected Russian hacking group called Water Gamayun, which is also known as EncryptHub and LARVA-208. "The threat actor deploys payloads primarily by means of

CVSS: HIGH (7.0)

EPSS Score: 1.47%

Source: TheHackerNews
March 31st, 2025 (19 days ago)
Windows 11 Installations to Require Internet Connection and Microsoft Account
Description: In the latest Windows 11 Insider Preview Build 26200.5516, Microsoft has removed the ability to install the operating system without both internet connectivity and a Microsoft account, effectively eliminating a long-standing workaround that allowed local account setups during installation. The change was first spotted by security researcher Will Dormann, who noted that Microsoft has removed … The post Windows 11 Installations to Require Internet Connection and Microsoft Account appeared first on CyberInsider.
Source: CyberInsider
March 31st, 2025 (19 days ago)
Microsoft tests new Windows 11 tool to remotely fix boot crashes
Description: Microsoft has begun testing a new Windows 11 tool called Quick Machine Recovery, which is designed to remotely deploy fixes for buggy drivers and configurations that prevent the operating system from starting. [...]
Source: BleepingComputer
March 30th, 2025 (20 days ago)
Microsoft's killing script used to avoid Microsoft Account in Windows 11
Description: Microsoft has removed the 'BypassNRO.cmd' script from Windows 11 preview builds, which allowed users to bypass the requirement to use a Microsoft Account when installing the operating system. [...]
Source: BleepingComputer
March 30th, 2025 (20 days ago)
Microsoft fixes button that restores classic Outlook client
Description: Microsoft resolved an issue that caused the new Outlook email client to crash when users clicked a button designed to switch back to classic Outlook. [...]
Source: BleepingComputer
March 28th, 2025 (22 days ago)