Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
Week-long Exchange Online outage causes email failures, delays
Description: Microsoft says it partially mitigated a week-long Exchange Online outage causing delays or failures when sending or receiving email messages. [...]
Source: BleepingComputer
March 14th, 2025 (about 1 month ago)

CVE-2025-1888
Reflected Cross Site Scripting in Aperio Eslide Manager
Description: The Leica Web Viewer within the Aperio Eslide Manager Application is vulnerable to reflected cross-site scripting (XSS). An authenticated user can access the slides within a project and injecting malicious JavaScript into the "memo" field. The memo field has a hover over action that will display a Microsoft Tool Tip which a user can use to quickly view the memo associated with the slide and execute the JavaScript.

CVSS: MEDIUM (4.6)

EPSS Score: 0.03%

Source: CVE
March 14th, 2025 (about 1 month ago)

CVE-2024-48938
Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows DoS/ReDos via email. Parsing the content of emails where HTML code is copied...
Description: Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows DoS/ReDos via email. Parsing the content of emails where HTML code is copied from Microsoft Word could lead to high CPU usage and block the parsing process.

EPSS Score: 0.25%

SSVC Exploitation: none

Source: CVE
March 14th, 2025 (about 1 month ago)
Microsoft apologizes for removing VSCode extensions used by millions
Description: Microsoft has reinstated the 'Material Theme - Free' and 'Material Theme Icons - Free' extensions on the Visual Studio Marketplace after finding that the obfuscated code they contained wasn't actually malicious. [...]
Source: BleepingComputer
March 13th, 2025 (about 1 month ago)
Windows Notepad to get AI text summarization in Windows 11
Description: Microsoft is now testing an AI-powered text summarization feature in Notepad and a Snipping Tool "Draw & Hold" feature that helps draw perfect shapes. [...]
Source: BleepingComputer
March 13th, 2025 (about 1 month ago)

CVE-2025-24053
Microsoft Dataverse Elevation of Privilege Vulnerability
Description: Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.

CVSS: HIGH (7.2)

EPSS Score: 0.13%

Source: CVE
March 13th, 2025 (about 1 month ago)
Microsoft says button to restore classic Outlook is broken
Description: ​Microsoft is investigating a known issue that causes the new Outlook email client to crash when users click the "Go to classic Outlook" button, which should help them switch back to the classic Outlook. [...]
Source: BleepingComputer
March 13th, 2025 (about 1 month ago)
Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails
Description: Microsoft has shed light on an ongoing phishing campaign that targeted the hospitality sector by impersonating online travel agency Booking.com using an increasingly popular social engineering technique called ClickFix to deliver credential-stealing malware. The activity, the tech giant said, started in December 2024 and operates with the end goal of conducting financial fraud and theft. It's
Source: TheHackerNews
March 13th, 2025 (about 1 month ago)
ClickFix attack delivers infostealers, RATs in fake Booking.com emails
Description: Microsoft is warning that an ongoing phishing campaign impersonating Booking.com is using ClickFix social engineering attacks to infect hospitality workers with various malware, including infostealers and RATs. [...]
Source: BleepingComputer
March 13th, 2025 (about 1 month ago)
Microsoft patches Windows Kernel zero-day exploited since 2023
Description: Slovak cybersecurity company ESET says a newly patched zero-day vulnerability in the Windows Win32 Kernel Subsystem has been exploited in attacks since March 2023. [...]
Source: BleepingComputer
March 12th, 2025 (about 1 month ago)