CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-27175	InDesign Desktop \| Out-of-bounds Write (CWE-787) Description: InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. CVSS: HIGH (7.8) EPSS Score: 0.03% Source: CVE March 11th, 2025 (4 months ago)
CVE-2025-27171	InDesign Desktop \| Heap-based Buffer Overflow (CWE-122) Description: InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. CVSS: HIGH (7.8) EPSS Score: 0.02% Source: CVE March 11th, 2025 (4 months ago)
CVE-2025-27166	InDesign Desktop \| Out-of-bounds Write (CWE-787) Description: InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. CVSS: HIGH (7.8) EPSS Score: 0.03% Source: CVE March 11th, 2025 (4 months ago)
CVE-2025-26701	An issue was discovered in Percona PMM Server (OVA) before 3.0.0-1.ova. The default service account credentials can lead to SSH access, use of Sudo... Description: An issue was discovered in Percona PMM Server (OVA) before 3.0.0-1.ova. The default service account credentials can lead to SSH access, use of Sudo to root, and sensitive data exposure. This is fixed in PMM2 2.42.0-1.ova, 2.43.0-1.ova, 2.43.1-1.ova, 2.43.2-1.ova, and 2.44.0-1.ova and in PMM3 3.0.0-1.ova and later. CVSS: CRITICAL (10.0) EPSS Score: 0.06% Source: CVE March 11th, 2025 (4 months ago)
CVE-2025-26645	Remote Desktop Client Remote Code Execution Vulnerability Description: Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network. CVSS: HIGH (8.8) EPSS Score: 0.07% SSVC Exploitation: none Source: CVE March 11th, 2025 (4 months ago)
CVE-2025-26633	Microsoft Management Console Security Feature Bypass Vulnerability 🚨 Marked as known exploited on March 31st, 2025 (4 months ago). Description: Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally. CVSS: HIGH (7.0) EPSS Score: 1.47% SSVC Exploitation: active Source: CVE March 11th, 2025 (4 months ago)
CVE-2025-26631	Visual Studio Code Elevation of Privilege Vulnerability Description: Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally. CVSS: HIGH (7.3) EPSS Score: 0.12% Source: CVE March 11th, 2025 (4 months ago)
CVE-2025-26630	Microsoft Access Remote Code Execution Vulnerability Description: Use after free in Microsoft Office Access allows an unauthorized attacker to execute code locally. CVSS: HIGH (7.8) EPSS Score: 0.08% Source: CVE March 11th, 2025 (4 months ago)
CVE-2025-26629	Microsoft Office Remote Code Execution Vulnerability Description: Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. CVSS: HIGH (7.8) EPSS Score: 0.08% Source: CVE March 11th, 2025 (4 months ago)
CVE-2025-26627	Azure Arc Installer Elevation of Privilege Vulnerability Description: Improper neutralization of special elements used in a command ('command injection') in Azure Arc allows an authorized attacker to elevate privileges locally. CVSS: HIGH (7.0) EPSS Score: 0.04% Source: CVE March 11th, 2025 (4 months ago)