CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-26627	Azure Arc Installer Elevation of Privilege Vulnerability Description: Improper neutralization of special elements used in a command ('command injection') in Azure Arc allows an authorized attacker to elevate privileges locally. CVSS: HIGH (7.0) EPSS Score: 0.04% Source: CVE March 11th, 2025 (4 months ago)
CVE-2025-25749	An issue in HotelDruid version 3.0.7 and earlier allows users to set weak passwords due to the lack of enforcement of password strength policies. Description: An issue in HotelDruid version 3.0.7 and earlier allows users to set weak passwords due to the lack of enforcement of password strength policies. EPSS Score: 0.04% Source: CVE March 11th, 2025 (4 months ago)
CVE-2025-25748	A CSRF vulnerability in the gestione_utenti.php endpoint of HotelDruid 3.0.7 allows attackers to perform unauthorized actions (e.g., modifying user... Description: A CSRF vulnerability in the gestione_utenti.php endpoint of HotelDruid 3.0.7 allows attackers to perform unauthorized actions (e.g., modifying user passwords) on behalf of authenticated users by exploiting the lack of origin or referrer validation and the absence of CSRF tokens. EPSS Score: 0.02% Source: CVE March 11th, 2025 (4 months ago)
CVE-2025-25008	Windows Server Elevation of Privilege Vulnerability Description: Improper link resolution before file access ('link following') in Microsoft Windows allows an authorized attacker to elevate privileges locally. CVSS: HIGH (7.1) EPSS Score: 0.06% Source: CVE March 11th, 2025 (4 months ago)
CVE-2025-25003	Visual Studio Elevation of Privilege Vulnerability Description: Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally. CVSS: HIGH (7.3) EPSS Score: 0.12% Source: CVE March 11th, 2025 (4 months ago)
CVE-2025-24998	Visual Studio Elevation of Privilege Vulnerability Description: Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally. CVSS: HIGH (7.3) EPSS Score: 0.12% Source: CVE March 11th, 2025 (4 months ago)
CVE-2025-24997	DirectX Graphics Kernel File Denial of Service Vulnerability Description: Null pointer dereference in Windows Kernel Memory allows an authorized attacker to deny service locally. CVSS: MEDIUM (4.4) EPSS Score: 0.06% Source: CVE March 11th, 2025 (4 months ago)
CVE-2025-24996	NTLM Hash Disclosure Spoofing Vulnerability Description: External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network. CVSS: MEDIUM (6.5) EPSS Score: 0.12% Source: CVE March 11th, 2025 (4 months ago)
CVE-2025-24995	Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability Description: Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally. CVSS: HIGH (7.8) EPSS Score: 0.05% Source: CVE March 11th, 2025 (4 months ago)
CVE-2025-24994	Microsoft Windows Cross Device Service Elevation of Privilege Vulnerability Description: Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally. CVSS: HIGH (7.3) EPSS Score: 0.05% Source: CVE March 11th, 2025 (4 months ago)