Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-21183 |
Description: Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability
CVSS: HIGH (7.4) EPSS Score: 0.05%
February 12th, 2025 (2 months ago)
|
|
CVE-2025-21182 |
Description: Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability
CVSS: HIGH (7.4) EPSS Score: 0.05%
February 12th, 2025 (2 months ago)
|
|
CVE-2025-21181 |
Description: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVSS: HIGH (7.5) EPSS Score: 0.05%
February 12th, 2025 (2 months ago)
|
|
CVE-2025-21179 |
Description: DHCP Client Service Denial of Service Vulnerability
CVSS: MEDIUM (4.8) EPSS Score: 0.06%
February 12th, 2025 (2 months ago)
|
|
🚨 Marked as known exploited on April 10th, 2025 (11 days ago).
Description: Microsoft has released its February 2025 Patch Tuesday update, addressing 55 security vulnerabilities, including two actively exploited zero-day flaws. The update includes fixes for elevation of privilege vulnerabilities in Windows Storage and the Windows Ancillary Function Driver for WinSock, which have been detected in real-world attacks. Zero-days under active exploitation Among the most critical fixes …
The post Microsoft February 2025 Patch Tuesday Fixes Two Zero-Day Flaws appeared first on CyberInsider.
February 11th, 2025 (2 months ago)
|
|
|
Description: Microsoft has released its monthly security update for January of 2025 which includes 58 vulnerabilities, including 3 that Microsoft marked as “critical” and one marked as "moderate". The remaining vulnerabilities listed are classified as “important.” Â
February 11th, 2025 (2 months ago)
|
|
CVE-2024-40891 |
Description: CISA has added four vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2024-40891 Zyxel DSL CPE OS Command Injection Vulnerability
CVE-2024-40890 Zyxel DSL CPE OS Command Injection Vulnerability
CVE-2025-21418 Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow Vulnerability
CVE-2025-21391 Microsoft Windows Storage Link Following Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CVSS: HIGH (8.8) EPSS Score: 4.13%
February 11th, 2025 (2 months ago)
|
|
|
Description: Microsoft has released the KB5051974 cumulative update for Windows 10 22H2 and Windows 10 21H2, which automatically installs the new Outlook for Windows app and fixes a memory leak bug. [...]
February 11th, 2025 (2 months ago)
|
|
|
Description: Microsoft has released Windows 11 KB5051987 and KB5051989 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues. [...]
February 11th, 2025 (2 months ago)
|
|
|
🚨 Marked as known exploited on April 10th, 2025 (11 days ago).
Description: Today is Microsoft's February 2025 Patch Tuesday, which includes security updates for 55 flaws, including four zero-day vulnerabilities, with two actively exploited in attacks. [...]
February 11th, 2025 (2 months ago)
|