Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-21283 |
Description: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVSS: MEDIUM (6.5) EPSS Score: 0.13%
February 7th, 2025 (2 months ago)
|
|
CVE-2025-21279 |
Description: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVSS: MEDIUM (6.5) EPSS Score: 0.13%
February 7th, 2025 (2 months ago)
|
|
CVE-2025-21267 |
Description: Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVSS: MEDIUM (4.4) EPSS Score: 0.06%
February 7th, 2025 (2 months ago)
|
|
CVE-2025-21253 |
Description: Microsoft Edge for IOS and Android Spoofing Vulnerability
CVSS: MEDIUM (5.3) EPSS Score: 0.06%
February 7th, 2025 (2 months ago)
|
|
CVE-2025-21177 |
Description: Server-Side Request Forgery (SSRF) in Microsoft Dynamics 365 Sales allows an authorized attacker to elevate privileges over a network.
CVSS: HIGH (8.7) EPSS Score: 0.09%
February 7th, 2025 (2 months ago)
|
|
CVE-2025-0994 |
🚨 Marked as known exploited on February 6th, 2025 (2 months ago).
Description: Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services (IIS) web server.
CVSS: HIGH (8.6) EPSS Score: 1.32%
February 7th, 2025 (2 months ago)
|
|
Description: Microsoft warns that attackers are deploying malware in ViewState code injection attacks using static ASP. NET machine keys found online. [...]
February 6th, 2025 (2 months ago)
|
|
|
Description: CISA warned U.S. federal agencies on Thursday to secure their systems against ongoing attacks targeting a critical Microsoft Outlook remote code execution (RCE) vulnerability. [...]
February 6th, 2025 (2 months ago)
|
|
CVE-2024-21413 |
Description: Microsoft Outlook contains an improper input validation vulnerability that allows for remote code execution. Successful exploitation of this vulnerability would allow an attacker to bypass the Office Protected View and open in editing mode rather than protected mode.
CVSS: CRITICAL (9.8)
February 6th, 2025 (2 months ago)
|
|
CVE-2025-0994 |
Description: View CSAF
1. EXECUTIVE SUMMARY
CVSS v4 8.6
ATTENTION: Exploitable remotely/low attack complexity/known public exploitation
Vendor: Trimble
Equipment: Cityworks
Vulnerability: Deserialization of Untrusted Data
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an authenticated user to perform a remote code execution.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of Trimble Cityworks, an asset and work management system, are affected:
Cityworks: All versions prior to 23.10
3.2 VULNERABILITY OVERVIEW
3.2.1 DESERIALIZATION OF UNTRUSTED DATA CWE-502
Trimble Cityworks versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer's Microsoft Internet Information Services (IIS) web server.
CVE-2025-0994 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
A CVSS v4 score has also been calculated for CVE-2025-0994. A base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).
3.3 BACKGROUND
CRITICAL INFRASTRUCTURE SECTORS: Water and Wastewater Systems
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: United States
3.4 RESEARCHER
Trimble reported this vulnerability to CISA.
4. MITIGATIONS
Cityworks has released the following update guidance...
EPSS Score: 1.32%
February 6th, 2025 (2 months ago)
|