Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-47161 |
Description: Microsoft Defender for Endpoint Elevation of Privilege Vulnerability
CVSS: HIGH (7.8) EPSS Score: 0.05% SSVC Exploitation: none
May 15th, 2025 (22 days ago)
|
|
Description: In a deal set to close later this year, cybersecurity giant Proofpoint is acquiring German firm Hornetsecurity, which specializes in protecting companies from risks associated with Microsoft 365.
May 15th, 2025 (22 days ago)
|
|
CVE-2024-0056 |
Description: As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 8.7
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: INTRALOG WMS
Vulnerabilities: Cleartext Transmission of Sensitive Information, Uncontrolled Resource Consumption, Use After Free, Improper Link Resolution Before File Access ('Link Following'), Improper Input Validation, Inefficient Algorithmic Complexity
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to bypass security features, cause a denial-of-service condition, or execute arbitrary code.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Siemens reports that the following products are affected:
Siemens INTRALOG WMS: All versions prior to v5
3.2 VULNERABILITY OVERVIEW
3.2.1 CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319
Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability
CVE-2024-0056 has been assigned to this vulnerability. A CVSS v3 base score of 8.7 has been assigned; the CVSS vector string is (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N).
3.2.2 UNCONTROLLED RESOURCE CONSUMPTION CWE-400
.NET Denial-of-Service Vulnerability
CVE-2024...
CVSS: HIGH (8.7)
May 15th, 2025 (22 days ago)
|
|
Description: Ransomware has evolved into a deceptive, highly coordinated and dangerously sophisticated threat capable of crippling organizations of any size. Cybercriminals now exploit even legitimate IT tools to infiltrate networks and launch ransomware attacks. In a chilling example, Microsoft recently disclosed how threat actors misused its Quick Assist remote assistance tool to deploy the destructive
May 15th, 2025 (22 days ago)
|
|
Description: Microsoft has fixed a known issue preventing Linux from booting on dual-boot systems with Secure Boot enabled after installing the August 2024 Windows security updates. [...]
May 14th, 2025 (23 days ago)
|
|
🚨 Marked as known exploited on May 14th, 2025 (23 days ago).
Description: Microsoft on Tuesday shipped fixes to address a total of 78 security flaws across its software lineup, including a set of five zero-days that have come under active exploitation in the wild.
Of the 78 flaws resolved by the tech giant, 11 are rated Critical, 66 are rated Important, and one is rated Low in severity. Twenty-eight of these vulnerabilities lead to remote code execution, 21 of them
May 14th, 2025 (23 days ago)
|
|
May 14th, 2025 (24 days ago)
|
|
CVE-2025-26646 |
Description: External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.
CVSS: HIGH (8.0) EPSS Score: 0.03%
May 13th, 2025 (24 days ago)
|
|
Description: Microsoft Security Advisory CVE-2025-26646: .NET Spoofing Vulnerability
Executive summary
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 9.0.xxx and .NET 8.0.xxx SDK. This advisory also provides guidance on what developers can do to update their applications to address this vulnerability.
A vulnerability exists in .NET SDK or MSBuild applications where external control of file name or path allows an unauthorized attacked to perform spoofing over a network.
Discussion
Discussion for this issue can be found at https://github.com/dotnet/msbuild/issues/11846
Mitigation factors
Projects which do not utilize the DownloadFile build task are not susceptible to this vulnerability.
Affected software
Any installation of .NET 9.0.105 SDK, .NET 9.0.203 SDK or earlier.
Any installation of .NET 8.0.115 SDK, .NET 8.0.311 SDK, .NET 8.0.408 SDK or earlier.
Affected Packages
The vulnerability affects any Microsoft .NET Core project if it uses any of affected packages versions listed below
Package name
Affected version
Patched version
Microsoft.Build.Tasks.Core
>= 15.8.166, <=15.9.20>=16.0.461, <= 16.11.0>= 17.0.0, <= 17.8.3>= 17.9.5, <= 17.10.417.11.417.12.6 17.13.9
15.9.3016.11.617.8.2917.10.2917.12.3617.13.26 17.14.8
Advisory FAQ
How do I know if I am affected?
If you have a .NET SDK with a version listed, or an affected package listed in affected software or affected packages, you're exposed to the vulnerability.
How do I fix ...
CVSS: HIGH (8.0) EPSS Score: 0.03%
May 13th, 2025 (24 days ago)
|
|
🚨 Marked as known exploited on May 13th, 2025 (24 days ago).
Description: Microsoft has released its monthly security update for May of 2025 which includes 78 vulnerabilities affecting a range of products, including 11 that Microsoft marked as “critical”. Microsoft noted five vulnerabilities that have been observed to be exploited in the wild. CVE-2025-30397 is a remote code
CVSS: HIGH (7.5) EPSS Score: 10.87%
May 13th, 2025 (24 days ago)
|