Microsoft: Security Vulnerabilities
IBM Db2 for Linux, UNIX and Windows 12.1.0 and 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-05-01
A vulnerability was found in xiaowei1118 java_server up to 11a5bac8f4ba1c17e4bc1b27cad6d24868500e3a on Windows and classified as critical. This issue affects some unknown processing of the file /src/main/java/com/changyu/foryou/controller/FoodController.java of the component File Upload API. The manipulation leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-05-01
A security issue has been discovered in Couchbase Server before 7.6.4 and fixed in v.7.6.4 and v.7.2.7 for Windows that could allow unauthorized access to sensitive files. Depending on the level of privileges, this vulnerability may grant access to files such as /etc/passwd or /etc/shadow.
CVSS Score
7.6
EPSS Score
0.002
Published
2025-04-30
Improper verification of cryptographic signature in Microsoft Azure Functions allows an authorized attacker to execute code over a network.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-04-30
Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
8.7
EPSS Score
0.001
Published
2025-04-30
Improper authorization in Azure allows an authorized attacker to elevate privileges over a network.
CVSS Score
9.9
EPSS Score
0.005
Published
2025-04-30
Improper input validation in Microsoft Dynamics allows an unauthorized attacker to disclose information over a network.
CVSS Score
8.1
EPSS Score
0.004
Published
2025-04-30
Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
9.8
EPSS Score
0.005
Published
2025-04-30
Missing authorization in Azure Virtual Desktop allows an authorized attacker to elevate privileges over a network.
CVSS Score
8.5
EPSS Score
0.002
Published
2025-04-30
CVE-2025-3928
Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms. This vulnerability was added to the CISA Known Exploited Vulnerabilities (KEV) Catalog on 2025-04-28.
Known exploited
CVSS Score
8.8
EPSS Score
0.168
Published
2025-04-25