Microsoft: Security Vulnerabilities
Improper input validation in Microsoft Dynamics allows an unauthorized attacker to disclose information over a network.
CVSS Score
8.1
EPSS Score
0.004
Published
2025-04-30
Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
9.8
EPSS Score
0.005
Published
2025-04-30
Missing authorization in Azure Virtual Desktop allows an authorized attacker to elevate privileges over a network.
CVSS Score
8.5
EPSS Score
0.002
Published
2025-04-30
CVE-2025-3928
Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms. This vulnerability was added to the CISA Known Exploited Vulnerabilities (KEV) Catalog on 2025-04-28.
Known exploited
CVSS Score
8.8
EPSS Score
0.168
Published
2025-04-25
IBM InfoSphere Information 11.7 Server authenticated user to obtain sensitive information when a detailed technical error message is returned in a request. This information could be used in further attacks against the system.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-04-23
IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-04-23
CVE-2025-34028
The Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files that represent install packages that, when expanded by the target server, are vulnerable to path traversal vulnerability that can result in Remote Code Execution via malicious JSP.
This issue affects Command Center Innovation Release: 11.38.0 to 11.38.20. The vulnerability is fixed in 11.38.20 with SP38-CU20-433 and SP38-CU20-436 and also fixed in 11.38.25 with SP38-CU25-434 and SP38-CU25-438.
Known exploited
CVSS Score
10.0
EPSS Score
0.451
Published
2025-04-22
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
CVSS Score
4.1
EPSS Score
0.0
Published
2025-04-22
NVIDIA NeMo Framework contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering.
CVSS Score
7.6
EPSS Score
0.008
Published
2025-04-22
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause an improper limitation of a pathname to a restricted directory by an arbitrary file write. A successful exploit of this vulnerability might lead to code execution and data tampering.
CVSS Score
7.6
EPSS Score
0.001
Published
2025-04-22