Security Vulnerabilities
Use of hard-coded credentials in Windows Hardware Lab Kit allows an authorized attacker to elevate privileges locally.
CVSS Score
6.7
EPSS Score
0.001
Published
2025-05-13
Improper handling of insufficient permissions or privileges in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-05-13
Use of uninitialized resource in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally.
CVSS Score
5.5
EPSS Score
0.001
Published
2025-05-13
Files or directories accessible to external parties in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
CVSS Score
7.1
EPSS Score
0.001
Published
2025-05-13
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-05-13
Uncontrolled resource consumption in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network.
CVSS Score
7.5
EPSS Score
0.017
Published
2025-05-13
External control of file name or path in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.
CVSS Score
6.7
EPSS Score
0.002
Published
2025-05-13
CVE-2025-4427
An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.
Known exploited
CVSS Score
5.3
EPSS Score
0.749
Published
2025-05-13
CVE-2025-4428
Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests.
Known exploited
CVSS Score
7.2
EPSS Score
0.297
Published
2025-05-13
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability via the FUN_00459fdc function.
CVSS Score
9.8
EPSS Score
0.058
Published
2025-05-13