Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper access control for some Intel(R) Graphics software may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.
Improper access control for some Intel(R) Data Center GPU Flex Series for Windows driver before version 31.0.101.4314 may allow an authenticated user to potentially enable denial of service via local. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.
Race condition for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
External control of file name or path in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
NULL pointer dereference for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.
Improper input validation for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.
Incorrect initialization of resource in the branch prediction unit for some Intel(R) Core™ Ultra Processors may allow an authenticated user to potentially enable information disclosure via local. Rated medium severity (CVSS 6.8). No vendor patch available.
Uncaught exception in the core management mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Double-free vulnerability in crossbeam-channel Rust crate's Channel Drop implementation allows memory corruption via a race condition during cleanup, affecting remote network applications that depend on this widely-used concurrency library. The vulnerability requires no authentication or user interaction and can be triggered by unauthenticated remote attackers in networked Rust applications using vulnerable versions. No public exploit code has been identified at the time of analysis, though the issue presents a moderate real-world risk due to the library's prevalence in production Rust ecosystems and the EPSS score of 0.38% indicating low exploitation likelihood.
The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby' parameter in all versions up to, and including, 4.9.9.8 due to insufficient escaping on the user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
SAP S/4 HANA allows an authenticated attacker with user privileges to configure a field not intended for their access and create a custom UI layout displaying this field. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. No vendor patch available.
Uncontrolled resource consumption in Windows Deployment Services allows an unauthorized attacker to deny service locally. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Umbraco Forms is a form builder that integrates with the Umbraco content management system. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
he Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to execute. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SAP Supplier Relationship Management (Master Data Management Catalogue) allows an unauthenticated attacker to execute malicious scripts in the application, potentially leading to a Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to craft a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable information. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.
Out-of-bounds write for some Intel(R) Graphics Driver software may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.
Insufficient control flow management for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow a privileged user to potentially enable information disclosure via adjacent access. Rated medium severity (CVSS 5.8). No vendor patch available.
Improper access control for some Intel(R) Data Center GPU Flex Series for Windows driver software before version 31.0.101.4255 may allow an authenticated user to potentially enable denial of service. Rated medium severity (CVSS 5.8). No vendor patch available.
Insufficient resource pool in the core management mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel(R) Processors may allow an. Rated medium severity (CVSS 5.7). No vendor patch available.
Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel(R) Core™ processors (10th Generation) may allow an. Rated medium severity (CVSS 5.7). No vendor patch available.
Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Atom(R) processors may allow an authenticated user to. Rated medium severity (CVSS 5.7). No vendor patch available.
Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel(R) Processors may allow an authenticated user to potentially enable information. Rated medium severity (CVSS 5.7). No vendor patch available.
Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable information. Rated medium severity (CVSS 5.7). No vendor patch available.
Improper conditions check for some Intel(R) Arc™ GPU may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.7). No vendor patch available.
Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Improper initialization in the UEFI firmware for the Intel(R) Server D50DNP and M50FCP boards may allow a privileged user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.6). No vendor patch available.
Improper input validation in the BackupBiosUpdate UEFI firmware SmiVariable driver for the Intel(R) Server D50DNP and M50FCP boards before version R01.02.0003 may allow a privileged user to. Rated medium severity (CVSS 5.6). No vendor patch available.
Improper input validation in the UEFI firmware GenerationSetup module for the Intel(R) Server D50DNP and M50FCP boards may allow a privileged user to potentially enable information disclosure via. Rated medium severity (CVSS 5.6). No vendor patch available.
Improper restriction of software interfaces to hardware features for some Intel(R) Xeon(R) 6 processor with E-cores when using Intel(R) Trust Domain Extensions (Intel(R) TDX) or Intel(R) Software. Rated medium severity (CVSS 5.6). No vendor patch available.
Substance3D - Stager versions 3.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Animate versions 24.0.8, 23.0.11 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
InDesign Desktop versions ID19.5.2, ID20.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
InDesign Desktop versions ID19.5.2, ID20.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Uncontrolled search path for some Intel(R) Graphics software may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.
Uncontrolled search path element for some Intel(R) Network Adapter Driver installers for Windows 11 before version 29.4 may allow an authenticated user to potentially enable escalation of privilege. Rated medium severity (CVSS 5.4), this vulnerability is low attack complexity. No vendor patch available.
Uncontrolled search path for some Intel(R) Advisor software may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.
Uncontrolled search path for some Intel(R) RealSense™ SDK software before version 2.56.2 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.