Heap buffer overflow in Bridge versions 15.1.2 and 16.0 and earlier enables arbitrary code execution when users open specially crafted files. The vulnerability requires user interaction but carries no patch availability, leaving affected systems exposed to local attack. With a CVSS score of 7.8, this poses significant risk to Bridge users until patching becomes available.
Arbitrary code execution in Adobe InCopy versions 21.0, 19.5.5 and earlier through a heap-based buffer overflow when users open malicious files. An attacker can execute commands with the privileges of the targeted user by crafting a specially designed document. No patch is currently available, requiring users to avoid opening untrusted InCopy files.
Arbitrary code execution in Adobe InDesign versions 21.0, 19.5.5 and earlier through a heap-based buffer overflow vulnerability triggered by opening a malicious file. Attackers can achieve code execution with the privileges of the affected user, requiring only social engineering to deliver the malicious document. No patch is currently available.
Arbitrary code execution in Adobe InDesign versions 21.0, 19.5.5 and earlier through an uninitialized pointer vulnerability that executes with user privileges when a victim opens a crafted file. This local attack requires user interaction but offers no patch availability and affects all current InDesign users.
Arbitrary code execution in Adobe InDesign versions 21.0, 19.5.5 and earlier through an uninitialized pointer vulnerability that executes with user privileges when a victim opens a crafted file. The attack requires no special privileges or system access, making it a significant risk for InDesign users who may inadvertently open malicious documents. No patch is currently available.
Arbitrary PHP code execution in TYPO3 CMS versions 10.0.0 through 14.0.1 through unsafe deserialization of mail spool files, allowing local attackers with write access to the spool directory to execute malicious code when the mailer:spool:send command is executed. Affected versions span multiple release lines including 10.x, 11.x, 12.x, 13.x, and 14.x, requiring immediate patching to prevent web server compromise.
Privilege escalation in Windows Management Services affects Windows Server 2019, 2022 23h2, and 2025 through a use-after-free vulnerability that allows authenticated local attackers to gain elevated system privileges. The flaw requires low privileges and manual user interaction to trigger, potentially giving attackers complete system control. No patch is currently available for this vulnerability.
Local privilege escalation in Windows RRAS affects Windows 10, Windows 11, and Windows Server 2022, allowing authenticated users to gain system-level access through improper access control mechanisms. An attacker with local user credentials can exploit this vulnerability to obtain elevated privileges on the affected system. No patch is currently available, leaving vulnerable systems at risk until Microsoft releases a security update.
Privilege escalation in Microsoft Graphics Component on Windows 11 25h2 and Windows Server 2019 exploits a use-after-free condition, enabling authenticated local attackers to gain elevated system privileges. The vulnerability requires moderate complexity to exploit and affects confidentiality, integrity, and availability of affected systems. No patch is currently available.
Privilege escalation in Windows Kernel Memory affects Windows 10 21h2 and Windows Server 2022 23h2, exploitable by local authenticated users through a race condition between permission checks and memory access. An attacker with local access can leverage this window to gain elevated system privileges. No patch is currently available.
In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Fix OOB write in bnxt_re_copy_err_stats() Commit ef56081d1864 ("RDMA/bnxt_re: RoCE related hardware counters update") added three new counters and placed them after BNXT_RE_OUT_OF_SEQ_ERR.
In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: fix use-after-free on probe deferral The driver is dropping the references taken to the larb devices during probe after successful lookup as well as on errors.
In the Linux kernel, the following vulnerability has been resolved: svcrdma: bound check rq_pages index in inline path svc_rdma_copy_inline_range indexed rqstp->rq_pages[rc_curpage] without verifying rc_curpage stays within the allocated page array.
Privilege escalation in Windows Management Services via use-after-free memory corruption affects Windows 10, Windows 11, and Windows Server 2019, enabling authenticated local attackers to gain elevated system privileges. An authorized user can exploit this vulnerability through a race condition to execute arbitrary code with higher privileges. No patch is currently available for this vulnerability.
Windows Management Services on Windows 10 and 11 contains a race condition in shared resource synchronization that enables authenticated local users to escalate privileges to system level. The vulnerability affects multiple Windows versions including 22h2, 21h2, and 25h2 builds, with no patch currently available.
Privilege escalation in Windows Management Services on Windows 10 and 11 stems from improper synchronization of shared resources, enabling local authenticated attackers to gain elevated privileges. The race condition can be exploited without user interaction and impacts confidentiality, integrity, and availability across system boundaries. No patch is currently available for this vulnerability.
Privilege escalation in Windows Management Services (Windows 10/11) stems from improper synchronization of shared resources, allowing authenticated local users to gain elevated privileges through race condition exploitation. The vulnerability affects multiple Windows versions including 22H2 and 24H2 builds, with no patch currently available. An attacker with valid credentials can leverage this flaw to escalate from a standard user account to system-level access.
Local privilege escalation in Windows Management Services affects Windows Server 2019, Windows 11 24h2, and Windows Server 2025 through improper synchronization of shared resources, enabling authenticated users to gain elevated system privileges. The vulnerability exploits a race condition that an attacker can trigger without user interaction, though no patch is currently available.
Windows Management Services on Windows 10 and Windows Server 2019 contains a race condition in shared resource synchronization that enables local privilege escalation for authenticated users. An attacker with local access can exploit improper locking mechanisms to gain elevated system privileges. No patch is currently available for this vulnerability.
Windows Management Services on Windows 10 and Windows Server 2022 contain a race condition in shared resource handling that permits authenticated local attackers to escalate privileges to system level. The vulnerability stems from improper synchronization during concurrent operations and affects multiple Windows versions including Windows 10 22H2 and 1809. No patch is currently available for this high-severity issue (CVSS 7.8).
Windows Ancillary Function Driver for WinSock contains a race condition that enables local privilege escalation on affected Windows systems including Server 2008, Server 2019, and Windows 10 22H2. An authenticated attacker can exploit this timing vulnerability to gain elevated privileges with high impact to confidentiality, integrity, and availability. No patch is currently available for this vulnerability.
Privilege escalation in Windows Tablet UI (TWINUI) subsystem on Windows 10, Windows Server 2022, and Windows Server 2025 stems from improper synchronization of shared resources, enabling authenticated local attackers to gain elevated privileges. The race condition vulnerability affects multiple Windows versions and currently has no available patch.
Windows Installer contains a time-of-check time-of-use race condition that allows authenticated local attackers to escalate privileges on Windows 10 1809, Windows 11 25h2, and Windows Server 2022 23h2. An attacker with local access can exploit the window between permission validation and file operation execution to gain elevated system access. No patch is currently available for this vulnerability.
In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() TID getting from ieee80211_get_tid() might be out of range of array size of sta_entry->tids[], so check TID is less than MAX_TID_COUNT.
In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fix potential UAF in xe_oa_add_config_ioctl() In xe_oa_add_config_ioctl(), we accessed oa_config->id after dropping metrics_lock.
In the Linux kernel, the following vulnerability has been resolved: Input: lkkbd - disable pending work before freeing device lkkbd_interrupt() schedules lk->tq via schedule_work(), and the work handler lkkbd_reinit() dereferences the lkkbd structure and its serio/input_dev fields.
Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally. [CVSS 7.8 HIGH]
Windows Cloud Files Mini Filter Driver contains an unsafe pointer dereference vulnerability that enables authenticated local users to achieve privilege escalation on affected Windows versions including Windows 10 1809, Windows 11, and Windows Server 2022. An attacker with valid credentials can exploit this flaw to gain elevated system privileges without user interaction. No patch is currently available for this high-severity vulnerability.
Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally. [CVSS 7.8 HIGH]
Privileged local attackers can exploit a use-after-free vulnerability in the Windows RPC IDL subsystem to gain system-level code execution on affected Windows 10, Windows 11, Windows Server 2016, and Windows Server 2022 systems. The vulnerability requires local access and valid credentials but allows complete compromise of the target system with no user interaction required. No patch is currently available, leaving vulnerable systems at risk.
Heap buffer overflow in Windows Common Log File System Driver (affecting Windows 10 1607, Server 2016, and Server 2022 23h2) enables authenticated local users to achieve complete system compromise through privilege escalation. The vulnerability requires valid credentials but no user interaction, making it a direct path to administrative control for insiders or attackers with initial access. No patch is currently available, leaving affected systems at elevated risk pending remediation.
Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of reference counting to cause a potential use after free. Improper reference counting on an internal resource caused scenario where potential for use after free was present. [CVSS 7.8 HIGH]
In the Linux kernel, the following vulnerability has been resolved: iommu: disable SVA when CONFIG_X86 is set Patch series "Fix stale IOTLB entries for kernel address space", v7. This proposes a fix for a security vulnerability related to IOMMU Shared Virtual Addressing (SVA). [CVSS 7.8 HIGH]
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency Under high concurrency, A tree-connection object (tcon) is freed on a disconnect path while another path still holds a reference and later executes *_put()/write on it. [CVSS 7.8 HIGH]
A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking Virtual Intranet Access (VIA) client. Successful exploitation of this vulnerability could allow a local attacker to achieve arbitrary code execution with root privileges. [CVSS 7.8 HIGH]
Remote code execution in Azure Core Shared Client Library for Python results from insecure deserialization of untrusted data, allowing authenticated network-based attackers to achieve arbitrary code execution. The vulnerability affects Python applications utilizing the vulnerable library versions, with no patch currently available. This represents a high-severity risk for Azure SDK consumers handling external or user-supplied serialized data.
Windows Hello privilege escalation on Windows 10, 11, and Server 2019 allows local attackers without credentials to tamper with system integrity through incorrect privilege assignment. The vulnerability requires local access but no user interaction, enabling unauthorized modifications to protected resources. No patch is currently available for this HIGH severity issue affecting multiple Windows versions.
Windows Hello privilege elevation flaw in Windows 10 21h2, Windows Server 2019, 2022, and 2022 23h2 enables local attackers to modify system data without authorization. The vulnerability stems from improper privilege assignment that bypasses access controls, allowing an unauthenticated attacker with local access to tamper with protected resources. Currently no patch is available and exploitation requires only local access with no special conditions or user interaction.
Windows Deployment Services contains improper access control that enables unauthenticated attackers on an adjacent network to execute arbitrary code with high privileges on affected Windows and Windows Server systems. The vulnerability affects multiple Windows versions including Server 2012, 2019, and 2022 variants, with no patch currently available. An adjacent network attacker requires only network proximity to exploit this vulnerability, making lateral movement within networked environments a significant risk.
Remote denial of service in Windows LSASS affects Windows 10 and 11 through a null pointer dereference that an unauthenticated attacker can trigger over the network. The vulnerability causes service unavailability but does not enable code execution or data theft. No patch is currently available, leaving affected systems vulnerable until Microsoft releases a fix.
Windows Kerberos authentication in multiple Windows versions accepts untrusted input during security decisions, enabling authenticated network attackers to escalate privileges without user interaction. The vulnerability affects Windows 10 (versions 1607 and 1809), Windows Server 2012, and Windows Server 2025, with no patch currently available. An attacker with valid credentials can exploit this to gain elevated system access across the network.
Remote code execution in Windows LSASS (Local Security Authority Subsystem Service) on Windows 11 and Windows Server 2025 stems from a use-after-free memory vulnerability exploitable by authenticated attackers over the network. An attacker with valid credentials can trigger the flaw to execute arbitrary code with SYSTEM privileges, achieving complete system compromise. No patch is currently available, leaving affected systems vulnerable until Microsoft releases a security update.
Privilege escalation in Windows SMB Server (Server 2025, Windows 11 24H2, Windows 10 22H2) stems from improper synchronization of shared resources during concurrent execution, enabling authenticated network attackers to gain elevated privileges. The vulnerability requires high complexity exploitation but carries high impact across confidentiality, integrity, and availability. No patch is currently available.
Privilege escalation in Windows SMB Server (versions 10 22h2, 11 23h2, and 11 25h2) stems from improper synchronization of shared resources, allowing authenticated network attackers to elevate privileges. The race condition vulnerability requires specific timing conditions but carries high impact across confidentiality, integrity, and availability. No patch is currently available for this vulnerability.
Privilege escalation in Windows SMB Server (2022, 2025) stems from improper synchronization of concurrent resource access, enabling authenticated network attackers to gain elevated privileges. The vulnerability requires specific conditions to trigger but provides high-impact unauthorized access when successfully exploited. No patch is currently available for affected systems.
Windows SMB Server contains a race condition in concurrent resource handling that enables authenticated network attackers to escalate privileges on affected systems including Windows 10 22H2, Windows 10 1607, and Windows Server 2025. The vulnerability requires low attack complexity and network access from an authenticated user, but carries high impact across confidentiality, integrity, and availability. No patch is currently available for this HIGH severity issue (CVSS 7.5).
Privilege escalation via race condition in Windows SMB Server affects Windows 10 21h2, Windows 11 25h2, and Windows Server 2022 23h2, allowing authenticated attackers to gain elevated privileges over the network. The vulnerability stems from improper synchronization when handling concurrent access to shared resources, and no patch is currently available. With a CVSS score of 7.5, this poses a significant risk to organizations using affected Windows versions.
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random() which is not cryptographically secure for timing attack mitigation. [CVSS 7.5 HIGH]
router mode configuration of HPE Instant On Access Points exposed certain network configuration details to unintended interfaces. A malicious actor is affected by information exposure (CVSS 7.5).
Windows HTTP.sys contains an access control weakness that enables authenticated network attackers to escalate privileges on affected Windows systems including Windows 10 and Windows Server 2016/2019. The vulnerability requires low attack complexity and existing user credentials but grants complete compromise of confidentiality, integrity, and availability. No patch is currently available for this HIGH severity issue.