Privilege escalation via heap buffer overflow in Windows Kernel (Windows 10 21H2, Windows Server 2016) allows authenticated local users to gain elevated system privileges. The vulnerability requires local access and user-level permissions, making it exploitable by authorized account holders to bypass security boundaries. No patch is currently available for this issue.
Windows Ancillary Function Driver for WinSock contains a heap buffer overflow vulnerability that enables authenticated local users to achieve privilege escalation on affected Windows 10 and Server 2012 systems. An attacker with valid user credentials can exploit this memory corruption flaw to execute arbitrary code with elevated privileges. No patch is currently available for this vulnerability.
Windows HTTP.sys contains an untrusted pointer dereference vulnerability that enables authenticated local users to escalate privileges on Windows 11 and Windows Server 2022/2025 systems. An attacker with valid credentials can exploit this flaw to gain elevated access without user interaction. No patch is currently available for this HIGH severity issue affecting multiple Windows versions.
Privilege escalation in Microsoft Office Excel (including 365 Apps and Long Term Servicing Channel) via heap-based buffer overflow allows local attackers with user interaction to gain elevated system privileges. The vulnerability affects multiple Office product lines and currently lacks a security patch. With a CVSS score of 7.8, this poses a significant risk to organizations using affected Excel versions.
Windows Kernel privilege escalation vulnerability in Windows 10 21H2 and Windows Server 2012 stems from improper synchronization of concurrent access to shared resources, enabling local authenticated users to gain elevated system privileges. The race condition can be triggered without user interaction and impacts confidentiality, integrity, and availability of the affected system. No patch is currently available.
Windows HTTP.sys contains a race condition between privilege checks and resource access that enables local authenticated users to escalate privileges on Windows 10 21H2, Windows 11 23H2, and Windows Server 2025. An attacker with valid credentials can exploit this timing vulnerability to gain system-level access. No patch is currently available for this vulnerability.
Cryptographic key disclosure and credential forgery in MUNGE 0.5 through 0.5.17 lets a local user extract munged's MAC subkey from process memory and forge arbitrary credentials. By sending a crafted message with an oversized address-length field, an attacker triggers an out-of-bounds write that corrupts munged's internal state and leaks the key used to validate credentials, enabling impersonation of any user including root across every service that trusts MUNGE for authentication. EPSS is very low (0.02%) and there is no public exploit identified at time of analysis, but MUNGE's role as a cluster trust anchor makes the impact severe wherever it is deployed.
Privilege escalation in Microsoft Graphics Component on Windows 11 24H2 and Windows 10 21H2 exploits a heap buffer overflow to allow authenticated local attackers to gain system-level access. The vulnerability requires local access and user interaction is not required, presenting a significant risk in multi-user environments. No patch is currently available.
Arbitrary code execution in Adobe After Effects 25.6 and earlier results from an out-of-bounds read vulnerability triggered when parsing specially crafted files. An attacker can exploit this by tricking users into opening a malicious file, gaining execution privileges within the victim's user context. No patch is currently available for this vulnerability.
Code execution in Adobe After Effects 25.6 and earlier through out-of-bounds memory reads when processing malicious files. An attacker can exploit this vulnerability to execute arbitrary code with user privileges by tricking victims into opening a crafted file. No patch is currently available for this vulnerability.
Out-of-bounds memory reads in Adobe After Effects 25.6 and earlier enable arbitrary code execution when users open specially crafted files. An attacker can exploit this parsing vulnerability by delivering a malicious file that triggers a read past allocated buffer boundaries, executing code with the privileges of the affected user. No patch is currently available for this high-severity vulnerability that requires user interaction to exploit.
Arbitrary code execution in Adobe After Effects 25.6 and earlier through a use-after-free memory vulnerability requires user interaction to open a specially crafted file. An attacker can exploit this flaw to execute malicious code with the privileges of the affected user. No patch is currently available.
Arbitrary code execution in Adobe After Effects 25.6 and earlier via a use-after-free memory vulnerability that executes with user privileges when opening a malicious file. The vulnerability requires user interaction but has no available patch, leaving affected systems at risk from social engineering attacks delivering weaponized project files.
Arbitrary code execution in Adobe After Effects 25.6 and earlier through a use-after-free memory vulnerability requires victims to open a malicious file. An attacker can execute commands with the privileges of the affected user without requiring special permissions. No patch is currently available for this high-severity vulnerability.
Arbitrary code execution in Adobe After Effects versions 25.6 and earlier through a use-after-free vulnerability that requires a user to open a malicious file. An attacker can execute arbitrary code with the privileges of the affected user by crafting a specially designed file. No patch is currently available.
Arbitrary code execution in Adobe After Effects 25.6 and earlier through a use-after-free flaw allows attackers to execute commands with user privileges when a victim opens a crafted file. The vulnerability requires user interaction but poses high risk to creative professionals and design teams. No patch is currently available.
Arbitrary code execution in Substance 3D Stager 3.1.6 and earlier results from an out-of-bounds write vulnerability that executes with user privileges. An attacker can exploit this by crafting a malicious file that, when opened by a victim, triggers the memory corruption and executes arbitrary code. No patch is currently available, making user education about untrusted files critical for mitigation.
Arbitrary code execution in Substance 3D Designer 15.1.0 and earlier via an out-of-bounds write vulnerability that triggers when users open a crafted malicious file. This local attack requires user interaction but executes with the privileges of the affected user, and no patch is currently available.
Arbitrary code execution in Substance 3D Designer 15.1.0 and earlier through an out-of-bounds write vulnerability that requires a user to open a malicious file. An attacker can execute code with the privileges of the targeted user by crafting a specially designed file. No patch is currently available for this high-severity vulnerability.
Arbitrary code execution in Adobe After Effects 25.6 and earlier via out-of-bounds write vulnerability when users open malicious files. This local attack requires user interaction but grants the attacker full execution privileges within the victim's session. No patch is currently available.
Arbitrary code execution in Adobe After Effects 25.6 and earlier through out-of-bounds write vulnerability (CWE-787) when processing malicious files. An attacker can execute code with user privileges by convincing a victim to open a specially crafted file, with no patch currently available.
Arbitrary code execution in Adobe After Effects 25.6 and earlier via out-of-bounds write when processing malicious files. An attacker can achieve code execution with user privileges by tricking a victim into opening a crafted file. No patch is currently available.
Arbitrary code execution in Adobe Audition 25.3 and earlier through a local out-of-bounds write vulnerability that requires victims to open a specially crafted file. The vulnerability impacts all users running affected versions and allows attackers to execute code with the privileges of the current user. No patch is currently available.
Arbitrary code execution in Adobe InDesign versions 21.1, 20.5.1, and earlier through a heap buffer overflow vulnerability triggered by opening a malicious file. The vulnerability requires user interaction and executes with the privileges of the current user, with no patch currently available. Local attackers can leverage this to achieve code execution on affected systems.
Arbitrary code execution in Adobe After Effects 25.6 and earlier through type confusion allows attackers to execute malicious code with user privileges when a victim opens a crafted file. The vulnerability requires user interaction but poses a significant risk to creative professionals and organizations using affected versions. No patch is currently available.
Arbitrary code execution in Adobe After Effects 25.6 and earlier through an integer overflow vulnerability affecting file processing. An attacker can exploit this by crafting a malicious file that, when opened by a user, executes code with the privileges of the current user. No patch is currently available for this high-severity vulnerability.
Arbitrary code execution in Siemens SINEC NMS versions prior to V4.0 SP2 can be achieved when a low-privileged user modifies configuration files to load malicious DLLs, resulting in administrative privilege execution. This local vulnerability affects all current deployments and currently has no available patch. An authenticated attacker with local access can exploit this to gain full system compromise.
Arbitrary code execution in Simcenter Femap and Nastran versions prior to V2512 results from an out-of-bounds write flaw triggered by parsing malicious XDB files. Local attackers with user interaction can exploit this vulnerability to execute arbitrary code with the privileges of the affected application. No patch is currently available for this high-severity vulnerability.
Endpoint Configuration Toolset Solution is affected by improper link resolution before file access (CVSS 7.8).
Nx versions prior to V2512 contain an insufficient input validation flaw in the PDF export functionality that permits local attackers to corrupt internal data structures and achieve arbitrary code execution. An attacker with local file system access can exploit this vulnerability to manipulate the export process and gain code execution privileges. No patch is currently available for this vulnerability.
AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user. [CVSS 7.8 HIGH]
Code execution in Simcenter Femap and Nastran versions prior to V2512 results from an out-of-bounds read flaw triggered when parsing malicious NDB files. A local attacker with user interaction can exploit this vulnerability to execute arbitrary code with the privileges of the affected application. No patch is currently available for this vulnerability.
Heap-based buffer overflow in Simcenter Femap and Nastran versions prior to V2512 allows local attackers to achieve arbitrary code execution by crafting malicious NDB files. The vulnerability requires user interaction to trigger and affects all current versions of both products. No patch is currently available, leaving affected systems at risk of privilege escalation and system compromise.
Out-of-bounds read in Simcenter Femap and Nastran versions prior to V2512 during NDB file parsing enables local code execution under the current process context. An attacker can exploit this vulnerability through specially crafted NDB files to achieve arbitrary code execution. No patch is currently available for this high-severity vulnerability affecting both products.
Simcenter Femap and Nastran versions prior to 2512 are vulnerable to out-of-bounds memory reads when processing maliciously crafted XDB files, enabling arbitrary code execution with the privileges of the affected application. Local attackers can exploit this vulnerability through specially designed files to achieve full system compromise. No patch is currently available for this high-severity flaw.
Arbitrary code execution in Simcenter Femap and Nastran versions prior to 2512 results from an out-of-bounds read when processing malicious XDB files, enabling local attackers to achieve process-level code execution. An attacker with local access can craft a specially designed XDB file to trigger the memory vulnerability and execute arbitrary code with the privileges of the affected application. No patch is currently available for this vulnerability.
Denial-of-service vulnerability in SAP Advanced Planning And Optimization and Supply Chain Management allows authenticated users to exhaust system resources by repeatedly calling a remote function module with oversized parameters, causing service unavailability. An attacker with standard user credentials and network access can trigger prolonged resource consumption that may render the affected system unresponsive. No patch is currently available.
Authenticated users in SAP Solution Tools Plug-In (ST-PI) can access sensitive information through a function module that lacks proper authorization controls, allowing disclosure of confidential data without requiring additional privileges. The vulnerability affects all users with basic authentication to the affected SAP systems, as the missing checks permit lateral data exposure across the application.
A vulnerability has been identified in Polarion V2404 (All versions < V2404.5), Polarion V2410 (All versions < V2410.2). The affected application allows arbitrary JavaScript code be included in document titles. [CVSS 7.6 HIGH]
Microsoft Outlook's unsafe deserialization of untrusted data enables remote attackers to spoof messages and identities without authentication over the network. This vulnerability affects Outlook, Word, and Microsoft 365 Apps, allowing attackers to impersonate legitimate senders and deceive users. No patch is currently available, making this a high-risk threat requiring immediate defensive measures.
Businessobjects Business Intelligence Platform versions up to 430 is affected by missing authorization (CVSS 7.5).
Unauthenticated attackers can extract arbitrary post metadata from WordPress sites running Ninja Forms plugin versions up to 3.14.0 through improper merge tag filtering in repeater fields, potentially exposing sensitive data like API keys, billing information, and customer details. The vulnerability is exploitable remotely without authentication via the nf_ajax_submit AJAX action and currently lacks a patch.
Unauthenticated attackers can crash core PI services through an unhandled exception vulnerability accessible over the network, causing denial-of-service without authentication or user interaction required. This high-severity flaw (CVSS 7.5) impacts availability of affected PI deployments with no patch currently available.
Emmett is a framework designed to simplify your development process. versions up to 1.3.11 contains a vulnerability that allows attackers to trigger HTTP 500 errors and cause denial of service (CVSS 7.5).
Windows LDAP service in Server 2022 and 2022 23H2 is vulnerable to denial of service through a null pointer dereference that can be triggered remotely without authentication. An attacker can exploit this flaw over the network to crash the LDAP service and disrupt directory access functionality. No patch is currently available for this vulnerability.
MongoDB proxy port connections bypass connection accounting mechanisms, allowing unauthenticated remote attackers to exhaust server resources and trigger denial of service without authentication. Servers relying on connection limits for resource management are vulnerable to crashes when connection counts are artificially inflated through the proxy protocol. No patch is currently available for this high-severity issue affecting MongoDB deployments.
Businessobjects Business Intelligence Platform versions up to 430 contains a security vulnerability (CVSS 7.5).
MongoDB instances are vulnerable to denial of service attacks when processing specially crafted unauthenticated messages that trigger memory exhaustion and server crashes. An unauthenticated remote attacker can exploit this vulnerability to disable MongoDB availability without requiring valid credentials or user interaction. No patch is currently available for this vulnerability.
Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network. [CVSS 7.5 HIGH]
Information disclosure in Microsoft Outlook, SharePoint Server, Office, and 365 Apps enables remote attackers to conduct email spoofing attacks without authentication or user interaction. The vulnerability affects multiple Microsoft collaboration products and could allow threat actors to impersonate legitimate senders to compromise organizational security. No patch is currently available for this high-severity issue.