Local code execution in Microsoft Office is possible through a heap-based buffer overflow that an unauthorized attacker can trigger without user interaction. The flaw carries a CVSS 3.1 score of 8.4 with high impact across confidentiality, integrity, and availability, and no public exploit identified at time of analysis. Despite requiring local access, the absence of authentication and user-interaction requirements makes this a notable priority for endpoint patching cycles.
Local code execution in Microsoft Office via a heap-based buffer overflow allows an unauthorized attacker to run arbitrary code with the privileges of the user opening a malicious document. The CVSS vector (AV:L/PR:N/UI:N) indicates local attack vector without required authentication or user interaction, an unusual combination that warrants verification against the vendor advisory. No public exploit identified at time of analysis and the issue is not currently listed in CISA KEV.
Local code execution in Microsoft Office via a heap-based buffer overflow that lets an unauthorized attacker run arbitrary code in the context of the current user. The flaw carries a CVSS 8.4 rating driven by high impact across confidentiality, integrity, and availability, and no public exploit identified at time of analysis. Despite the 'unauthorized' wording, the CVSS vector specifies a local attack vector, indicating the attacker must already be able to deliver a crafted file or run code on the target system.
Local code execution in Microsoft Office via a type confusion flaw (CWE-416) permits unauthorized attackers to run arbitrary code in the context of the Office process without requiring privileges or user interaction. The issue carries a high CVSS 3.1 score of 8.4 with full impact across confidentiality, integrity, and availability, though exploitation requires local attack vector access to the target system. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.
Uninitialized stack memory disclosure in the Linux kernel's iio pressure sensor driver (mprls0025pa) for the Honeywell MPRLS0025PA SPI pressure sensor stems from a spi_transfer struct that was not zeroed before use. Local users on systems with the vulnerable driver loaded may trigger undefined SPI transfer behavior and potentially leak kernel stack contents. There is no public exploit identified at time of analysis, and EPSS rates exploitation likelihood at 0.02% (5th percentile).
Environment and debug-mode tampering in symfony/runtime (5.4.46-5.4.51, 6.4.14-6.4.39, 7.1.7-7.4.11, 8.0.0-8.0.11) lets an unauthenticated remote attacker flip APP_ENV and toggle APP_DEBUG via a crafted GET query string, bypassing the fix for CVE-2024-50340. The prior patch gated the argv read on empty($_GET), but because parse_str() and the web SAPI parse the raw query differently, an attacker can craft input that leaves $_GET empty while $_SERVER['argv'] still carries --env/--no-debug flags. No public exploit is listed in KEV, though the vendor commit ships a working proof-of-concept test case; EPSS is low at 0.10%.
Sandbox escape in Google Chrome prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a use-after-free flaw in the Tracing component, triggered through a crafted HTML page. No public exploit identified at time of analysis, and SSVC indicates exploitation status is 'none', but the technical impact is rated total because a successful escape grants code execution at browser-process privileges. Google has shipped a fix and rates the underlying Chromium severity as Medium, while the assigned CVSS is 8.3 due to scope change and high CIA impact.
Sandbox escape in Google Chrome versions prior to 149.0.7827.103 allows remote attackers who have already compromised the renderer process to break out of the sandbox via a use-after-free in the Read Anything component when processing a crafted HTML page. Google rates this Chromium-severity High, and no public exploit has been identified at time of analysis, but the CVSS 8.3 score reflects the severity of full sandbox escape leading to scoped impact beyond the renderer. This is a second-stage bug requiring chaining with a renderer compromise, not a one-shot drive-by.
Sandbox escape in Google Chrome on Windows before 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free in the Codecs component triggered by a crafted HTML page. Google rates this Chromium security severity as High, and a vendor patch is available; no public exploit was identified at time of analysis, though the scope-changed CVSS 8.3 reflects the cross-boundary impact of breaching the sandbox.
Sandbox escape in Google Chrome versions prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the Chromium sandbox via a use-after-free in the Skia graphics library. The flaw is rated High severity by Chromium and carries a CVSS 8.3, but exploitation requires both a prior renderer compromise and user interaction with a crafted HTML page. No public exploit identified at time of analysis.
Sandbox escape in Google Chrome on Windows prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free in the Views component, triggered through a crafted HTML page. Google rates this Chromium security severity High and a vendor patch is available; no public exploit identified at time of analysis and the bug is not currently listed in CISA KEV.
Sandbox escape in Google Chrome on macOS prior to version 149.0.7827.103 enables a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that triggers an integer overflow in the Media component. Google rates the Chromium severity as High, and no public exploit has been identified at time of analysis. Because exploitation requires chaining with a separate renderer compromise plus user interaction (visiting a malicious page), the attack complexity is High despite the network attack vector.
Sandbox escape in Google Chrome versions prior to 149.0.7827.103 enables a remote attacker who has already compromised the renderer process to break out of the browser sandbox through a use-after-free flaw in the Extensions component, triggered via a crafted HTML page. Google rates the underlying Chromium severity as High and a vendor patch is available, though no public exploit has been identified at time of analysis and the issue is not listed in CISA KEV. The vulnerability is meaningful as the second stage in a multi-bug renderer-to-system exploit chain rather than as a single-shot drive-by.
Sandbox escape in Google Chrome on Android prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page exploiting a use-after-free in the Printing component. Google rates this High severity, and a vendor patch is available, but no public exploit identified at time of analysis and the vulnerability requires chaining with a separate renderer compromise plus user interaction with a print flow.
Sandbox escape in Google Chrome on macOS prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free flaw in the Bluetooth component, triggered by a crafted HTML page. Chromium rates the severity as Critical, and a vendor patch is available; no public exploit has been identified at time of analysis, though the bug is tracked in the Chromium issue tracker (516987814).
Sandbox escape in Google Chrome on Windows versions prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page exploiting a use-after-free in the Aura UI framework. Google rates the underlying Chromium issue as Critical severity, though exploitation requires a prior renderer compromise and user interaction (visiting a malicious page). No public exploit has been identified at time of analysis and the CVE is not listed in CISA KEV.
Sandbox escape in Google Chrome on Linux prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page, escalating from a contained renderer context to broader host access. Chromium rates this High severity, and while no public exploit has been identified at time of analysis, the CVSS 8.3 score reflects the serious consequence of bypassing one of the browser's core security boundaries. The flaw resides in the Views component and requires user interaction (UI:R) plus a prior renderer compromise, making it a second-stage vulnerability in a multi-bug exploit chain.
Sandbox escape in Google Chrome and ChromeOS on Linux prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page abusing the Dawn (WebGPU) component. Chromium rates the severity High, and while no public exploit identified at time of analysis, sandbox-escape bugs in Dawn are historically chained with renderer RCE bugs in exploit chains. The CVSS 8.3 score reflects the high attack complexity and required user interaction, but the scope change (S:C) signals a meaningful trust-boundary break.
Sandbox escape in Google Chrome prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the Chromium sandbox via a crafted HTML page served through the New Tab Page. Google rates the underlying Chromium severity as High and a fix is shipped in the stable channel, but no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Sandbox escape in Google Chrome on Android prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of Chrome's sandbox via a heap buffer overflow in the GPU process triggered by a crafted HTML page. Rated High severity by Chromium with a CVSS 8.3 reflecting scope change and full CIA impact; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Sandbox escape in Google Chrome versions prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page exploiting a use-after-free in Web Apps. Chromium rates the severity as Critical, and a vendor patch is available, though no public exploit has been identified at time of analysis. This is a second-stage vulnerability typically chained with a renderer RCE to achieve full browser compromise.
Sandbox escape in Google Chrome on macOS versions prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer/network process to break out of the browser sandbox via a race condition triggered by a crafted HTML page. Chromium rates the severity as High and a vendor patch is available, though no public exploit has been identified at time of analysis.
Sandbox escape in Google Chrome versions prior to 149.0.7827.103 enables a remote attacker who has already compromised the renderer process to break out of the browser sandbox via an integer overflow in the libyuv image conversion library. Exploitation requires user interaction with a crafted HTML page and a chained renderer compromise, but Google rated the underlying issue Critical because a successful chain yields code execution outside Chrome's sandbox. There is no public exploit identified at time of analysis and EPSS exploitation probability is low at 0.03%.
Sandbox escape in Google Chrome versions prior to 149.0.7827.103 stems from a use-after-free condition in the ServiceWorker component, allowing an attacker to break out of Chrome's renderer sandbox through a crafted malicious extension. The flaw is rated Chromium severity High with CVSS 8.3 and no public exploit identified at time of analysis, but the scope-change (S:C) and full CIA impact mean a successful escape grants meaningful control over the host browser process. Exploitation requires the victim to install the attacker's extension, which constrains opportunistic mass exploitation but is realistic against targeted users.
Information disclosure in Microsoft Office Excel allows remote unauthenticated attackers to read out-of-bounds memory over a network, potentially exposing sensitive data from process memory. The CVSS 8.2 score reflects high confidentiality impact with no authentication or user interaction required per the CVSS vector. No public exploit identified at time of analysis and the vulnerability is not currently listed in CISA KEV.
Pre-authentication denial-of-service in MongoDB Server allows unauthenticated remote clients to crash the database process by submitting a crafted 'mechanism' value to the 'authenticate' command when OIDC authentication is configured. The flaw carries a CVSS 4.0 base score of 8.2 driven by network reachability, no privileges required, and high availability impact; no public exploit identified at time of analysis and it is not listed in CISA KEV.
Local code execution in Microsoft Windows Hyper-V stems from an out-of-bounds read condition (CWE-122 heap-based buffer overflow) that an attacker with high privileges on a guest or host context can leverage to break confidentiality, integrity, and availability boundaries. The CVSS 8.2 score is elevated by a scope change (S:C), indicating the flaw enables crossing the hypervisor isolation boundary. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.
Local privilege escalation in the Linux MANA (Microsoft Azure Network Adapter) driver allows an authenticated attacker with high privileges on the host to escalate privileges across security boundaries by exploiting a use-after-free condition. The flaw was reported by Microsoft Security Response Center and carries a CVSS 3.1 score of 8.2 driven by scope change and high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.
The utility functions used by Malwarebytes EDR 1.0.11 on Linux for calculating a cryptographic hash of data bytes truncate the hashed data if it exceeds 4GB. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.
Remote code execution in the Microsoft Windows Universal Plug and Play stack (upnp.dll) allows unauthenticated network attackers to execute arbitrary code on affected hosts by triggering a memory-safety flaw in the UPnP service. The issue carries a CVSS 3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N), reflecting network reachability without credentials but high attack complexity. At time of analysis there is no public exploit identified and the CVE is not listed in CISA KEV.
Remote code execution in Google Chrome versions prior to 149.0.7827.103 stems from a use-after-free condition in the Proxy component, enabling remote attackers to execute arbitrary code by delivering malicious network traffic. Chromium has rated this issue Critical severity, and while no public exploit is identified at the time of analysis, the network-reachable nature of the Proxy subsystem and Chrome's massive deployment footprint make this a high-priority browser patch. The CVSS 8.1 score reflects high attack complexity offset by no required privileges or user interaction.
Remote code execution in Windows Performance Monitor enables unauthenticated network attackers to execute arbitrary code by triggering an integer underflow condition in the component's data handling logic. The flaw carries a CVSS score of 8.1 with high attack complexity, and while no public exploit identified at time of analysis, the SSVC assessment rates technical impact as total. Microsoft has released a patch via MSRC, and the issue is also tracked in VulDB entry 369628.
Remote code execution in Microsoft Windows Performance Monitor (PerfMon) allows unauthenticated network-based attackers to execute arbitrary code by triggering an integer underflow condition. The flaw carries a CVSS 3.1 score of 8.1 driven by high impact across confidentiality, integrity, and availability, though high attack complexity (AC:H) tempers exploitability. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, but Microsoft has released a patch via MSRC guidance.
Remote code execution in the Windows Universal Plug and Play service (upnp.dll) allows unauthenticated network attackers to execute arbitrary code by triggering a use-after-free condition. The flaw carries a CVSS 3.1 base score of 8.1, lowered by high attack complexity (AC:H) reflecting the race-condition or memory-state requirements typical of UAF bugs. No public exploit identified at time of analysis, and the CVE is not currently listed in CISA KEV; EPSS data was not provided in the input.
Remote code execution in Microsoft Windows Deployment Services (WDS) allows unauthenticated network-based attackers to execute arbitrary code by exploiting a use-after-free memory corruption flaw (CWE-416). The CVSS 8.1 score reflects high impact on confidentiality, integrity, and availability, though exploit complexity is rated High. No public exploit identified at time of analysis, and SSVC marks exploitation status as none with the flaw classified as not automatable.
Security feature bypass in Adobe ColdFusion 2023.19, 2025.8 and earlier allows a low-privileged remote attacker to circumvent authentication controls and gain unauthorized read and write access to protected resources. The flaw stems from improper input validation (CWE-20) and is network-exploitable without user interaction, earning a CVSS 8.1 rating. No public exploit identified at time of analysis, but ColdFusion has a strong history of post-disclosure exploitation, making rapid patching essential.
Heap buffer overflow in OpenSSL's ASN.1 multibyte string conversion routine allows remote attackers to corrupt memory and potentially achieve code execution against applications using affected OpenSSL versions prior to 4.0.1. The flaw was disclosed via the OpenSSL 4.0.1 security patch release alongside 17 other CVEs and is classified as a high-severity issue (CVSS 8.1) with no public exploit identified at time of analysis.
Local spoofing in Microsoft Office for Android lets an unauthorized attacker manipulate trust-affecting content or identity indicators after a user interacts with malicious input on the device. The CVSS 7.1 score reflects high confidentiality and integrity impact with no special privileges required, though the local attack vector and required user interaction limit remote exploitability. No public exploit identified at time of analysis and the issue is not on the CISA KEV list.
Site isolation bypass in Google Chrome's Passwords component prior to version 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to escape cross-origin boundaries via a crafted HTML page. The flaw is rated High severity by Chromium with a CVSS 8.1 score, but EPSS exploitation probability is very low (0.02%, 6th percentile) and no public exploit identified at time of analysis. The vendor has shipped a fix in the stable channel.
Site isolation bypass in Google Chrome versions prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to escape cross-origin boundaries via a crafted HTML page. The flaw is rated High severity by Chromium and carries a CVSS score of 8.1, though EPSS is very low at 0.02% and no public exploit identified at time of analysis. This is a second-stage vulnerability requiring prior renderer compromise, typically chained with a separate RCE in the renderer sandbox.
Local privilege escalation in Waves Central for macOS (13.0.9 through 16.5.5) allows an unprivileged local user to gain root code execution by exploiting a time-of-check/time-of-use race in the privileged helper's XPC client validation. The helper trusts the connecting process's PID to verify code-signing identity, but PID reuse permits an attacker-controlled process to masquerade as a legitimate Waves client. SSVC reports a public proof-of-concept exists; the issue is not listed in CISA KEV.
Shadow paging error paths in Xen Hypervisor 4.15+ on x86 allow 64-bit PV guests operating in shadow mode to corrupt mapcache metadata by triggering a page-table switch that does not update the currently running vCPU reference. Successful exploitation by a guest can result in privilege escalation into the hypervisor, host-wide denial of service, and information leaks affecting all co-resident guests. No public exploit or active exploitation (CISA KEV) has been identified at time of analysis; vendor-released patches are available for all supported stable branches.
Local File Inclusion in the Recover Exit For WooCommerce WordPress plugin (versions up to and including 1.0.3) allows remote unauthenticated attackers to include arbitrary local PHP files via the unsanitized `tpf` POST parameter passed to `include()` in the `recover_exit()` function. Successful exploitation can disclose sensitive files such as `wp-config.php` and, when combined with file upload primitives or log poisoning, escalate to remote code execution. No public exploit identified at time of analysis, though the vulnerable sink is documented in the plugin source on plugins.trac.wordpress.org.
Privilege escalation in BookCars v8.3 allows authenticated low-privileged users to elevate themselves to administrator by modifying their own user type attribute, due to missing server-side authorization checks. The flaw is documented in a public GitHub vulnerability writeup but is not listed in CISA KEV, and no public weaponized exploit has been catalogued at time of analysis. CVSS 8.1 reflects high confidentiality and integrity impact achievable over the network with only a standard user account.
Buffer overflow in the Linux kernel's greybus gb-beagleplay driver allows an adjacent attacker with control over the cc1352 bootloader serial data stream to overflow the fixed rx_buffer used to stage bootloader packets. The cc1352_bootloader_rx() handler appends serdev chunks without validating they fit in remaining buffer space, enabling memory corruption with high confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, and EPSS exploitation probability is very low at 0.02%.
Security feature bypass in Windows Secure Boot allows a high-privileged local attacker to circumvent the boot integrity protection mechanism, undermining trust in the Windows boot chain. The flaw (CWE-1329, reliance on a component that is not updateable) carries a CVSS 7.9 rating due to scope change and high impact on confidentiality and integrity, and no public exploit has been identified at time of analysis. Successful exploitation could enable pre-OS persistence such as bootkits, defeating a foundational Windows security control.
Secure Boot bypass in Microsoft Windows allows an authorized local attacker with high privileges to defeat the platform's protection mechanism and tamper with the pre-OS boot chain. The CVSS 7.9 score reflects a scope-changing impact on confidentiality and integrity from a local vector, and no public exploit identified at time of analysis. The single MSRC reference indicates a Microsoft-tracked issue that primarily threatens code-integrity and boot-trust guarantees rather than runtime availability.
Secure Boot bypass in Windows allows a local attacker with high privileges to defeat the platform's boot-time integrity protection mechanism, breaking the chain of trust that prevents unauthorized bootloaders and pre-OS code from executing. The flaw (CWE-693, Protection Mechanism Failure) carries a CVSS 7.9 due to scope change and high confidentiality/integrity impact, and no public exploit identified at time of analysis. Successful exploitation undermines a foundational anti-tamper control and can enable persistent pre-OS implants such as bootkits.
Secure Boot bypass in Microsoft Windows allows an authorized local attacker with high privileges to defeat the firmware-level boot integrity protection, breaking the chain of trust intended to prevent unauthorized boot-time code. The CVSS 7.9 rating with scope change (S:C) indicates the bypass affects components beyond the initially compromised context, enabling pre-OS persistence. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Security feature bypass in Microsoft Windows Secure Boot allows a local attacker with high privileges to defeat the platform's boot-time integrity protections, achieving cross-scope confidentiality and integrity impact on the host. The flaw is tracked under CWE-693 (Protection Mechanism Failure) and carries a CVSS 3.1 base score of 7.9 with no public exploit identified at time of analysis. Because the scope is Changed (S:C), successful exploitation lets the attacker influence components outside the originally vulnerable security boundary - typically the trusted boot chain itself.