Denial of service in MongoDB Server 8.0 allows authenticated users with aggregation pipeline privileges to crash the server process by issuing a specially crafted aggregation followed by a getMore command on the same cursor, triggering a null pointer dereference in the aggregation stage's _subPipeline field. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but the low attack complexity and minimal privilege requirement make it a credible availability threat for multi-tenant or shared MongoDB deployments.
Denial of service in MongoDB Server allows authenticated users to trigger an assertion failure by running aggregation pipelines that use the internal $exchange stage with key-range partitioning and order-preserving delivery. When a single key range fills its consumer buffer, the high watermark is not updated correctly, leading to a reachable assertion (CWE-617) and likely process termination. No public exploit identified at time of analysis.
Denial of service in MongoDB Server allows authenticated remote attackers to crash the database process by submitting aggregation pipelines that combine the internal fromRouter:true flag with runtimeConstants.userRoles. No public exploit identified at time of analysis, but the bug is tracked in MongoDB's public JIRA (SERVER-123918), which makes the trigger conditions discoverable. Impact is limited to availability (VA:H) with no data exposure or integrity compromise.
Denial of service in MongoDB Server occurs when an authenticated user issues a $changeStreams aggregation combined with the internal $_requestReshardingResumeToken option and the exchange option, triggering a reachable invariant that crashes the mongod process. Any logged-in user with low privileges can repeatedly invoke the crash on default deployments, producing service-wide downtime. No public exploit identified at time of analysis and the issue is not listed in CISA KEV, but the bug is vendor-confirmed via MongoDB Jira SERVER-124190.
Information disclosure in MongoDB Server allows authenticated users holding the read role to obtain small amounts of uninitialized stack memory by submitting specially-crafted filemd5 commands. The flaw stems from CWE-457 (Use of Uninitialized Variable) in the filemd5 command handler, and while no public exploit has been identified at time of analysis, the low attack complexity and network reachability make it a credible insider/credential-theft risk against MongoDB databases.
Cross-profile data disclosure in Hermes WebUI before 0.51.269 allows authenticated users to read session titles and transcript message content from other users' profiles by querying the sessions search endpoint, which fails to scope results to the caller's active profile. The flaw was reported by VulnCheck and a vendor patch is available; no public exploit identified at time of analysis, but the issue is trivial to trigger for any logged-in account.
Memory leak in the Linux kernel's TUN driver (tun_xdp_one) allows a local attacker to exhaust host memory by repeatedly triggering build_skb() allocation failures, leaking one page-frag chunk per failed batch entry. The flaw affects the vhost_net XDP fast-path used by virtual machines and containers; with no public exploit identified at time of analysis and an EPSS score of 0.02% (5th percentile), real-world weaponization risk is low, but sustained leakage on busy virtualization hosts could degrade availability.
Local denial-of-service in the Linux kernel's tun/vhost-net subsystem allows an unprivileged process with access to /dev/net/tun and /dev/vhost-net to leak page-frag chunks on every short frame (length minus virtio-net header below ETH_HLEN) submitted to tun_xdp_one(), eventually exhausting host memory and triggering an OOM panic. The flaw is a missing put_page() on the -EINVAL error path that tun_sendmsg() then masks by reporting success to vhost_tx_batch(). EPSS is very low (0.02%) and no public exploit identified at time of analysis, but the bug is upstream-confirmed with patches in stable trees.
Sensitive information disclosure in MongoDB Server affects deployments using Queryable Encryption (QE) or Client-Side Field Level Encryption (CSFLE) when issuing $vectorSearch aggregation queries. Due to a flaw in client-side query analysis, literal values intended for encrypted fields inside $vectorSearch filter expressions are transmitted to the server as plaintext instead of ciphertext, defeating the confidentiality guarantee of client-side encryption. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Information disclosure in TYPO3 CMS allows authenticated backend users with file download permissions to retrieve arbitrary files from the server's document root via the Media Module's File Abstraction Layer (FAL) fallback storage. Affected branches span versions 11.0.0-11.5.50, 12.0.0-12.4.45, 13.0.0-13.4.30, and 14.0.0-14.3.2, with no public exploit identified at time of analysis. The flaw exposes sensitive files such as logs, .htpasswd, and configuration material that would normally sit outside the managed file storage.
Privilege escalation in SAP NetWeaver Application Server ABAP allows authenticated low-privilege users to invoke a report generation command that overwrites data belonging to other users, breaking tenant-level data integrity. The flaw stems from missing authorization checks (CWE-862) and carries a CVSS 7.1 rating with high integrity impact; no public exploit identified at time of analysis.
Local privilege escalation in Microsoft Windows Storage allows an authorized low-privilege user to gain higher privileges through an untrusted search path weakness (CWE-426). The flaw requires existing local access and a successful race or environmental manipulation, reflected in the high attack complexity. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.
Local privilege escalation in Microsoft Office Click-To-Run stems from a use-after-free condition (CWE-416) that lets an authorized low-privilege user elevate to higher privileges on the host. The flaw, reported by Microsoft's MSRC, carries a CVSS 7.0 (AV:L/AC:H/PR:L) reflecting that exploitation requires local access, low privileges, and a successful race-window or memory-state condition. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.
Local privilege escalation in Microsoft Windows Kernel allows an authenticated low-privilege attacker to elevate to SYSTEM by triggering a use-after-free condition in kernel memory. The flaw carries a CVSS 7.0 rating with high attack complexity, and no public exploit identified at time of analysis. Exploitation requires a race condition or specific timing to be won, which constrains reliable weaponization but does not eliminate the risk on multi-user or shared Windows hosts.
Local privilege escalation in Microsoft Windows Kernel allows an authorized low-privileged attacker to gain elevated (SYSTEM-level) privileges by triggering a use-after-free condition in kernel memory. The flaw carries a CVSS 7.0 (High) rating with high attack complexity, and Microsoft has released a patch via MSRC; no public exploit identified at time of analysis. Successful exploitation breaks the local Windows security boundary, enabling full host compromise from any authenticated session.
Local privilege escalation in the Windows Ancillary Function Driver for WinSock (afd.sys) allows an authenticated low-privileged user to elevate to SYSTEM via a use-after-free condition. The flaw affects Microsoft Windows installations using the standard WinSock kernel driver and has a vendor-released patch available through Microsoft's security update guide. No public exploit has been identified at time of analysis, though afd.sys has historically been a frequent target for elevation-of-privilege exploitation.
Local privilege escalation in the Windows Program Compatibility Assistant (PCA) Service affects supported Windows 10, Windows 11, and Windows Server 2022/2025 builds through a TOCTOU race condition (CWE-367). An authenticated local attacker who wins the race window can elevate from a standard user context to higher privileges with full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, and EPSS is very low (0.05%), but Microsoft has released patches across all affected branches.
Local privilege escalation in Microsoft Defender for Endpoint for Mac (versions 101.0.0 through 101.26042.0010) allows an authenticated local attacker to win a time-of-check/time-of-use race and gain elevated privileges on the host. No public exploit identified at time of analysis, and EPSS is very low (0.05%), but SSVC rates technical impact as 'total' because successful exploitation yields full compromise of the endpoint security agent.
Local privilege escalation in the Windows Ancillary Function Driver for WinSock (afd.sys) allows an authenticated low-privileged user to elevate to SYSTEM by winning a race condition that triggers a use-after-free. The flaw is reported by Microsoft (MSRC) and carries CVSS 7.0 with high attack complexity, but no public exploit is identified at time of analysis and it is not listed in CISA KEV.
Local privilege escalation in the Windows Ancillary Function Driver for WinSock (AFD.sys) allows an authenticated low-privileged attacker to win a race condition and gain SYSTEM-level execution. The flaw is a use-after-free triggered through concurrent WinSock operations, and at time of analysis no public exploit has been identified and the CVE is not on the CISA KEV list.
Local privilege escalation in the Windows Ancillary Function Driver for WinSock (afd.sys) allows an authenticated low-privileged user to win a race condition and trigger a use-after-free, enabling code execution at kernel level. No public exploit identified at time of analysis, but AFD.sys has a long history of being a preferred LPE target and Microsoft has marked the issue as important. EPSS data was not provided in the source feed.
Local privilege escalation in Microsoft Windows UI Automation Manager (uiamanager.dll) enables authenticated low-privileged users to gain higher privileges by exploiting a race condition in concurrent resource access. The flaw was reported by Microsoft's own security team (secure@microsoft.com) and has no public exploit identified at time of analysis, though the CVSS 7.0 score reflects high impact on confidentiality, integrity, and availability once successfully triggered.
Local privilege escalation in the Windows Ancillary Function Driver for WinSock (afd.sys) allows an authenticated local user to gain SYSTEM-level rights by winning a race condition that leads to a use-after-free in kernel memory. The flaw affects Windows installations where afd.sys is loaded (effectively all desktop and server SKUs) and was reported by Microsoft Security Response Center; no public exploit identified at time of analysis and the vulnerability is not listed on the CISA KEV catalog.
Local code execution in Microsoft Office Excel can be achieved by an unauthenticated attacker who tricks a user into opening a malicious spreadsheet that triggers an integer underflow condition. The flaw carries a CVSS 7.0 rating reflecting high attack complexity and required user interaction, and no public exploit identified at time of analysis. There is a notable mismatch between the description (integer underflow) and the assigned CWE-362 (race condition), which warrants verification with Microsoft's advisory.
Local privilege escalation in Microsoft Windows Telephony Service allows an authenticated low-privileged attacker to elevate to higher privileges by exploiting a race condition in concurrent access to a shared resource. The flaw carries a CVSS 7.0 (High) rating with high attack complexity, and no public exploit identified at time of analysis. Successful exploitation grants full confidentiality, integrity, and availability impact on the affected host.
Local privilege escalation in the Windows Function Discovery Service (fdwsd.dll) allows an authorized low-privileged attacker on the host to win a race condition and obtain elevated privileges. Reported by Microsoft (secure@microsoft.com) and tracked under MSRC's update guide, the issue carries a CVSS 7.0 score driven by high impact across confidentiality, integrity, and availability, though the high attack complexity reflects the timing window required. No public exploit identified at time of analysis and the flaw is not currently listed in CISA KEV.