Monthly
Numeric truncation error in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
Local code execution in Microsoft's Resilient File System (ReFS) driver lets an already-authenticated, low-privileged user on affected Windows 10, Windows 11, and Windows Server 2016–2025 systems escalate to code execution through a numeric truncation flaw (CWE-197). No public exploit has been identified at time of analysis, and it is not on CISA KEV, but Microsoft has released a patch. Note a data conflict: the description states code execution and the CVSS carries C:H/I:H/A:H, yet the vendor tags label it 'Information Disclosure' — the CVSS-backed local elevation-of-privilege reading is treated as authoritative here.
Local code execution in Microsoft's Resilient File System (ReFS) driver allows an authorized (low-privileged) attacker to run arbitrary code with elevated context via a numeric truncation flaw. The bug affects the ReFS component shipped with Windows 10, Windows 11, and Windows Server 2016 through 2025. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; note that the CVE's own tags label it 'Information Disclosure' while the description and CVSS impact (C:H/I:H/A:H) describe full code execution - the code-execution reading should be treated as authoritative.
Local code execution in Microsoft Office Excel stems from an integer underflow that, when triggered by opening a crafted spreadsheet, allows an attacker to run arbitrary code in the context of the current user. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R) confirms exploitation requires the victim to open a malicious file, and there is no public exploit identified at time of analysis. With a base score of 7.8 and full confidentiality, integrity, and availability impact, successful exploitation effectively gives the attacker the victim's privileges on the host.
Elevation of privilege in the Microsoft Windows Universal Disk Format File System (UDFS) driver allows a local authenticated attacker to escalate to SYSTEM-level privileges with high impact on confidentiality, integrity, and availability. The CVSS 7.8 vector indicates local attack with low complexity and low privileges required, and no public exploit identified at time of analysis. The vulnerability stems from a numeric truncation error (CWE-197) in kernel-mode file system code, a class historically favored by post-compromise privilege escalation chains.
Heap overflow denial-of-service in NLnet Labs Unbound recursive DNS resolver versions 1.14.0 through 1.25.0 allows remote unauthenticated attackers to crash the resolver by sending DNS queries containing multiple NSID, DNS Cookie, and/or EDNS Padding options. The flaw stems from a numeric truncation in EDNS field size calculation that lets attacker-influenced data overflow the response buffer. No public exploit identified at time of analysis and not listed in CISA KEV, but the impact is service-wide DNS outage for any user of an affected resolver.
Pointer difference truncation to signed int in uriparser before version 1.0.2 allows local attackers to cause integer overflow and data integrity issues through specially crafted URI inputs. The vulnerability stems from unsafe casting of pointer arithmetic results (afterLast - first) to int, which can overflow on systems where pointer differences exceed INT_MAX, leading to buffer overflows, incorrect memory calculations, and potential information disclosure. While CVSS score is low (2.9) due to local attack vector and high complexity, the fix adds comprehensive overflow detection using SIZE_MAX checks, indicating real risk in applications processing untrusted URIs locally.
uriparser before 1.0.1 suffers a numeric truncation vulnerability in text range comparison that causes denial of service when processing URIs with gigabyte-scale lengths. The flaw occurs because internal range comparisons truncate large numeric values, allowing maliciously crafted oversized URIs to bypass length validation and trigger memory exhaustion or processing failures. Local attackers can exploit this via specially constructed input, though practical exploitation requires an application to accept and process URIs of exceptional size.
n Proto is a data interchange format and capability-based RPC system. versions up to 1.4.0 contains a vulnerability that allows attackers to HTTP request/response smuggling.
A security vulnerability in Eclipse Paho Go MQTT (CVSS 5.3). Remediation should follow standard vulnerability management procedures.
Numeric truncation error in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
Local code execution in Microsoft's Resilient File System (ReFS) driver lets an already-authenticated, low-privileged user on affected Windows 10, Windows 11, and Windows Server 2016–2025 systems escalate to code execution through a numeric truncation flaw (CWE-197). No public exploit has been identified at time of analysis, and it is not on CISA KEV, but Microsoft has released a patch. Note a data conflict: the description states code execution and the CVSS carries C:H/I:H/A:H, yet the vendor tags label it 'Information Disclosure' — the CVSS-backed local elevation-of-privilege reading is treated as authoritative here.
Local code execution in Microsoft's Resilient File System (ReFS) driver allows an authorized (low-privileged) attacker to run arbitrary code with elevated context via a numeric truncation flaw. The bug affects the ReFS component shipped with Windows 10, Windows 11, and Windows Server 2016 through 2025. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; note that the CVE's own tags label it 'Information Disclosure' while the description and CVSS impact (C:H/I:H/A:H) describe full code execution - the code-execution reading should be treated as authoritative.
Local code execution in Microsoft Office Excel stems from an integer underflow that, when triggered by opening a crafted spreadsheet, allows an attacker to run arbitrary code in the context of the current user. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R) confirms exploitation requires the victim to open a malicious file, and there is no public exploit identified at time of analysis. With a base score of 7.8 and full confidentiality, integrity, and availability impact, successful exploitation effectively gives the attacker the victim's privileges on the host.
Elevation of privilege in the Microsoft Windows Universal Disk Format File System (UDFS) driver allows a local authenticated attacker to escalate to SYSTEM-level privileges with high impact on confidentiality, integrity, and availability. The CVSS 7.8 vector indicates local attack with low complexity and low privileges required, and no public exploit identified at time of analysis. The vulnerability stems from a numeric truncation error (CWE-197) in kernel-mode file system code, a class historically favored by post-compromise privilege escalation chains.
Heap overflow denial-of-service in NLnet Labs Unbound recursive DNS resolver versions 1.14.0 through 1.25.0 allows remote unauthenticated attackers to crash the resolver by sending DNS queries containing multiple NSID, DNS Cookie, and/or EDNS Padding options. The flaw stems from a numeric truncation in EDNS field size calculation that lets attacker-influenced data overflow the response buffer. No public exploit identified at time of analysis and not listed in CISA KEV, but the impact is service-wide DNS outage for any user of an affected resolver.
Pointer difference truncation to signed int in uriparser before version 1.0.2 allows local attackers to cause integer overflow and data integrity issues through specially crafted URI inputs. The vulnerability stems from unsafe casting of pointer arithmetic results (afterLast - first) to int, which can overflow on systems where pointer differences exceed INT_MAX, leading to buffer overflows, incorrect memory calculations, and potential information disclosure. While CVSS score is low (2.9) due to local attack vector and high complexity, the fix adds comprehensive overflow detection using SIZE_MAX checks, indicating real risk in applications processing untrusted URIs locally.
uriparser before 1.0.1 suffers a numeric truncation vulnerability in text range comparison that causes denial of service when processing URIs with gigabyte-scale lengths. The flaw occurs because internal range comparisons truncate large numeric values, allowing maliciously crafted oversized URIs to bypass length validation and trigger memory exhaustion or processing failures. Local attackers can exploit this via specially constructed input, though practical exploitation requires an application to accept and process URIs of exceptional size.
n Proto is a data interchange format and capability-based RPC system. versions up to 1.4.0 contains a vulnerability that allows attackers to HTTP request/response smuggling.
A security vulnerability in Eclipse Paho Go MQTT (CVSS 5.3). Remediation should follow standard vulnerability management procedures.