Monthly
Local privilege escalation in the Windows NTFS file-system driver lets an authenticated low-privileged user gain elevated (likely SYSTEM) privileges by exploiting an incorrect conversion between numeric types (CWE-681). Affected platforms span Windows 10 (1607 through 22H2), Windows 11 (24H2, 25H2, 26H1), and Windows Server 2012 through 2025. Microsoft reported the flaw and has shipped a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Memory corruption in the Linux kernel's RDMA/umem subsystem occurs because __rdma_block_iter_next() uses 32-bit types to reassemble scatter-gather entries, truncating DMA addresses for block sizes of 4GB or larger when an IOMMU linearizes the mapping. Affected versions span the long-lived 5.2 through 7.1 development line; a low-privileged local actor with RDMA device access can drive the kernel to compute wrong DMA addresses, yielding high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis, and EPSS is low (0.18%, 7th percentile), consistent with the narrow hardware/configuration prerequisites.
Silent integer truncation in NI grpc-device 2.17.0 and earlier allows unauthenticated network-accessible attackers to corrupt size values processed by the CodeGen component, potentially causing integrity violations in instrument control operations. The root cause is CWE-681 - missing range checks during numeric type conversion in CodeGen - meaning oversized size fields silently lose their high-order bits rather than being rejected or flagged. No CISA KEV listing and no public exploit code have been identified at time of analysis, placing this in a lower operational priority tier despite its medium CVSS 4.0 score of 6.3.
Local privilege escalation in NVIDIA Display Driver for Linux (GeForce, RTX/Quadro/NVS, Tesla, and Virtual GPU Manager branches) stems from an incorrect numeric type conversion (CWE-681) that produces a heap buffer overflow. A locally authenticated attacker with low privileges can trigger the flaw to achieve code execution, privilege escalation, information disclosure, data tampering, or denial of service. No public exploit identified at time of analysis, and EPSS is very low (0.01%, 1st percentile), but technical impact per SSVC is total.
Integer size truncation in Windows Advanced Rasterization Platform (WARP) enables unauthenticated remote attackers to achieve code execution with elevated privileges across Windows 10, 11, and Server editions by persuading users to interact with malicious content. Microsoft has released security updates addressing this vulnerability across all supported Windows versions. No public exploit identified at time of analysis, though the unauthenticated remote attack vector (CVSS AV:N/PR:N) combined wi
Wasmtime's Winch compiler in versions 25.0.0 through 36.0.6, 42.0.1, and 43.0.0 incorrectly translates the WebAssembly table.size instruction for 64-bit tables under the memory64 proposal, allowing WebAssembly guests to read sensitive data from the host's stack. The vulnerability stems from static typing the return value as 32-bit instead of consulting the table's actual index type, which when combined with Winch's multi-value return ABI mechanics enables stack data disclosure. This is fixed in Wasmtime 36.0.7, 42.0.2, and 43.0.1; no public exploit code or active exploitation has been identified at time of analysis, but the low CVSS score (2.3) reflects limited real-world impact due to authentication requirements and limited technical scope.
Remote denial of service in NVIDIA Triton Inference Server (all versions prior to r26.02) allows unauthenticated attackers to crash the server via malformed requests. The vulnerability has a CVSS score of 7.5 with network-accessible attack vector and low complexity, requiring no privileges or user interaction. EPSS data not provided; no public exploit identified at time of analysis. The issue stems from improper conversion between numeric types (CWE-681), enabling trivial service disruption for ML inference workloads.
Marginal v1 smart contract implements an unsafe numeric downcast that enables attackers to settle large debt positions using negligible asset amounts, creating a critical financial manipulation vector in the DeFi protocol. The vulnerability affects Marginal Smart Contract v1 across all deployment instances accessible via the public blockchain network. An attacker can exploit this type confusion flaw to bypass intended collateral requirements and artificially close positions at drastically undervalued rates, causing financial loss to the protocol and legitimate liquidity providers.
Leancrypto library prior to version 1.7.1 allows remote attackers to impersonate X.509 certificate identities by crafting certificates with padded Common Names that exploit integer overflow when casting size_t to uint8_t, enabling spoofing in PKCS#7 verification, certificate chain matching, and code signing scenarios. The vulnerability has a moderate CVSS score of 5.9 (network-accessible, high complexity attack) and is not confirmed in active exploitation, though the attack is technically straightforward once a malicious certificate is crafted.
Denial of service in iccDEV prior to version 2.3.1.6 caused by undefined behavior from unsafe implicit conversion of negative signed integers to unsigned size_t in IccProfLib/IccIO.cpp. Local attackers can exploit this condition to crash applications using vulnerable iccDEV libraries by providing specially crafted ICC color profile files, resulting in high availability impact with no authentication required.
Local privilege escalation in the Windows NTFS file-system driver lets an authenticated low-privileged user gain elevated (likely SYSTEM) privileges by exploiting an incorrect conversion between numeric types (CWE-681). Affected platforms span Windows 10 (1607 through 22H2), Windows 11 (24H2, 25H2, 26H1), and Windows Server 2012 through 2025. Microsoft reported the flaw and has shipped a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Memory corruption in the Linux kernel's RDMA/umem subsystem occurs because __rdma_block_iter_next() uses 32-bit types to reassemble scatter-gather entries, truncating DMA addresses for block sizes of 4GB or larger when an IOMMU linearizes the mapping. Affected versions span the long-lived 5.2 through 7.1 development line; a low-privileged local actor with RDMA device access can drive the kernel to compute wrong DMA addresses, yielding high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis, and EPSS is low (0.18%, 7th percentile), consistent with the narrow hardware/configuration prerequisites.
Silent integer truncation in NI grpc-device 2.17.0 and earlier allows unauthenticated network-accessible attackers to corrupt size values processed by the CodeGen component, potentially causing integrity violations in instrument control operations. The root cause is CWE-681 - missing range checks during numeric type conversion in CodeGen - meaning oversized size fields silently lose their high-order bits rather than being rejected or flagged. No CISA KEV listing and no public exploit code have been identified at time of analysis, placing this in a lower operational priority tier despite its medium CVSS 4.0 score of 6.3.
Local privilege escalation in NVIDIA Display Driver for Linux (GeForce, RTX/Quadro/NVS, Tesla, and Virtual GPU Manager branches) stems from an incorrect numeric type conversion (CWE-681) that produces a heap buffer overflow. A locally authenticated attacker with low privileges can trigger the flaw to achieve code execution, privilege escalation, information disclosure, data tampering, or denial of service. No public exploit identified at time of analysis, and EPSS is very low (0.01%, 1st percentile), but technical impact per SSVC is total.
Integer size truncation in Windows Advanced Rasterization Platform (WARP) enables unauthenticated remote attackers to achieve code execution with elevated privileges across Windows 10, 11, and Server editions by persuading users to interact with malicious content. Microsoft has released security updates addressing this vulnerability across all supported Windows versions. No public exploit identified at time of analysis, though the unauthenticated remote attack vector (CVSS AV:N/PR:N) combined wi
Wasmtime's Winch compiler in versions 25.0.0 through 36.0.6, 42.0.1, and 43.0.0 incorrectly translates the WebAssembly table.size instruction for 64-bit tables under the memory64 proposal, allowing WebAssembly guests to read sensitive data from the host's stack. The vulnerability stems from static typing the return value as 32-bit instead of consulting the table's actual index type, which when combined with Winch's multi-value return ABI mechanics enables stack data disclosure. This is fixed in Wasmtime 36.0.7, 42.0.2, and 43.0.1; no public exploit code or active exploitation has been identified at time of analysis, but the low CVSS score (2.3) reflects limited real-world impact due to authentication requirements and limited technical scope.
Remote denial of service in NVIDIA Triton Inference Server (all versions prior to r26.02) allows unauthenticated attackers to crash the server via malformed requests. The vulnerability has a CVSS score of 7.5 with network-accessible attack vector and low complexity, requiring no privileges or user interaction. EPSS data not provided; no public exploit identified at time of analysis. The issue stems from improper conversion between numeric types (CWE-681), enabling trivial service disruption for ML inference workloads.
Marginal v1 smart contract implements an unsafe numeric downcast that enables attackers to settle large debt positions using negligible asset amounts, creating a critical financial manipulation vector in the DeFi protocol. The vulnerability affects Marginal Smart Contract v1 across all deployment instances accessible via the public blockchain network. An attacker can exploit this type confusion flaw to bypass intended collateral requirements and artificially close positions at drastically undervalued rates, causing financial loss to the protocol and legitimate liquidity providers.
Leancrypto library prior to version 1.7.1 allows remote attackers to impersonate X.509 certificate identities by crafting certificates with padded Common Names that exploit integer overflow when casting size_t to uint8_t, enabling spoofing in PKCS#7 verification, certificate chain matching, and code signing scenarios. The vulnerability has a moderate CVSS score of 5.9 (network-accessible, high complexity attack) and is not confirmed in active exploitation, though the attack is technically straightforward once a malicious certificate is crafted.
Denial of service in iccDEV prior to version 2.3.1.6 caused by undefined behavior from unsafe implicit conversion of negative signed integers to unsigned size_t in IccProfLib/IccIO.cpp. Local attackers can exploit this condition to crash applications using vulnerable iccDEV libraries by providing specially crafted ICC color profile files, resulting in high availability impact with no authentication required.