Monthly
Unsafe pointer dereference in Microsoft Office, SharePoint Server, and 365 Apps enables local code execution with high privileges on affected systems. An attacker with local access can exploit this memory safety flaw to achieve complete system compromise including data theft and modification. No patch is currently available, leaving users vulnerable until Microsoft releases a security update.
Microsoft Excel and Office products are vulnerable to local code execution through unsafe pointer dereferencing, requiring user interaction to trigger. An attacker with local access can exploit this flaw to achieve arbitrary code execution with full system privileges. No patch is currently available, leaving users of affected Office versions at risk.
Improper syscall input validation in ASP (AMD Secure Processor) may force the kernel into reading syscall parameter values from its own memory space allowing an attacker to infer the contents of the kernel memory leading to potential information disclosure.
Windows HTTP.sys contains an unsafe pointer dereference vulnerability that enables authenticated local attackers to escalate privileges on affected systems including Windows 11, Windows Server 2025, and related versions. An attacker with local user access can exploit this flaw to gain system-level privileges with high confidence in successful exploitation. No patch is currently available for this vulnerability.
Windows HTTP.sys contains an untrusted pointer dereference vulnerability that enables authenticated local users to escalate privileges on Windows 11 and Windows Server 2022/2025 systems. An attacker with valid credentials can exploit this flaw to gain elevated access without user interaction. No patch is currently available for this HIGH severity issue affecting multiple Windows versions.
An Untrusted Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with low privileges to cause a Denial-of-Service (DoS). [CVSS 5.5 MEDIUM]
Memory corruption in Microsoft Excel within Office 365 Apps and Long Term Servicing Channel enables local code execution through a malicious file requiring user interaction. An attacker can achieve arbitrary code execution with full system privileges by exploiting improper pointer handling in the application. No patch is currently available, leaving affected systems vulnerable until Microsoft releases a fix.
Arbitrary code execution in Microsoft Excel through unsafe pointer handling enables local attackers to achieve full system compromise without requiring elevated privileges. This vulnerability affects Microsoft 365 Apps, Office, Office Online Server, and Office Long Term Servicing Channel across multiple versions. No patch is currently available, leaving affected systems vulnerable to exploitation via maliciously crafted spreadsheets.
Local code execution in Microsoft Office Word (including 365 Apps and SharePoint Server) results from unsafe pointer dereferencing that can be triggered by user interaction with a malicious document. An attacker with local access can exploit this vulnerability to execute arbitrary code with the privileges of the affected user. No patch is currently available for this vulnerability.
Windows Cloud Files Mini Filter Driver contains a heap-based buffer overflow that enables local privilege escalation on Windows 10 1809, Windows Server 2016, and Windows Server 2022. An authenticated attacker can exploit this vulnerability to gain elevated system privileges without user interaction. No patch is currently available.
Unsafe pointer dereference in Microsoft Office, SharePoint Server, and 365 Apps enables local code execution with high privileges on affected systems. An attacker with local access can exploit this memory safety flaw to achieve complete system compromise including data theft and modification. No patch is currently available, leaving users vulnerable until Microsoft releases a security update.
Microsoft Excel and Office products are vulnerable to local code execution through unsafe pointer dereferencing, requiring user interaction to trigger. An attacker with local access can exploit this flaw to achieve arbitrary code execution with full system privileges. No patch is currently available, leaving users of affected Office versions at risk.
Improper syscall input validation in ASP (AMD Secure Processor) may force the kernel into reading syscall parameter values from its own memory space allowing an attacker to infer the contents of the kernel memory leading to potential information disclosure.
Windows HTTP.sys contains an unsafe pointer dereference vulnerability that enables authenticated local attackers to escalate privileges on affected systems including Windows 11, Windows Server 2025, and related versions. An attacker with local user access can exploit this flaw to gain system-level privileges with high confidence in successful exploitation. No patch is currently available for this vulnerability.
Windows HTTP.sys contains an untrusted pointer dereference vulnerability that enables authenticated local users to escalate privileges on Windows 11 and Windows Server 2022/2025 systems. An attacker with valid credentials can exploit this flaw to gain elevated access without user interaction. No patch is currently available for this HIGH severity issue affecting multiple Windows versions.
An Untrusted Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with low privileges to cause a Denial-of-Service (DoS). [CVSS 5.5 MEDIUM]
Memory corruption in Microsoft Excel within Office 365 Apps and Long Term Servicing Channel enables local code execution through a malicious file requiring user interaction. An attacker can achieve arbitrary code execution with full system privileges by exploiting improper pointer handling in the application. No patch is currently available, leaving affected systems vulnerable until Microsoft releases a fix.
Arbitrary code execution in Microsoft Excel through unsafe pointer handling enables local attackers to achieve full system compromise without requiring elevated privileges. This vulnerability affects Microsoft 365 Apps, Office, Office Online Server, and Office Long Term Servicing Channel across multiple versions. No patch is currently available, leaving affected systems vulnerable to exploitation via maliciously crafted spreadsheets.
Local code execution in Microsoft Office Word (including 365 Apps and SharePoint Server) results from unsafe pointer dereferencing that can be triggered by user interaction with a malicious document. An attacker with local access can exploit this vulnerability to execute arbitrary code with the privileges of the affected user. No patch is currently available for this vulnerability.
Windows Cloud Files Mini Filter Driver contains a heap-based buffer overflow that enables local privilege escalation on Windows 10 1809, Windows Server 2016, and Windows Server 2022. An authenticated attacker can exploit this vulnerability to gain elevated system privileges without user interaction. No patch is currently available.