Windows
Monthly
A DLL hijacking vulnerability exists in the installer for OM Workspace (Windows Edition) Ver 2.4 and earlier, allowing local attackers to execute arbitrary code with the privileges of the user running the installer. The vulnerability is reported by JPCERT and affects software from OM Digital Solutions Corporation. With a CVSS score of 7.8 (High), the vulnerability requires local access and user interaction but no special privileges, making it a moderate real-world risk for targeted attacks during software installation.
A remote code execution vulnerability (CVSS 8.4). High severity vulnerability requiring prompt remediation.
NVIDIA Model Optimizer for Windows and Linux contains an unsafe deserialization vulnerability in its ONNX quantization feature that allows attackers to execute arbitrary code by providing a malicious input file. Users who process untrusted ONNX model files are at risk of complete system compromise, including code execution, privilege escalation, data tampering, and information disclosure. There is no current evidence of active exploitation (not in CISA KEV) or public proof-of-concept availability.
sbt on Windows is vulnerable to command injection through unvalidated URI fragments in VCS dependency declarations. When resolving git, mercurial, or subversion repositories, sbt passes user-controlled branch, tag, or revision parameters directly to cmd.exe without sanitization, allowing attackers to inject arbitrary Windows commands via special characters like &, |, and ; that cmd /c interprets as command separators. An attacker who controls a dependency URI in a project's build.sbt file can execute arbitrary commands with the privileges of the user running sbt. A proof-of-concept exists demonstrating execution of calc.exe, and patches are available from the vendor for sbt versions 1.12.7 and later.
OpenClaw versions 2026.2.26 through 2026.3.0 contain a current working directory (CWD) injection vulnerability in the Windows wrapper resolution mechanism for .cmd and .bat files, allowing attackers with local access to manipulate CWD and achieve command execution with integrity compromise. An attacker with local privileges can alter the working directory to inject malicious wrapper scripts that execute instead of legitimate ones, bypassing command execution controls. The vulnerability requires local access and moderate complexity but enables high-integrity impact; no active KEV or widespread exploitation has been reported, but proof-of-concept details are documented in vendor security advisories.
OpenClaw 2026.1.21 through 2026.2.18 contains a command injection vulnerability in the Lobster extension's Windows shell fallback mechanism. Local authenticated users with low privileges can execute arbitrary commands when spawn failures trigger shell fallback with cmd.exe, exploiting workflow-controlled parameters. A patch is available from the vendor, and while no KEV or EPSS data indicates active exploitation at this time, the vulnerability has a CVSS score of 7.0 (High).
OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in the Windows scheduled task script generation component. Attackers with low-level local privileges and control over service script generation values can inject cmd metacharacters into the gateway.cmd arguments to execute arbitrary commands with high impact to confidentiality, integrity, and availability. There is no indication of active exploitation (not in CISA KEV), but a patch commit is publicly available which may facilitate proof-of-concept development.
OpenClaw, an open-source game engine component, contains a command injection vulnerability in its Windows Scheduled Task script generation mechanism. Versions prior to 2026.2.18 write environment variables unquoted to gateway.cmd files, allowing attackers to inject shell metacharacters that break out of assignment context and execute arbitrary commands when the scheduled task runs. This vulnerability has a CVSS score of 7.4 (High) with local attack vector and high attack complexity, and a patch is currently available from the vendor.
An unauthenticated directory traversal vulnerability exists in Siyuan kernel's /appearance/ endpoint, allowing remote attackers to read arbitrary files accessible to the server process without authentication. The vulnerability affects the Go-based Siyuan note-taking application (github.com/siyuan-note/siyuan/kernel) and has been assigned a CVSS score of 7.5 (High). A working proof-of-concept exploit is publicly available demonstrating successful file retrieval via crafted URLs containing path traversal sequences, and a patch has been released by the vendor.
A time-based one-time password (TOTP) reuse vulnerability exists in Vikunja's authentication implementation where a valid TOTP code can be used multiple times within its 30-second validity window, allowing an attacker who captures or obtains a valid code to authenticate as a targeted user. This affects all users who have enabled two-factor authentication (2FA) on Vikunja instances, and while the CVSS score of 5.7 reflects moderate severity, the vulnerability undermines a critical layer of the defense-in-depth authentication model. A proof-of-concept demonstrating the reuse attack has been publicly disclosed.
ScreenToGif, a widely-used screen recording application, is vulnerable to DLL sideloading attacks through a malicious version.dll file. Versions from 2.42.1 and earlier are affected when the portable executable is run from user-writable directories, which is the primary intended use case for this application. Attackers can achieve arbitrary code execution in the user's context with high impact on confidentiality, integrity, and availability. No public patches are available at the time of disclosure, and no evidence of active exploitation (KEV status) has been reported.
Cryptomator versions 1.6.0 through 1.19.0 contain a path traversal vulnerability in vault configuration parsing where the masterkeyfile loader resolves an unverified keyId parameter as a filesystem path before integrity checks are performed. An attacker with the ability to supply a malicious vault configuration can exploit this to trigger arbitrary file existence checks, including UNC paths on Windows that can initiate outbound SMB connections before the user even enters a passphrase, potentially leading to information disclosure about local file structure and network exposure. The vulnerability has been patched in version 1.19.1, and while no active KEV exploitation has been reported, the low attack complexity and the ability to chain this with social engineering (malicious vault sharing) makes it a moderate practical risk.
Greenshot versions 1.3.312 and earlier contain an untrusted executable search path vulnerability (CWE-426) that allows local attackers with high privileges to achieve arbitrary code execution by hijacking the explorer.exe binary launch. When a user double-clicks the Greenshot tray icon to open the screenshot directory, the application launches explorer.exe using a relative path rather than an absolute path, enabling an attacker to plant a malicious executable in a prioritized search location. This vulnerability had no patch available at the time of publication and represents a real privilege escalation and code execution risk requiring immediate user action.
Heap corruption in Google Chrome's ANGLE graphics library on Windows versions prior to 146.0.7680.153 can be triggered through integer overflow when processing maliciously crafted HTML pages. An unauthenticated remote attacker can exploit this vulnerability by deceiving users into visiting a malicious website, potentially achieving arbitrary code execution. A patch is available across affected platforms including Google Chrome, Microsoft Edge, and various Linux distributions.
Command injection in OpenClaw versions before 2026.2.19 allows local attackers with limited privileges to execute arbitrary commands when the Lobster extension tool falls back to Windows shell execution after subprocess failures. The vulnerability exists because the tool uses shell: true after spawn errors, enabling attackers to inject shell metacharacters into command arguments. A patch is available for affected users.
OpenClaw versions prior to 2026.3.1 contain a current working directory (cwd) injection vulnerability in Windows wrapper resolution for .cmd/.bat files that allows local attackers to manipulate command execution through directory control during shell fallback mechanisms. An authenticated local attacker with low privileges can exploit this vulnerability to achieve command execution integrity loss by controlling the working directory, potentially leading to unauthorized code execution or privilege escalation. While no active in-the-wild exploitation has been reported in KEV databases, the vulnerability is documented with a proof-of-concept available through the vendor's security advisory on GitHub.
OpenClaw versions prior to 2026.2.19 allow local attackers with limited privileges to execute arbitrary commands through the Lobster extension's Windows shell fallback mechanism by injecting malicious arguments into workflow processes. The vulnerability exploits cmd.exe command interpretation when spawn operations fail and trigger shell execution, enabling command injection with potential impact on system integrity and availability. A patch is available for affected versions.
OpenClaw contains a local command injection vulnerability in Windows scheduled task script generation that allows authenticated local attackers to inject arbitrary commands through unsafe handling of cmd metacharacters and CR/LF sequences in gateway.cmd files. OpenClaw versions prior to 2026.2.19 are affected. Attackers with control over service script generation arguments can execute unintended code in the scheduled task context with high impact to integrity and availability.
OpenClaw versions before 2026.2.19 allow local authenticated users to execute arbitrary commands by injecting shell metacharacters into environment variable values during Windows Scheduled Task script generation. The vulnerability stems from unquoted variable assignments in gateway.cmd that fail to sanitize special characters like &, |, ^, %, and !, enabling command injection when the task script runs. A patch is available to address this local privilege escalation risk.
A path traversal vulnerability in A Path Traversal vulnerability (CVSS 10.0). Critical severity with potential for significant impact on affected systems.
SiYuan's Bazaar marketplace fails to sanitize package metadata (displayName, description) before rendering in the Electron desktop application, allowing stored XSS that escalates to arbitrary remote code execution. Any SiYuan user (versions ≤3.5.9) who browses the Bazaar will automatically execute attacker-controlled code with full OS-level privileges when a malicious package card renders-no installation or user interaction required. A functional proof-of-concept exists demonstrating command execution via img onerror handlers, and this vulnerability is actively tracked in GitHub's advisory database (GHSA-mvpm-v6q4-m2pf), making it a critical supply-chain risk to the SiYuan user community.
SiYuan's Bazaar (community package marketplace) fails to sanitize HTML in package README files during rendering, allowing stored XSS that escalates to remote code execution due to unsafe Electron configuration. An attacker can submit a malicious package with embedded JavaScript in the README that executes with full Node.js access when any user views the package details in the Bazaar. This affects SiYuan versions 3.5.9 and earlier across Windows, macOS, and Linux, with a CVSS score of 9.6 and multiple real-world exploitation vectors including data theft, reverse shells, and persistent backdoors.
OpenClaw versions prior to 2026.2.21 contain an approval-integrity mismatch vulnerability in the system.run function that allows authenticated operators to execute arbitrary commands on Windows systems by appending malicious arguments after cmd.exe /c while the approval audit log records only the benign command text. An authenticated attacker with operator privileges can exploit this to achieve local command execution on trusted Windows nodes with mismatched or incomplete audit trails, enabling information disclosure and lateral movement while evading detection.
CVE-2026-3856 is a security vulnerability (CVSS 5.3) that allows an attacker. Remediation should follow standard vulnerability management procedures. Vendor patch is available.
Netskope's Endpoint DLP Module for Windows is vulnerable to an integer overflow in its DLL Injector that can be triggered by a high-privileged local user to crash the system. When the Endpoint DLP module is enabled, successful exploitation results in a Blue Screen of Death and denial of service on the affected machine. No patch is currently available for this medium-severity vulnerability.
Netskope was notified about a potential gap in its Endpoint DLP Module for Netskope Client on Windows systems.
Improper Neutralization of Input During Web Page Generation in Forcepoint Web Security (On-Prem) on Windows allows Stored XSS.This issue affects Web Security through 8.5.6.
A DLL search order hijacking vulnerability in Thermalright TR-VISION HOME allows local attackers to execute arbitrary code with administrative privileges through DLL side-loading. The vulnerability affects versions up to 2.0.5 and occurs because the application loads DLLs using Windows' default search order without verifying integrity or signatures, allowing malicious DLLs placed in writable directories to be loaded when the application runs. No active exploitation has been reported (not in KEV), no public POC is available, and EPSS data is not yet available for this CVE.
The Lenovo Virtual Bus driver in Smart Connect contains a divide-by-zero flaw that enables local authenticated users to trigger a system crash (blue screen). No patch is currently available, leaving affected Windows systems vulnerable to denial-of-service attacks by privileged local users.
The Lenovo Virtual Bus driver in Smart Connect contains a buffer overflow that allows local authenticated users to corrupt memory and trigger system crashes on Windows systems. This vulnerability requires valid credentials and local access, limiting exposure to users already present on affected machines. No patch is currently available to address this issue.
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. [CVSS 7.8 HIGH]
Privilege escalation in Microsoft Azure Connected Machine Agent on Windows allows local authenticated users to bypass authentication mechanisms and gain elevated system privileges. An attacker with existing local access can exploit alternate authentication paths to escalate their permissions without user interaction. No patch is currently available for this vulnerability affecting Arc Enabled Servers.
Remote code execution in Windows RRAS across Server 2016, 2022, and 2025 via an integer overflow vulnerability allows authenticated attackers to execute arbitrary code over the network with high privileges. Public exploit code exists for this vulnerability, and no patch is currently available. Authenticated users with network access can trigger the vulnerability through a simple interaction to gain complete system compromise.
Untrusted search path in Windows GDI allows an unauthorized attacker to execute code locally. [CVSS 7.8 HIGH]
Privilege escalation in Windows DWM Core Library affects Windows 10 versions 21H2 and 1809 through a use-after-free memory corruption vulnerability that allows authenticated local attackers to gain system-level privileges. The vulnerability requires local access and valid user credentials but no user interaction, creating a significant risk for multi-user systems. No patch is currently available.
Privilege escalation in Windows Telephony Service through heap buffer overflow affects Windows 10 1607, Windows 11 25h2, and Windows Server 2012, allowing adjacent network attackers to gain elevated system access without authentication. The vulnerability has a high CVSS score of 8.8 but currently lacks a patch, creating significant risk for exposed systems. Exploitation requires network proximity but no user interaction.
Unauthorized disclosure of sensitive information in Windows Accessibility Infrastructure (ATBroker.exe) affects Windows Server 2019, 2025, Windows 10 22h2, and Windows 11 25h2, allowing local authenticated attackers to read confidential data. The vulnerability requires user privileges and local access but poses no risk to system integrity or availability. No patch is currently available for this issue.
Windows Shell Link Processing leaks sensitive information over the network in Windows Server 2012, 2019, and 2022, enabling remote spoofing attacks without authentication or user interaction. An unauthenticated attacker can exploit this information disclosure to conduct spoofing attacks against affected systems. No patch is currently available.
Information disclosure in Windows GDI+ affects Windows 11 (24h2, 25h2) and Windows Server 2012/2016, allowing unauthenticated attackers to read sensitive data remotely through an out-of-bounds memory access vulnerability. The flaw requires no user interaction and can be exploited over the network to compromise confidentiality without modifying system data or availability. No patch is currently available for this high-severity vulnerability.
Windows Ancillary Function Driver for WinSock in Windows Server 2025, 2022, and Windows 10 1809 contains insufficient input validation that allows authenticated local users to escalate privileges. An attacker with local access and valid credentials can exploit this vulnerability to gain elevated system permissions, though no patch is currently available. This HIGH severity vulnerability affects multiple Windows Server and client versions with no active exploit mitigation path.
Windows Ancillary Function Driver for WinSock (AFD) in Windows 11 versions 24h2 and 26h1 contains a use-after-free vulnerability (CWE-416) that allows authenticated local attackers to escalate privileges through memory corruption. An attacker with local access could exploit this flaw to gain elevated system permissions, though no official patch is currently available.
Windows Ancillary Function Driver for WinSock in Windows 10 (all versions) and Windows 11 contains an access control weakness that enables authenticated local attackers to escalate privileges to system level. An attacker with standard user credentials can exploit this flaw to gain elevated rights on affected systems. No patch is currently available for this vulnerability.
Out-of-bounds read in Windows NTFS allows an authorized attacker to elevate privileges locally. [CVSS 7.8 HIGH]
Windows Extensible File Allocation (exFAT) contains an out-of-bounds read vulnerability affecting Windows Server 2022, Windows 10 1607, and Windows 11 versions 23h2/25h2, enabling authenticated local users to escalate privileges with high impact on confidentiality, integrity, and availability. The vulnerability requires local access and user-level privileges to exploit, with no patch currently available. This flaw carries a CVSS score of 7.8 and affects multiple supported Windows versions across server and client platforms.
Remote code execution in Windows RRAS affects Windows 10 1607 and Windows Server 2022 23h2 through an integer overflow vulnerability exploitable by authenticated network attackers. Public exploit code exists for this vulnerability, enabling authenticated users to execute arbitrary code with high integrity and confidentiality impact. No patch is currently available, making this a critical exposure for affected Windows environments.
Remote code execution in Windows Routing and Remote Access Service (RRAS) across Windows Server 2012, 2022, and 2022 23h2 stems from an integer overflow vulnerability that authenticated network attackers can exploit with user interaction. Public exploit code exists for this vulnerability, enabling attackers to achieve arbitrary code execution with high impact on confidentiality, integrity, and availability. No patch is currently available.
Privilege escalation in Windows Authentication Methods (Windows 10 22H2, Windows 11 26H1) stems from a use-after-free memory vulnerability that allows authenticated local attackers to gain elevated system privileges. The flaw requires low user privileges and manual interaction but provides complete system compromise through code execution. No patch is currently available for this high-severity vulnerability.
Use after free in Windows Hyper-V allows an authorized attacker to elevate privileges locally. [CVSS 7.0 HIGH]
Local code execution in Windows System Image Manager (Windows 11 23h2, Windows Server 2019/2022) through unsafe deserialization of untrusted data. An authenticated local attacker can exploit this vulnerability to execute arbitrary code with elevated privileges. No patch is currently available.
Privilege escalation in Windows Performance Counters via null pointer dereference affects Windows Server 2019 and Windows 11 systems, enabling authenticated local attackers to gain elevated privileges. The vulnerability impacts systems where users have standard account access, allowing them to escalate to higher privilege levels on affected machines. No patch is currently available.
Windows Kerberos authentication in Server 2012 and Windows 10 (versions 1607, 1809) contains a race condition that enables unauthenticated remote attackers to circumvent security feature protections. The synchronization flaw in concurrent resource access allows attackers to bypass intended security controls without user interaction over the network. No patch is currently available for this vulnerability.
Privilege escalation in Windows Device Association Service (Windows 10 versions 1607, 1809, and 21H2) stems from improper synchronization of shared resources, enabling local authenticated users to gain elevated system privileges. The vulnerability requires high attack complexity and no user interaction, making it exploitable by insiders or compromised local accounts. No patch is currently available.
Privilege escalation in Windows Device Association Service across Windows 10, 11, and Server 2022 stems from improper synchronization of shared resources, enabling local authenticated users to gain elevated system privileges. The vulnerability requires local access and specific timing conditions but poses high risk due to its impact on confidentiality, integrity, and availability. No patch is currently available.
Windows SMB Server authentication bypass across multiple versions (Windows 10 1607, Windows 11 23h2, Windows Server 2012/2025) permits authenticated local users to escalate privileges with high impact to confidentiality, integrity, and availability. The vulnerability stems from improper authentication validation in the SMB service, allowing a local attacker to gain system-level access without user interaction. No patch is currently available, leaving affected systems vulnerable to privilege escalation attacks from any authenticated user.
Privilege escalation in Windows Ancillary Function Driver for WinSock affects Windows 11 24H2, Windows Server 2022, and Windows Server 2025, allowing authenticated local attackers to gain system-level access through null pointer dereference. The vulnerability requires valid user credentials and local access but no user interaction to exploit. No patch is currently available.
Privilege escalation in Windows Accessibility Infrastructure (ATBroker.exe) across Windows 10, Windows 11, and Windows Server 2022 stems from improper permission assignments on a critical resource. A local authenticated attacker can exploit this misconfiguration to gain elevated privileges without user interaction. No patch is currently available for this vulnerability.
Windows Projected File System in Windows 11 and Server 2022 contains improper access control that enables authenticated local users to escalate privileges to system level. An attacker with valid credentials can exploit this vulnerability to gain elevated permissions without user interaction. Currently, no patch is available to address this issue.
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. [CVSS 7.8 HIGH]
Arbitrary code execution in Windows 10 (versions 21H2 and 22H2) via heap buffer overflow in Mobile Broadband functionality requires physical access to a target device. An attacker with direct hardware access can trigger memory corruption to achieve kernel-level code execution with full system privileges. No patch is currently available for this vulnerability.
Windows Kernel path traversal vulnerability in Server 2025, Server 2022, Windows 11 24h2, and Windows 10 22h2 enables authenticated local attackers to achieve full system compromise through privilege escalation. The flaw allows an authorized user to manipulate file name or path parameters, bypassing access controls and gaining kernel-level privileges. No patch is currently available.
Privilege escalation in Windows 11 (24h2, 26h1) and Windows Server 2022 (23h2) via heap overflow allows authenticated local users to gain system-level access. The vulnerability requires valid credentials but no user interaction, making it a direct path to complete system compromise. No patch is currently available.
Windows MapUrlToZone security bypass in Windows 11 24H2, Windows 10 21H2, and Windows Server 2016/2025 allows unauthenticated remote attackers to circumvent zone-based security restrictions through improper path equivalence resolution. An attacker can exploit this network-accessible vulnerability without user interaction to bypass intended access controls. No patch is currently available for this high-severity vulnerability.
Windows ReFS contains an out-of-bounds read vulnerability affecting Server 2019, 2022, 2025, and Windows 11 26h1 that enables authenticated local users to escalate privileges with high impact to confidentiality, integrity, and availability. The vulnerability requires low attack complexity and no user interaction, making it exploitable by any authenticated user on the system. No patch is currently available for this HIGH severity issue.
Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability [CVSS 7.8 HIGH]
Privilege escalation in the Windows Bluetooth RFCOM Protocol Driver across Windows 11 26h1, Windows Server 2025, and Windows 10 1809 stems from improper synchronization of concurrent access to shared resources. An authenticated local attacker can exploit this race condition to gain elevated privileges on affected systems. No patch is currently available for this vulnerability.
Remote code execution in Microsoft Windows Print Spooler Components via use-after-free memory corruption enables authenticated network attackers to execute arbitrary code with high privileges. The vulnerability requires valid credentials but no user interaction, presenting a significant risk to organizations where print services are accessible to untrusted internal or remote users. No patch is currently available.
Windows Admin Center in Azure Portal contains an access control flaw that enables local authenticated users to escalate their privileges. An attacker with valid credentials can exploit this vulnerability to gain elevated permissions on the system. No patch is currently available for this issue.
Windows App Installer fails to adequately authenticate package data, enabling network-based attackers to conduct spoofing attacks without user interaction. This vulnerability affects Windows and Windows App installations, potentially allowing threat actors to deceive users into installing malicious or tampered applications. While no patch is currently available, the low EPSS score suggests exploitation is unlikely in the near term.
SAP GUI for Windows improperly loads DLL files from user-accessible directories, enabling arbitrary code execution when GuiXT is enabled. An attacker can exploit this by tricking a user into downloading a malicious DLL to a predictable location, resulting in code execution with the victim's privileges. No patch is currently available for this medium-severity vulnerability.
Medium severity vulnerability in ImageMagick. A 32-bit unsigned integer overflow in the XWD (X Windows) encoder can cause an undersized heap buffer allocation. When writing a extremely large image an out of bounds heap write can occur.
Improper access control in Acronis Cyber Protect 17 (Linux and Windows) prior to build 41186 allows authenticated users to view sensitive information they should not have access to. The vulnerability requires valid credentials and network access but does not enable data modification or system availability impacts. No patch is currently available for this medium-severity disclosure risk.
Acronis Cyber Protect 17 on Linux and Windows (before build 41186) exposes sensitive information through insecure headless browser configuration, allowing local authenticated users to read confidential data without modifying or disrupting system operations. The vulnerability requires local access and valid credentials but poses a direct confidentiality risk to organizations using affected versions. No patch is currently available.
Acronis Cyber Protect 17 prior to build 41186 contains insufficient access control validation that permits authenticated users to read sensitive data they should not have access to. The vulnerability affects both Linux and Windows deployments and requires valid credentials to exploit, limiting the attack surface to authenticated attackers. No patch is currently available.
Acronis Cyber Protect 17 (Linux, Windows) before build 41186 contains an improper access control vulnerability allowing authenticated users to delete reports they should not have permission to access. An attacker with valid credentials could exploit this to remove audit trails or other critical reports, potentially compromising compliance and forensic capabilities. No patch is currently available for this issue.
Improper symbolic link handling in Acronis Cyber Protect 17 for Windows (before build 41186) enables local attackers with limited privileges to escalate to system-level access through a race condition. An authenticated user can exploit this vulnerability to gain full control over the affected system, including reading sensitive data and modifying system configurations. No patch is currently available for this high-severity flaw.
Acronis Cyber Protect 17 for Windows before build 41186 allows local attackers with standard user privileges to escalate to system-level access through improper handling of symbolic links. An authenticated attacker can exploit this vulnerability to gain full control over the affected system, including the ability to read, modify, or delete sensitive data and execute arbitrary code. No patch is currently available for this vulnerability.
Acronis Cyber Protect 17 on Linux and Windows before build 41186 allows authenticated users to modify application settings due to inadequate authorization validation. An attacker with valid credentials could exploit this to alter configurations and potentially compromise system integrity or bypass security controls. No patch is currently available.
Acronis Cyber Protect 17 on Linux and Windows (before build 41186) fails to properly validate user permissions, allowing authenticated users to modify resources they should not have access to. The vulnerability requires valid credentials and does not enable remote code execution or denial of service, but could allow privilege escalation or unauthorized data manipulation within the application. No patch is currently available.
Acronis Cyber Protect 17 on Linux and Windows versions prior to build 41186 is vulnerable to denial of service through improper input validation in authentication logging functions. An unauthenticated remote attacker can crash the application or render it unavailable without requiring user interaction. No patch is currently available for this vulnerability.
Improper directory permissions in Acronis Cyber Protect 17 for Windows (before build 41186) allow local authenticated users to escalate privileges through a user-interaction-dependent attack vector. An attacker with local access could modify files or settings to gain elevated system permissions. No patch is currently available for this vulnerability.
Improper authorization checks in Acronis Cyber Protect 17 (Linux, Windows) before build 41186 allow local authenticated users to access sensitive information and modify data. This medium-severity vulnerability requires local access and user privileges but poses no availability risk. No patch is currently available for this issue.
Improper authorization checks in Acronis Cyber Protect 17 (Linux and Windows) before build 41186 allow authenticated users to access sensitive information they should not have permission to view. An attacker with valid credentials can exploit this vulnerability to disclose confidential data without performing any additional actions. No patch is currently available for this medium-severity issue.
Acronis Cyber Protect 17 before build 41186 transmits sensitive cryptographic material unnecessarily, allowing adjacent network attackers to potentially intercept and obtain this sensitive data under specific conditions. The vulnerability requires user interaction and affects both Linux and Windows deployments. No patch is currently available.
Acronis Cyber Protect 17 for Windows before build 41186 is vulnerable to local privilege escalation through DLL hijacking, allowing authenticated attackers to escalate privileges on affected systems. An attacker with local access and low privileges can exploit this vulnerability to gain higher-level permissions without user interaction. No patch is currently available for this vulnerability.
Acronis Cyber Protect 17 before build 41186 on Windows is vulnerable to local privilege escalation through DLL hijacking, allowing authenticated users to gain elevated system privileges. An attacker with local access and low privileges can exploit this weakness to execute code with higher permissions. No patch is currently available for this issue.
Improper authentication in Acronis Cyber Protect 17.
Acronis Cyber Protect 17 on Linux and Windows before build 41186 contains an authorization bypass that allows authenticated users to manipulate resources they should not have access to. The vulnerability requires valid credentials and network access but poses a moderate risk of unauthorized data modification within the affected environment.
Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40497, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186. [CVSS 4.4 MEDIUM]
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 41124. [CVSS 7.3 HIGH]
Sensitive information disclosure and manipulation due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186, Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124. [CVSS 5.5 MEDIUM]
A DLL hijacking vulnerability exists in the installer for OM Workspace (Windows Edition) Ver 2.4 and earlier, allowing local attackers to execute arbitrary code with the privileges of the user running the installer. The vulnerability is reported by JPCERT and affects software from OM Digital Solutions Corporation. With a CVSS score of 7.8 (High), the vulnerability requires local access and user interaction but no special privileges, making it a moderate real-world risk for targeted attacks during software installation.
A remote code execution vulnerability (CVSS 8.4). High severity vulnerability requiring prompt remediation.
NVIDIA Model Optimizer for Windows and Linux contains an unsafe deserialization vulnerability in its ONNX quantization feature that allows attackers to execute arbitrary code by providing a malicious input file. Users who process untrusted ONNX model files are at risk of complete system compromise, including code execution, privilege escalation, data tampering, and information disclosure. There is no current evidence of active exploitation (not in CISA KEV) or public proof-of-concept availability.
sbt on Windows is vulnerable to command injection through unvalidated URI fragments in VCS dependency declarations. When resolving git, mercurial, or subversion repositories, sbt passes user-controlled branch, tag, or revision parameters directly to cmd.exe without sanitization, allowing attackers to inject arbitrary Windows commands via special characters like &, |, and ; that cmd /c interprets as command separators. An attacker who controls a dependency URI in a project's build.sbt file can execute arbitrary commands with the privileges of the user running sbt. A proof-of-concept exists demonstrating execution of calc.exe, and patches are available from the vendor for sbt versions 1.12.7 and later.
OpenClaw versions 2026.2.26 through 2026.3.0 contain a current working directory (CWD) injection vulnerability in the Windows wrapper resolution mechanism for .cmd and .bat files, allowing attackers with local access to manipulate CWD and achieve command execution with integrity compromise. An attacker with local privileges can alter the working directory to inject malicious wrapper scripts that execute instead of legitimate ones, bypassing command execution controls. The vulnerability requires local access and moderate complexity but enables high-integrity impact; no active KEV or widespread exploitation has been reported, but proof-of-concept details are documented in vendor security advisories.
OpenClaw 2026.1.21 through 2026.2.18 contains a command injection vulnerability in the Lobster extension's Windows shell fallback mechanism. Local authenticated users with low privileges can execute arbitrary commands when spawn failures trigger shell fallback with cmd.exe, exploiting workflow-controlled parameters. A patch is available from the vendor, and while no KEV or EPSS data indicates active exploitation at this time, the vulnerability has a CVSS score of 7.0 (High).
OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in the Windows scheduled task script generation component. Attackers with low-level local privileges and control over service script generation values can inject cmd metacharacters into the gateway.cmd arguments to execute arbitrary commands with high impact to confidentiality, integrity, and availability. There is no indication of active exploitation (not in CISA KEV), but a patch commit is publicly available which may facilitate proof-of-concept development.
OpenClaw, an open-source game engine component, contains a command injection vulnerability in its Windows Scheduled Task script generation mechanism. Versions prior to 2026.2.18 write environment variables unquoted to gateway.cmd files, allowing attackers to inject shell metacharacters that break out of assignment context and execute arbitrary commands when the scheduled task runs. This vulnerability has a CVSS score of 7.4 (High) with local attack vector and high attack complexity, and a patch is currently available from the vendor.
An unauthenticated directory traversal vulnerability exists in Siyuan kernel's /appearance/ endpoint, allowing remote attackers to read arbitrary files accessible to the server process without authentication. The vulnerability affects the Go-based Siyuan note-taking application (github.com/siyuan-note/siyuan/kernel) and has been assigned a CVSS score of 7.5 (High). A working proof-of-concept exploit is publicly available demonstrating successful file retrieval via crafted URLs containing path traversal sequences, and a patch has been released by the vendor.
A time-based one-time password (TOTP) reuse vulnerability exists in Vikunja's authentication implementation where a valid TOTP code can be used multiple times within its 30-second validity window, allowing an attacker who captures or obtains a valid code to authenticate as a targeted user. This affects all users who have enabled two-factor authentication (2FA) on Vikunja instances, and while the CVSS score of 5.7 reflects moderate severity, the vulnerability undermines a critical layer of the defense-in-depth authentication model. A proof-of-concept demonstrating the reuse attack has been publicly disclosed.
ScreenToGif, a widely-used screen recording application, is vulnerable to DLL sideloading attacks through a malicious version.dll file. Versions from 2.42.1 and earlier are affected when the portable executable is run from user-writable directories, which is the primary intended use case for this application. Attackers can achieve arbitrary code execution in the user's context with high impact on confidentiality, integrity, and availability. No public patches are available at the time of disclosure, and no evidence of active exploitation (KEV status) has been reported.
Cryptomator versions 1.6.0 through 1.19.0 contain a path traversal vulnerability in vault configuration parsing where the masterkeyfile loader resolves an unverified keyId parameter as a filesystem path before integrity checks are performed. An attacker with the ability to supply a malicious vault configuration can exploit this to trigger arbitrary file existence checks, including UNC paths on Windows that can initiate outbound SMB connections before the user even enters a passphrase, potentially leading to information disclosure about local file structure and network exposure. The vulnerability has been patched in version 1.19.1, and while no active KEV exploitation has been reported, the low attack complexity and the ability to chain this with social engineering (malicious vault sharing) makes it a moderate practical risk.
Greenshot versions 1.3.312 and earlier contain an untrusted executable search path vulnerability (CWE-426) that allows local attackers with high privileges to achieve arbitrary code execution by hijacking the explorer.exe binary launch. When a user double-clicks the Greenshot tray icon to open the screenshot directory, the application launches explorer.exe using a relative path rather than an absolute path, enabling an attacker to plant a malicious executable in a prioritized search location. This vulnerability had no patch available at the time of publication and represents a real privilege escalation and code execution risk requiring immediate user action.
Heap corruption in Google Chrome's ANGLE graphics library on Windows versions prior to 146.0.7680.153 can be triggered through integer overflow when processing maliciously crafted HTML pages. An unauthenticated remote attacker can exploit this vulnerability by deceiving users into visiting a malicious website, potentially achieving arbitrary code execution. A patch is available across affected platforms including Google Chrome, Microsoft Edge, and various Linux distributions.
Command injection in OpenClaw versions before 2026.2.19 allows local attackers with limited privileges to execute arbitrary commands when the Lobster extension tool falls back to Windows shell execution after subprocess failures. The vulnerability exists because the tool uses shell: true after spawn errors, enabling attackers to inject shell metacharacters into command arguments. A patch is available for affected users.
OpenClaw versions prior to 2026.3.1 contain a current working directory (cwd) injection vulnerability in Windows wrapper resolution for .cmd/.bat files that allows local attackers to manipulate command execution through directory control during shell fallback mechanisms. An authenticated local attacker with low privileges can exploit this vulnerability to achieve command execution integrity loss by controlling the working directory, potentially leading to unauthorized code execution or privilege escalation. While no active in-the-wild exploitation has been reported in KEV databases, the vulnerability is documented with a proof-of-concept available through the vendor's security advisory on GitHub.
OpenClaw versions prior to 2026.2.19 allow local attackers with limited privileges to execute arbitrary commands through the Lobster extension's Windows shell fallback mechanism by injecting malicious arguments into workflow processes. The vulnerability exploits cmd.exe command interpretation when spawn operations fail and trigger shell execution, enabling command injection with potential impact on system integrity and availability. A patch is available for affected versions.
OpenClaw contains a local command injection vulnerability in Windows scheduled task script generation that allows authenticated local attackers to inject arbitrary commands through unsafe handling of cmd metacharacters and CR/LF sequences in gateway.cmd files. OpenClaw versions prior to 2026.2.19 are affected. Attackers with control over service script generation arguments can execute unintended code in the scheduled task context with high impact to integrity and availability.
OpenClaw versions before 2026.2.19 allow local authenticated users to execute arbitrary commands by injecting shell metacharacters into environment variable values during Windows Scheduled Task script generation. The vulnerability stems from unquoted variable assignments in gateway.cmd that fail to sanitize special characters like &, |, ^, %, and !, enabling command injection when the task script runs. A patch is available to address this local privilege escalation risk.
A path traversal vulnerability in A Path Traversal vulnerability (CVSS 10.0). Critical severity with potential for significant impact on affected systems.
SiYuan's Bazaar marketplace fails to sanitize package metadata (displayName, description) before rendering in the Electron desktop application, allowing stored XSS that escalates to arbitrary remote code execution. Any SiYuan user (versions ≤3.5.9) who browses the Bazaar will automatically execute attacker-controlled code with full OS-level privileges when a malicious package card renders-no installation or user interaction required. A functional proof-of-concept exists demonstrating command execution via img onerror handlers, and this vulnerability is actively tracked in GitHub's advisory database (GHSA-mvpm-v6q4-m2pf), making it a critical supply-chain risk to the SiYuan user community.
SiYuan's Bazaar (community package marketplace) fails to sanitize HTML in package README files during rendering, allowing stored XSS that escalates to remote code execution due to unsafe Electron configuration. An attacker can submit a malicious package with embedded JavaScript in the README that executes with full Node.js access when any user views the package details in the Bazaar. This affects SiYuan versions 3.5.9 and earlier across Windows, macOS, and Linux, with a CVSS score of 9.6 and multiple real-world exploitation vectors including data theft, reverse shells, and persistent backdoors.
OpenClaw versions prior to 2026.2.21 contain an approval-integrity mismatch vulnerability in the system.run function that allows authenticated operators to execute arbitrary commands on Windows systems by appending malicious arguments after cmd.exe /c while the approval audit log records only the benign command text. An authenticated attacker with operator privileges can exploit this to achieve local command execution on trusted Windows nodes with mismatched or incomplete audit trails, enabling information disclosure and lateral movement while evading detection.
CVE-2026-3856 is a security vulnerability (CVSS 5.3) that allows an attacker. Remediation should follow standard vulnerability management procedures. Vendor patch is available.
Netskope's Endpoint DLP Module for Windows is vulnerable to an integer overflow in its DLL Injector that can be triggered by a high-privileged local user to crash the system. When the Endpoint DLP module is enabled, successful exploitation results in a Blue Screen of Death and denial of service on the affected machine. No patch is currently available for this medium-severity vulnerability.
Netskope was notified about a potential gap in its Endpoint DLP Module for Netskope Client on Windows systems.
Improper Neutralization of Input During Web Page Generation in Forcepoint Web Security (On-Prem) on Windows allows Stored XSS.This issue affects Web Security through 8.5.6.
A DLL search order hijacking vulnerability in Thermalright TR-VISION HOME allows local attackers to execute arbitrary code with administrative privileges through DLL side-loading. The vulnerability affects versions up to 2.0.5 and occurs because the application loads DLLs using Windows' default search order without verifying integrity or signatures, allowing malicious DLLs placed in writable directories to be loaded when the application runs. No active exploitation has been reported (not in KEV), no public POC is available, and EPSS data is not yet available for this CVE.
The Lenovo Virtual Bus driver in Smart Connect contains a divide-by-zero flaw that enables local authenticated users to trigger a system crash (blue screen). No patch is currently available, leaving affected Windows systems vulnerable to denial-of-service attacks by privileged local users.
The Lenovo Virtual Bus driver in Smart Connect contains a buffer overflow that allows local authenticated users to corrupt memory and trigger system crashes on Windows systems. This vulnerability requires valid credentials and local access, limiting exposure to users already present on affected machines. No patch is currently available to address this issue.
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. [CVSS 7.8 HIGH]
Privilege escalation in Microsoft Azure Connected Machine Agent on Windows allows local authenticated users to bypass authentication mechanisms and gain elevated system privileges. An attacker with existing local access can exploit alternate authentication paths to escalate their permissions without user interaction. No patch is currently available for this vulnerability affecting Arc Enabled Servers.
Remote code execution in Windows RRAS across Server 2016, 2022, and 2025 via an integer overflow vulnerability allows authenticated attackers to execute arbitrary code over the network with high privileges. Public exploit code exists for this vulnerability, and no patch is currently available. Authenticated users with network access can trigger the vulnerability through a simple interaction to gain complete system compromise.
Untrusted search path in Windows GDI allows an unauthorized attacker to execute code locally. [CVSS 7.8 HIGH]
Privilege escalation in Windows DWM Core Library affects Windows 10 versions 21H2 and 1809 through a use-after-free memory corruption vulnerability that allows authenticated local attackers to gain system-level privileges. The vulnerability requires local access and valid user credentials but no user interaction, creating a significant risk for multi-user systems. No patch is currently available.
Privilege escalation in Windows Telephony Service through heap buffer overflow affects Windows 10 1607, Windows 11 25h2, and Windows Server 2012, allowing adjacent network attackers to gain elevated system access without authentication. The vulnerability has a high CVSS score of 8.8 but currently lacks a patch, creating significant risk for exposed systems. Exploitation requires network proximity but no user interaction.
Unauthorized disclosure of sensitive information in Windows Accessibility Infrastructure (ATBroker.exe) affects Windows Server 2019, 2025, Windows 10 22h2, and Windows 11 25h2, allowing local authenticated attackers to read confidential data. The vulnerability requires user privileges and local access but poses no risk to system integrity or availability. No patch is currently available for this issue.
Windows Shell Link Processing leaks sensitive information over the network in Windows Server 2012, 2019, and 2022, enabling remote spoofing attacks without authentication or user interaction. An unauthenticated attacker can exploit this information disclosure to conduct spoofing attacks against affected systems. No patch is currently available.
Information disclosure in Windows GDI+ affects Windows 11 (24h2, 25h2) and Windows Server 2012/2016, allowing unauthenticated attackers to read sensitive data remotely through an out-of-bounds memory access vulnerability. The flaw requires no user interaction and can be exploited over the network to compromise confidentiality without modifying system data or availability. No patch is currently available for this high-severity vulnerability.
Windows Ancillary Function Driver for WinSock in Windows Server 2025, 2022, and Windows 10 1809 contains insufficient input validation that allows authenticated local users to escalate privileges. An attacker with local access and valid credentials can exploit this vulnerability to gain elevated system permissions, though no patch is currently available. This HIGH severity vulnerability affects multiple Windows Server and client versions with no active exploit mitigation path.
Windows Ancillary Function Driver for WinSock (AFD) in Windows 11 versions 24h2 and 26h1 contains a use-after-free vulnerability (CWE-416) that allows authenticated local attackers to escalate privileges through memory corruption. An attacker with local access could exploit this flaw to gain elevated system permissions, though no official patch is currently available.
Windows Ancillary Function Driver for WinSock in Windows 10 (all versions) and Windows 11 contains an access control weakness that enables authenticated local attackers to escalate privileges to system level. An attacker with standard user credentials can exploit this flaw to gain elevated rights on affected systems. No patch is currently available for this vulnerability.
Out-of-bounds read in Windows NTFS allows an authorized attacker to elevate privileges locally. [CVSS 7.8 HIGH]
Windows Extensible File Allocation (exFAT) contains an out-of-bounds read vulnerability affecting Windows Server 2022, Windows 10 1607, and Windows 11 versions 23h2/25h2, enabling authenticated local users to escalate privileges with high impact on confidentiality, integrity, and availability. The vulnerability requires local access and user-level privileges to exploit, with no patch currently available. This flaw carries a CVSS score of 7.8 and affects multiple supported Windows versions across server and client platforms.
Remote code execution in Windows RRAS affects Windows 10 1607 and Windows Server 2022 23h2 through an integer overflow vulnerability exploitable by authenticated network attackers. Public exploit code exists for this vulnerability, enabling authenticated users to execute arbitrary code with high integrity and confidentiality impact. No patch is currently available, making this a critical exposure for affected Windows environments.
Remote code execution in Windows Routing and Remote Access Service (RRAS) across Windows Server 2012, 2022, and 2022 23h2 stems from an integer overflow vulnerability that authenticated network attackers can exploit with user interaction. Public exploit code exists for this vulnerability, enabling attackers to achieve arbitrary code execution with high impact on confidentiality, integrity, and availability. No patch is currently available.
Privilege escalation in Windows Authentication Methods (Windows 10 22H2, Windows 11 26H1) stems from a use-after-free memory vulnerability that allows authenticated local attackers to gain elevated system privileges. The flaw requires low user privileges and manual interaction but provides complete system compromise through code execution. No patch is currently available for this high-severity vulnerability.
Use after free in Windows Hyper-V allows an authorized attacker to elevate privileges locally. [CVSS 7.0 HIGH]
Local code execution in Windows System Image Manager (Windows 11 23h2, Windows Server 2019/2022) through unsafe deserialization of untrusted data. An authenticated local attacker can exploit this vulnerability to execute arbitrary code with elevated privileges. No patch is currently available.
Privilege escalation in Windows Performance Counters via null pointer dereference affects Windows Server 2019 and Windows 11 systems, enabling authenticated local attackers to gain elevated privileges. The vulnerability impacts systems where users have standard account access, allowing them to escalate to higher privilege levels on affected machines. No patch is currently available.
Windows Kerberos authentication in Server 2012 and Windows 10 (versions 1607, 1809) contains a race condition that enables unauthenticated remote attackers to circumvent security feature protections. The synchronization flaw in concurrent resource access allows attackers to bypass intended security controls without user interaction over the network. No patch is currently available for this vulnerability.
Privilege escalation in Windows Device Association Service (Windows 10 versions 1607, 1809, and 21H2) stems from improper synchronization of shared resources, enabling local authenticated users to gain elevated system privileges. The vulnerability requires high attack complexity and no user interaction, making it exploitable by insiders or compromised local accounts. No patch is currently available.
Privilege escalation in Windows Device Association Service across Windows 10, 11, and Server 2022 stems from improper synchronization of shared resources, enabling local authenticated users to gain elevated system privileges. The vulnerability requires local access and specific timing conditions but poses high risk due to its impact on confidentiality, integrity, and availability. No patch is currently available.
Windows SMB Server authentication bypass across multiple versions (Windows 10 1607, Windows 11 23h2, Windows Server 2012/2025) permits authenticated local users to escalate privileges with high impact to confidentiality, integrity, and availability. The vulnerability stems from improper authentication validation in the SMB service, allowing a local attacker to gain system-level access without user interaction. No patch is currently available, leaving affected systems vulnerable to privilege escalation attacks from any authenticated user.
Privilege escalation in Windows Ancillary Function Driver for WinSock affects Windows 11 24H2, Windows Server 2022, and Windows Server 2025, allowing authenticated local attackers to gain system-level access through null pointer dereference. The vulnerability requires valid user credentials and local access but no user interaction to exploit. No patch is currently available.
Privilege escalation in Windows Accessibility Infrastructure (ATBroker.exe) across Windows 10, Windows 11, and Windows Server 2022 stems from improper permission assignments on a critical resource. A local authenticated attacker can exploit this misconfiguration to gain elevated privileges without user interaction. No patch is currently available for this vulnerability.
Windows Projected File System in Windows 11 and Server 2022 contains improper access control that enables authenticated local users to escalate privileges to system level. An attacker with valid credentials can exploit this vulnerability to gain elevated permissions without user interaction. Currently, no patch is available to address this issue.
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. [CVSS 7.8 HIGH]
Arbitrary code execution in Windows 10 (versions 21H2 and 22H2) via heap buffer overflow in Mobile Broadband functionality requires physical access to a target device. An attacker with direct hardware access can trigger memory corruption to achieve kernel-level code execution with full system privileges. No patch is currently available for this vulnerability.
Windows Kernel path traversal vulnerability in Server 2025, Server 2022, Windows 11 24h2, and Windows 10 22h2 enables authenticated local attackers to achieve full system compromise through privilege escalation. The flaw allows an authorized user to manipulate file name or path parameters, bypassing access controls and gaining kernel-level privileges. No patch is currently available.
Privilege escalation in Windows 11 (24h2, 26h1) and Windows Server 2022 (23h2) via heap overflow allows authenticated local users to gain system-level access. The vulnerability requires valid credentials but no user interaction, making it a direct path to complete system compromise. No patch is currently available.
Windows MapUrlToZone security bypass in Windows 11 24H2, Windows 10 21H2, and Windows Server 2016/2025 allows unauthenticated remote attackers to circumvent zone-based security restrictions through improper path equivalence resolution. An attacker can exploit this network-accessible vulnerability without user interaction to bypass intended access controls. No patch is currently available for this high-severity vulnerability.
Windows ReFS contains an out-of-bounds read vulnerability affecting Server 2019, 2022, 2025, and Windows 11 26h1 that enables authenticated local users to escalate privileges with high impact to confidentiality, integrity, and availability. The vulnerability requires low attack complexity and no user interaction, making it exploitable by any authenticated user on the system. No patch is currently available for this HIGH severity issue.
Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability [CVSS 7.8 HIGH]
Privilege escalation in the Windows Bluetooth RFCOM Protocol Driver across Windows 11 26h1, Windows Server 2025, and Windows 10 1809 stems from improper synchronization of concurrent access to shared resources. An authenticated local attacker can exploit this race condition to gain elevated privileges on affected systems. No patch is currently available for this vulnerability.
Remote code execution in Microsoft Windows Print Spooler Components via use-after-free memory corruption enables authenticated network attackers to execute arbitrary code with high privileges. The vulnerability requires valid credentials but no user interaction, presenting a significant risk to organizations where print services are accessible to untrusted internal or remote users. No patch is currently available.
Windows Admin Center in Azure Portal contains an access control flaw that enables local authenticated users to escalate their privileges. An attacker with valid credentials can exploit this vulnerability to gain elevated permissions on the system. No patch is currently available for this issue.
Windows App Installer fails to adequately authenticate package data, enabling network-based attackers to conduct spoofing attacks without user interaction. This vulnerability affects Windows and Windows App installations, potentially allowing threat actors to deceive users into installing malicious or tampered applications. While no patch is currently available, the low EPSS score suggests exploitation is unlikely in the near term.
SAP GUI for Windows improperly loads DLL files from user-accessible directories, enabling arbitrary code execution when GuiXT is enabled. An attacker can exploit this by tricking a user into downloading a malicious DLL to a predictable location, resulting in code execution with the victim's privileges. No patch is currently available for this medium-severity vulnerability.
Medium severity vulnerability in ImageMagick. A 32-bit unsigned integer overflow in the XWD (X Windows) encoder can cause an undersized heap buffer allocation. When writing a extremely large image an out of bounds heap write can occur.
Improper access control in Acronis Cyber Protect 17 (Linux and Windows) prior to build 41186 allows authenticated users to view sensitive information they should not have access to. The vulnerability requires valid credentials and network access but does not enable data modification or system availability impacts. No patch is currently available for this medium-severity disclosure risk.
Acronis Cyber Protect 17 on Linux and Windows (before build 41186) exposes sensitive information through insecure headless browser configuration, allowing local authenticated users to read confidential data without modifying or disrupting system operations. The vulnerability requires local access and valid credentials but poses a direct confidentiality risk to organizations using affected versions. No patch is currently available.
Acronis Cyber Protect 17 prior to build 41186 contains insufficient access control validation that permits authenticated users to read sensitive data they should not have access to. The vulnerability affects both Linux and Windows deployments and requires valid credentials to exploit, limiting the attack surface to authenticated attackers. No patch is currently available.
Acronis Cyber Protect 17 (Linux, Windows) before build 41186 contains an improper access control vulnerability allowing authenticated users to delete reports they should not have permission to access. An attacker with valid credentials could exploit this to remove audit trails or other critical reports, potentially compromising compliance and forensic capabilities. No patch is currently available for this issue.
Improper symbolic link handling in Acronis Cyber Protect 17 for Windows (before build 41186) enables local attackers with limited privileges to escalate to system-level access through a race condition. An authenticated user can exploit this vulnerability to gain full control over the affected system, including reading sensitive data and modifying system configurations. No patch is currently available for this high-severity flaw.
Acronis Cyber Protect 17 for Windows before build 41186 allows local attackers with standard user privileges to escalate to system-level access through improper handling of symbolic links. An authenticated attacker can exploit this vulnerability to gain full control over the affected system, including the ability to read, modify, or delete sensitive data and execute arbitrary code. No patch is currently available for this vulnerability.
Acronis Cyber Protect 17 on Linux and Windows before build 41186 allows authenticated users to modify application settings due to inadequate authorization validation. An attacker with valid credentials could exploit this to alter configurations and potentially compromise system integrity or bypass security controls. No patch is currently available.
Acronis Cyber Protect 17 on Linux and Windows (before build 41186) fails to properly validate user permissions, allowing authenticated users to modify resources they should not have access to. The vulnerability requires valid credentials and does not enable remote code execution or denial of service, but could allow privilege escalation or unauthorized data manipulation within the application. No patch is currently available.
Acronis Cyber Protect 17 on Linux and Windows versions prior to build 41186 is vulnerable to denial of service through improper input validation in authentication logging functions. An unauthenticated remote attacker can crash the application or render it unavailable without requiring user interaction. No patch is currently available for this vulnerability.
Improper directory permissions in Acronis Cyber Protect 17 for Windows (before build 41186) allow local authenticated users to escalate privileges through a user-interaction-dependent attack vector. An attacker with local access could modify files or settings to gain elevated system permissions. No patch is currently available for this vulnerability.
Improper authorization checks in Acronis Cyber Protect 17 (Linux, Windows) before build 41186 allow local authenticated users to access sensitive information and modify data. This medium-severity vulnerability requires local access and user privileges but poses no availability risk. No patch is currently available for this issue.
Improper authorization checks in Acronis Cyber Protect 17 (Linux and Windows) before build 41186 allow authenticated users to access sensitive information they should not have permission to view. An attacker with valid credentials can exploit this vulnerability to disclose confidential data without performing any additional actions. No patch is currently available for this medium-severity issue.
Acronis Cyber Protect 17 before build 41186 transmits sensitive cryptographic material unnecessarily, allowing adjacent network attackers to potentially intercept and obtain this sensitive data under specific conditions. The vulnerability requires user interaction and affects both Linux and Windows deployments. No patch is currently available.
Acronis Cyber Protect 17 for Windows before build 41186 is vulnerable to local privilege escalation through DLL hijacking, allowing authenticated attackers to escalate privileges on affected systems. An attacker with local access and low privileges can exploit this vulnerability to gain higher-level permissions without user interaction. No patch is currently available for this vulnerability.
Acronis Cyber Protect 17 before build 41186 on Windows is vulnerable to local privilege escalation through DLL hijacking, allowing authenticated users to gain elevated system privileges. An attacker with local access and low privileges can exploit this weakness to execute code with higher permissions. No patch is currently available for this issue.
Improper authentication in Acronis Cyber Protect 17.
Acronis Cyber Protect 17 on Linux and Windows before build 41186 contains an authorization bypass that allows authenticated users to manipulate resources they should not have access to. The vulnerability requires valid credentials and network access but poses a moderate risk of unauthorized data modification within the affected environment.
Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40497, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186. [CVSS 4.4 MEDIUM]
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 41124. [CVSS 7.3 HIGH]
Sensitive information disclosure and manipulation due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186, Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124. [CVSS 5.5 MEDIUM]