Windows
Monthly
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
Improper link resolution before file access ('link following') in Windows Performance Recorder allows an authorized attacker to deny service locally.
A privilege escalation vulnerability in Numeric truncation error in Windows Shell (CVSS 7.8) that allows an authorized attacker. High severity vulnerability requiring prompt remediation.
Null pointer dereference in Windows NTFS allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
A privilege escalation vulnerability in Double free in Windows Win32K - ICOMP (CVSS 7.8) that allows an authorized attacker. High severity vulnerability requiring prompt remediation.
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to execute code over a network.
Exposure of sensitive information to an unauthorized actor in Windows User-Mode Driver Framework Host allows an authorized attacker to disclose information locally.
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
A privilege escalation vulnerability in Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock (CVSS 7.8) that allows an authorized attacker. High severity vulnerability requiring prompt remediation.
Use after free in Windows Event Tracing allows an authorized attacker to elevate privileges locally.
Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.
Out-of-bounds read in Windows TDX.sys allows an authorized attacker to disclose information locally.
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Cryptographic issues in Windows Cryptographic Services allows an unauthorized attacker to disclose information over a network.
Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network.
Improper link resolution before file access ('link following') in Windows AppX Deployment Service allows an authorized attacker to elevate privileges locally.
Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network.
Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
Access of resource using incompatible type ('type confusion') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an unauthorized attacker to bypass a security feature over a network.
A privilege escalation vulnerability (CVSS 6.7) that allows an authorized attacker. Remediation should follow standard vulnerability management procedures.
CVE-2025-48810 is a security vulnerability (CVSS 5.5) that allows an authorized attacker. Remediation should follow standard vulnerability management procedures.
CVE-2025-48809 is a security vulnerability (CVSS 5.5) that allows an authorized attacker. Remediation should follow standard vulnerability management procedures.
Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.
A security vulnerability in Acceptance of extraneous untrusted data with trusted data in Windows BitLocker (CVSS 6.8) that allows an unauthorized attacker. Remediation should follow standard vulnerability management procedures.
A privilege escalation vulnerability (CVSS 6.7) that allows an authorized attacker. Remediation should follow standard vulnerability management procedures.
Improper certificate validation in Windows SMB allows an authorized attacker to perform spoofing over a network.
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
Improper link resolution before file access ('link following') in Windows Update Service allows an authorized attacker to elevate privileges locally.
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to disclose information over an adjacent network.
Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.
A security vulnerability in Missing synchronization in Windows Hyper-V (CVSS 6.8) that allows an authorized attacker. Remediation should follow standard vulnerability management procedures.
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Integer underflow (wrap or wraparound) in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally.
A privilege escalation vulnerability in Untrusted pointer dereference in Windows Event Tracing (CVSS 7.8) that allows an authorized attacker. High severity vulnerability requiring prompt remediation.
Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network.
Improper input validation in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network.
Exposure of sensitive information to an unauthorized actor in Windows Imaging Component allows an unauthorized attacker to disclose information locally.
Out-of-bounds read in Windows Kerberos allows an authorized attacker to deny service over a network.
Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
A privilege escalation vulnerability in Double free in Windows SSDP Service (CVSS 7.0) that allows an authorized attacker. High severity vulnerability requiring prompt remediation.
Protection mechanism failure in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
CVE-2025-26636 is a security vulnerability (CVSS 5.5) that allows an authorized attacker. Remediation should follow standard vulnerability management procedures.
CVE-2025-42979 is a security vulnerability (CVSS 5.6). Remediation should follow standard vulnerability management procedures.
A remote code execution vulnerability in Dradis through 4.16.0 (CVSS 4.1). Remediation should follow standard vulnerability management procedures.
ASNA Assist and ASNA Registrar before 2025-03-31 allow deserialization attacks against .NET remoting. These are Windows system services that support license key management and deprecated Windows network authentication. The services are implemented with .NET remoting and can be exploited via well-known deserialization techniques inherent in the technology. Because the services run with SYSTEM-level rights, exploits can be crafted to achieve escalation of privilege and arbitrary code execution. This affects DataGate for SQL Server 17.0.36.0 and 16.0.89.0, DataGate Component Suite 17.0.36.0 and 16.0.89.0, DataGate Monitor 17.0.26.0 and 16.0.65.0, DataGate WebPak 17.0.37.0 and 16.0.90.0, Monarch for .NET 11.4.50.0 and 10.0.62.0, Encore RPG 4.1.36.0, Visual RPG .NET FW 17.0.37.0 and 16.0.90.0, Visual RPG .NET FW Windows Deployment 17.0.36.0 and 16.0.89.0, WingsRPG 11.0.38.0 and 10.0.95.0, Mobile RPG 11.0.35.0 and 10.0.94.0, Monarch Framework for .NET FW 11.0.36.0 and 10.0.89.0, Browser Terminal 17.0.37.0 and 16.0.90.0, Visual RPG Classic 5.2.7.0 and 5.1.17.0, Visual RPG Deployment 5.2.7.0 and 5.1.17.0, and DataGate Studio 17.0.38.0 and 16.0.104.0.
During startup, the device automatically logs in the EPC2 Windows user without requesting a password.
The hard drives of the device are not encrypted using a full volume encryption feature such as BitLocker. This allows an attacker with physical access to the device to use an alternative operating system to interact with the hard drives, completely circumventing the Windows login. The attacker can read from and write to all files on the hard drives.
In Tenable Nessus versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege.
A remote code execution vulnerability in Electron (CVSS 7.8). High severity vulnerability requiring prompt remediation.
Arc before 1.26.1 on Windows has a bypass issue in the site settings that allows websites (with previously granted permissions) to add new permissions when the user clicks anywhere on the website.
CVE-2025-49797 is a privilege escalation vulnerability in multiple Brother device driver installers for Windows that allows a local attacker with limited user privileges to execute arbitrary code with administrative rights without user interaction. The vulnerability affects various Brother printer and multifunction device driver packages across multiple versions. While the CVSS score of 7.8 indicates significant severity, real-world exploitability depends on whether an attacker has local access to a system during driver installation or can manipulate installer processes.
CVE-2025-41255 is a security vulnerability (CVSS 8.0). High severity vulnerability requiring prompt remediation.
Insufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)
CVE-2025-36537 is a local privilege escalation vulnerability in TeamViewer Client (Full and Host) and Tensor prior to version 15.67 on Windows that allows an unprivileged local user to delete arbitrary files with SYSTEM privileges by exploiting improper permission assignment in the MSI rollback mechanism. The vulnerability is limited to Remote Management features (Backup, Monitoring, and Patch Management), has a CVSS score of 7.0, and requires local access with medium attack complexity but no user interaction. This vulnerability represents a significant elevation-of-privilege risk for organizations relying on TeamViewer for remote management.
CVE-2025-6513 is a local privilege escalation vulnerability in the BRAIN2 application where standard Windows users can access and decrypt the application's database configuration file without authentication. This allows unprivileged local users to obtain database credentials and potentially compromise sensitive data, with a CVSS score of 9.3 indicating critical severity. The vulnerability affects system confidentiality, integrity, and availability across trust boundaries.
CVE-2022-49976 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.
CVE-2022-49963 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.
Local privilege escalation vulnerability in Trend Micro Security 17.8 (Consumer) that exploits insecure link following to allow a low-privileged local attacker to delete privileged Trend Micro files, potentially compromising the security product's integrity. With a CVSS score of 7.8 and low attack complexity (AC:L), this vulnerability poses a significant risk to consumer systems where privilege escalation could disable or corrupt critical security components. No active exploitation (KEV status) or public POC has been reported at this time, but the low barrier to exploitation (local access with low privileges required) warrants prompt patching.
Local privilege escalation vulnerability in Citrix Workspace app for Windows that allows low-privileged users to gain SYSTEM-level privileges through an improper privilege management flaw (CWE-269). The vulnerability has a CVSS score of 7.8 (High) with low attack complexity and no user interaction required, making it a significant local threat. Status of KEV inclusion, active exploitation, and proof-of-concept availability cannot be confirmed from provided data, but the combination of high CVSS and local attack vector suggests meaningful real-world risk for organizations running Citrix Workspace on Windows endpoints.
Local privilege escalation vulnerability in Citrix Secure Access Client for Windows that allows an authenticated, low-privileged user to escalate their privileges to SYSTEM level without user interaction. The vulnerability affects the Citrix Secure Access Client application on Windows systems and represents a critical threat to enterprise environments where this client is deployed, as successful exploitation grants complete system control. The CVSS 7.8 score and confirmed local attack vector indicate this is a material risk for any organization using this software, though exploitation requires prior local access to an affected system.
A security vulnerability in Apache Tomcat installer for Windows (CVSS 8.4). High severity vulnerability requiring prompt remediation.
Privilege escalation vulnerability in Tenable Agent for Windows (versions prior to 10.8.5) that allows a non-administrative local user to execute arbitrary code with SYSTEM-level privileges. This is a local privilege escalation (LPE) vulnerability with high severity (CVSS 7.8) requiring only local access and low complexity exploitation. The vulnerability represents a critical risk in multi-user Windows environments where standard users could gain complete system control.
Local privilege escalation vulnerability in Tenable Agent for Windows (versions prior to 10.8.5) that allows non-administrative users to arbitrarily delete system files with SYSTEM privileges. This vulnerability has a CVSS score of 8.8 (High) and could enable local attackers to compromise system integrity and gain elevated privileges. The attack requires local access but no user interaction, making it a significant risk for multi-user Windows systems running vulnerable Tenable Agent versions.
Privilege escalation vulnerability in Tenable Agent for Windows (versions prior to 10.8.5) that allows non-administrative users to overwrite arbitrary system files with log content while executing at SYSTEM privilege level. This vulnerability enables local attackers without admin rights to achieve arbitrary file write operations with elevated privileges, potentially leading to system compromise. The vulnerability has a CVSS score of 8.4 (High) and affects Windows deployments; patch availability exists in version 10.8.5 and later.
Remote code execution vulnerability in Acer ControlCenter that exploits a misconfigured Windows Named Pipe to allow authenticated attackers with low privileges to execute arbitrary code with SYSTEM-level permissions. The vulnerability has a CVSS score of 8.8 (High) and requires only network access and low privileges, making it a significant elevation-of-privilege vector; real-world exploitation likelihood depends on confirmation of active KEV listing and public exploit availability.
Command injection vulnerability in Visual Studio that allows an authenticated attacker with local user interaction to execute arbitrary code over a network with high impact on confidentiality, integrity, and availability. While the vulnerability requires prior authorization and user interaction, successful exploitation could lead to complete system compromise. No public indication of active exploitation or widespread POC availability is currently documented, but the CVSS 7.1 score reflects significant risk in collaborative development environments where multiple authorized users access shared Visual Studio instances.
Path traversal vulnerability in Google Web Designer's template handling mechanism that enables remote code execution when users are socially engineered into downloading malicious ad templates. Versions prior to 16.3.0.0407 on Windows are affected, and the vulnerability requires user interaction (UI:R) but has no authentication requirements (PR:N). While CVSS 8.8 indicates high severity with complete confidentiality, integrity, and availability impact, exploitation probability and KEV status information is not provided in the available intelligence.
Privilege escalation vulnerability in UpdateNavi and UpdateNaviInstallService that allows local authenticated attackers to modify arbitrary registry values or execute arbitrary code through improper communication channel restrictions. Affected versions include UpdateNavi V1.4 L10-L33 and UpdateNaviInstallService 1.2.0091-1.2.0125. With a CVSS score of 7.1 and local attack vector requiring low privileges, this vulnerability poses significant risk to systems running vulnerable versions, particularly in scenarios where local user accounts have network access or elevation paths.
os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.
A security vulnerability in The (CVSS 6.3). Remediation should follow standard vulnerability management procedures.
DLL hijacking vulnerability in ClipShare Server for Windows (versions prior to 3.8.5) that allows local, non-privileged users to achieve arbitrary code execution and potential privilege escalation by placing malicious DLLs in the application directory. The vulnerability exploits Windows' default DLL search order, where the application directory is searched before system paths, and poses a reliable privilege escalation risk when ClipShare is run by elevated users. This is a local attack requiring write access to the installation directory.
A remote code execution vulnerability in the OSSEC HIDS agent for Windows (CVSS 9.5) that allows an attacker. Critical severity with potential for significant impact on affected systems.
CVE-2024-1243 is an improper input validation vulnerability in Wazuh agent for Windows (versions prior to 4.8.0) that allows attackers with control over the Wazuh server or possession of agent keys to redirect agents to malicious UNC paths, resulting in NetNTLMv2 hash leakage. The leaked hash can be relayed for remote code execution or abused for privilege escalation to SYSTEM level via AD CS certificate forging. This vulnerability represents a critical supply-chain/credential-leakage risk for Windows environments using Wazuh, though exploitation requires elevated privileges (high PR requirement) and knowledge of agent keys or server compromise.
A buffer overflow vulnerability in Heap-based buffer overflow in Microsoft Office Word (CVSS 8.4) that allows an unauthorized attacker. High severity vulnerability requiring prompt remediation.
Exposure of sensitive information to an unauthorized actor in Windows Hello allows an authorized attacker to disclose information locally.
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
Improper link resolution before file access ('link following') in Windows Performance Recorder allows an authorized attacker to deny service locally.
A privilege escalation vulnerability in Numeric truncation error in Windows Shell (CVSS 7.8) that allows an authorized attacker. High severity vulnerability requiring prompt remediation.
Null pointer dereference in Windows NTFS allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
A privilege escalation vulnerability in Double free in Windows Win32K - ICOMP (CVSS 7.8) that allows an authorized attacker. High severity vulnerability requiring prompt remediation.
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to execute code over a network.
Exposure of sensitive information to an unauthorized actor in Windows User-Mode Driver Framework Host allows an authorized attacker to disclose information locally.
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
A privilege escalation vulnerability in Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock (CVSS 7.8) that allows an authorized attacker. High severity vulnerability requiring prompt remediation.
Use after free in Windows Event Tracing allows an authorized attacker to elevate privileges locally.
Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.
Out-of-bounds read in Windows TDX.sys allows an authorized attacker to disclose information locally.
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Cryptographic issues in Windows Cryptographic Services allows an unauthorized attacker to disclose information over a network.
Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network.
Improper link resolution before file access ('link following') in Windows AppX Deployment Service allows an authorized attacker to elevate privileges locally.
Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network.
Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
Access of resource using incompatible type ('type confusion') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an unauthorized attacker to bypass a security feature over a network.
A privilege escalation vulnerability (CVSS 6.7) that allows an authorized attacker. Remediation should follow standard vulnerability management procedures.
CVE-2025-48810 is a security vulnerability (CVSS 5.5) that allows an authorized attacker. Remediation should follow standard vulnerability management procedures.
CVE-2025-48809 is a security vulnerability (CVSS 5.5) that allows an authorized attacker. Remediation should follow standard vulnerability management procedures.
Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.
A security vulnerability in Acceptance of extraneous untrusted data with trusted data in Windows BitLocker (CVSS 6.8) that allows an unauthorized attacker. Remediation should follow standard vulnerability management procedures.
A privilege escalation vulnerability (CVSS 6.7) that allows an authorized attacker. Remediation should follow standard vulnerability management procedures.
Improper certificate validation in Windows SMB allows an authorized attacker to perform spoofing over a network.
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
Improper link resolution before file access ('link following') in Windows Update Service allows an authorized attacker to elevate privileges locally.
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to disclose information over an adjacent network.
Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.
A security vulnerability in Missing synchronization in Windows Hyper-V (CVSS 6.8) that allows an authorized attacker. Remediation should follow standard vulnerability management procedures.
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Integer underflow (wrap or wraparound) in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally.
A privilege escalation vulnerability in Untrusted pointer dereference in Windows Event Tracing (CVSS 7.8) that allows an authorized attacker. High severity vulnerability requiring prompt remediation.
Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network.
Improper input validation in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network.
Exposure of sensitive information to an unauthorized actor in Windows Imaging Component allows an unauthorized attacker to disclose information locally.
Out-of-bounds read in Windows Kerberos allows an authorized attacker to deny service over a network.
Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
A privilege escalation vulnerability in Double free in Windows SSDP Service (CVSS 7.0) that allows an authorized attacker. High severity vulnerability requiring prompt remediation.
Protection mechanism failure in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
CVE-2025-26636 is a security vulnerability (CVSS 5.5) that allows an authorized attacker. Remediation should follow standard vulnerability management procedures.
CVE-2025-42979 is a security vulnerability (CVSS 5.6). Remediation should follow standard vulnerability management procedures.
A remote code execution vulnerability in Dradis through 4.16.0 (CVSS 4.1). Remediation should follow standard vulnerability management procedures.
ASNA Assist and ASNA Registrar before 2025-03-31 allow deserialization attacks against .NET remoting. These are Windows system services that support license key management and deprecated Windows network authentication. The services are implemented with .NET remoting and can be exploited via well-known deserialization techniques inherent in the technology. Because the services run with SYSTEM-level rights, exploits can be crafted to achieve escalation of privilege and arbitrary code execution. This affects DataGate for SQL Server 17.0.36.0 and 16.0.89.0, DataGate Component Suite 17.0.36.0 and 16.0.89.0, DataGate Monitor 17.0.26.0 and 16.0.65.0, DataGate WebPak 17.0.37.0 and 16.0.90.0, Monarch for .NET 11.4.50.0 and 10.0.62.0, Encore RPG 4.1.36.0, Visual RPG .NET FW 17.0.37.0 and 16.0.90.0, Visual RPG .NET FW Windows Deployment 17.0.36.0 and 16.0.89.0, WingsRPG 11.0.38.0 and 10.0.95.0, Mobile RPG 11.0.35.0 and 10.0.94.0, Monarch Framework for .NET FW 11.0.36.0 and 10.0.89.0, Browser Terminal 17.0.37.0 and 16.0.90.0, Visual RPG Classic 5.2.7.0 and 5.1.17.0, Visual RPG Deployment 5.2.7.0 and 5.1.17.0, and DataGate Studio 17.0.38.0 and 16.0.104.0.
During startup, the device automatically logs in the EPC2 Windows user without requesting a password.
The hard drives of the device are not encrypted using a full volume encryption feature such as BitLocker. This allows an attacker with physical access to the device to use an alternative operating system to interact with the hard drives, completely circumventing the Windows login. The attacker can read from and write to all files on the hard drives.
In Tenable Nessus versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege.
A remote code execution vulnerability in Electron (CVSS 7.8). High severity vulnerability requiring prompt remediation.
Arc before 1.26.1 on Windows has a bypass issue in the site settings that allows websites (with previously granted permissions) to add new permissions when the user clicks anywhere on the website.
CVE-2025-49797 is a privilege escalation vulnerability in multiple Brother device driver installers for Windows that allows a local attacker with limited user privileges to execute arbitrary code with administrative rights without user interaction. The vulnerability affects various Brother printer and multifunction device driver packages across multiple versions. While the CVSS score of 7.8 indicates significant severity, real-world exploitability depends on whether an attacker has local access to a system during driver installation or can manipulate installer processes.
CVE-2025-41255 is a security vulnerability (CVSS 8.0). High severity vulnerability requiring prompt remediation.
Insufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)
CVE-2025-36537 is a local privilege escalation vulnerability in TeamViewer Client (Full and Host) and Tensor prior to version 15.67 on Windows that allows an unprivileged local user to delete arbitrary files with SYSTEM privileges by exploiting improper permission assignment in the MSI rollback mechanism. The vulnerability is limited to Remote Management features (Backup, Monitoring, and Patch Management), has a CVSS score of 7.0, and requires local access with medium attack complexity but no user interaction. This vulnerability represents a significant elevation-of-privilege risk for organizations relying on TeamViewer for remote management.
CVE-2025-6513 is a local privilege escalation vulnerability in the BRAIN2 application where standard Windows users can access and decrypt the application's database configuration file without authentication. This allows unprivileged local users to obtain database credentials and potentially compromise sensitive data, with a CVSS score of 9.3 indicating critical severity. The vulnerability affects system confidentiality, integrity, and availability across trust boundaries.
CVE-2022-49976 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.
CVE-2022-49963 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.
Local privilege escalation vulnerability in Trend Micro Security 17.8 (Consumer) that exploits insecure link following to allow a low-privileged local attacker to delete privileged Trend Micro files, potentially compromising the security product's integrity. With a CVSS score of 7.8 and low attack complexity (AC:L), this vulnerability poses a significant risk to consumer systems where privilege escalation could disable or corrupt critical security components. No active exploitation (KEV status) or public POC has been reported at this time, but the low barrier to exploitation (local access with low privileges required) warrants prompt patching.
Local privilege escalation vulnerability in Citrix Workspace app for Windows that allows low-privileged users to gain SYSTEM-level privileges through an improper privilege management flaw (CWE-269). The vulnerability has a CVSS score of 7.8 (High) with low attack complexity and no user interaction required, making it a significant local threat. Status of KEV inclusion, active exploitation, and proof-of-concept availability cannot be confirmed from provided data, but the combination of high CVSS and local attack vector suggests meaningful real-world risk for organizations running Citrix Workspace on Windows endpoints.
Local privilege escalation vulnerability in Citrix Secure Access Client for Windows that allows an authenticated, low-privileged user to escalate their privileges to SYSTEM level without user interaction. The vulnerability affects the Citrix Secure Access Client application on Windows systems and represents a critical threat to enterprise environments where this client is deployed, as successful exploitation grants complete system control. The CVSS 7.8 score and confirmed local attack vector indicate this is a material risk for any organization using this software, though exploitation requires prior local access to an affected system.
A security vulnerability in Apache Tomcat installer for Windows (CVSS 8.4). High severity vulnerability requiring prompt remediation.
Privilege escalation vulnerability in Tenable Agent for Windows (versions prior to 10.8.5) that allows a non-administrative local user to execute arbitrary code with SYSTEM-level privileges. This is a local privilege escalation (LPE) vulnerability with high severity (CVSS 7.8) requiring only local access and low complexity exploitation. The vulnerability represents a critical risk in multi-user Windows environments where standard users could gain complete system control.
Local privilege escalation vulnerability in Tenable Agent for Windows (versions prior to 10.8.5) that allows non-administrative users to arbitrarily delete system files with SYSTEM privileges. This vulnerability has a CVSS score of 8.8 (High) and could enable local attackers to compromise system integrity and gain elevated privileges. The attack requires local access but no user interaction, making it a significant risk for multi-user Windows systems running vulnerable Tenable Agent versions.
Privilege escalation vulnerability in Tenable Agent for Windows (versions prior to 10.8.5) that allows non-administrative users to overwrite arbitrary system files with log content while executing at SYSTEM privilege level. This vulnerability enables local attackers without admin rights to achieve arbitrary file write operations with elevated privileges, potentially leading to system compromise. The vulnerability has a CVSS score of 8.4 (High) and affects Windows deployments; patch availability exists in version 10.8.5 and later.
Remote code execution vulnerability in Acer ControlCenter that exploits a misconfigured Windows Named Pipe to allow authenticated attackers with low privileges to execute arbitrary code with SYSTEM-level permissions. The vulnerability has a CVSS score of 8.8 (High) and requires only network access and low privileges, making it a significant elevation-of-privilege vector; real-world exploitation likelihood depends on confirmation of active KEV listing and public exploit availability.
Command injection vulnerability in Visual Studio that allows an authenticated attacker with local user interaction to execute arbitrary code over a network with high impact on confidentiality, integrity, and availability. While the vulnerability requires prior authorization and user interaction, successful exploitation could lead to complete system compromise. No public indication of active exploitation or widespread POC availability is currently documented, but the CVSS 7.1 score reflects significant risk in collaborative development environments where multiple authorized users access shared Visual Studio instances.
Path traversal vulnerability in Google Web Designer's template handling mechanism that enables remote code execution when users are socially engineered into downloading malicious ad templates. Versions prior to 16.3.0.0407 on Windows are affected, and the vulnerability requires user interaction (UI:R) but has no authentication requirements (PR:N). While CVSS 8.8 indicates high severity with complete confidentiality, integrity, and availability impact, exploitation probability and KEV status information is not provided in the available intelligence.
Privilege escalation vulnerability in UpdateNavi and UpdateNaviInstallService that allows local authenticated attackers to modify arbitrary registry values or execute arbitrary code through improper communication channel restrictions. Affected versions include UpdateNavi V1.4 L10-L33 and UpdateNaviInstallService 1.2.0091-1.2.0125. With a CVSS score of 7.1 and local attack vector requiring low privileges, this vulnerability poses significant risk to systems running vulnerable versions, particularly in scenarios where local user accounts have network access or elevation paths.
os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.
A security vulnerability in The (CVSS 6.3). Remediation should follow standard vulnerability management procedures.
DLL hijacking vulnerability in ClipShare Server for Windows (versions prior to 3.8.5) that allows local, non-privileged users to achieve arbitrary code execution and potential privilege escalation by placing malicious DLLs in the application directory. The vulnerability exploits Windows' default DLL search order, where the application directory is searched before system paths, and poses a reliable privilege escalation risk when ClipShare is run by elevated users. This is a local attack requiring write access to the installation directory.
A remote code execution vulnerability in the OSSEC HIDS agent for Windows (CVSS 9.5) that allows an attacker. Critical severity with potential for significant impact on affected systems.
CVE-2024-1243 is an improper input validation vulnerability in Wazuh agent for Windows (versions prior to 4.8.0) that allows attackers with control over the Wazuh server or possession of agent keys to redirect agents to malicious UNC paths, resulting in NetNTLMv2 hash leakage. The leaked hash can be relayed for remote code execution or abused for privilege escalation to SYSTEM level via AD CS certificate forging. This vulnerability represents a critical supply-chain/credential-leakage risk for Windows environments using Wazuh, though exploitation requires elevated privileges (high PR requirement) and knowledge of agent keys or server compromise.
A buffer overflow vulnerability in Heap-based buffer overflow in Microsoft Office Word (CVSS 8.4) that allows an unauthorized attacker. High severity vulnerability requiring prompt remediation.
Exposure of sensitive information to an unauthorized actor in Windows Hello allows an authorized attacker to disclose information locally.