Windows
Monthly
Acronis Cyber Protect 17 on Linux and Windows (before build 41186) exposes sensitive information through insecure headless browser configuration, allowing local authenticated users to read confidential data without modifying or disrupting system operations. The vulnerability requires local access and valid credentials but poses a direct confidentiality risk to organizations using affected versions. No patch is currently available.
Acronis Cyber Protect 17 prior to build 41186 contains insufficient access control validation that permits authenticated users to read sensitive data they should not have access to. The vulnerability affects both Linux and Windows deployments and requires valid credentials to exploit, limiting the attack surface to authenticated attackers. No patch is currently available.
Acronis Cyber Protect 17 (Linux, Windows) before build 41186 contains an improper access control vulnerability allowing authenticated users to delete reports they should not have permission to access. An attacker with valid credentials could exploit this to remove audit trails or other critical reports, potentially compromising compliance and forensic capabilities. No patch is currently available for this issue.
Improper symbolic link handling in Acronis Cyber Protect 17 for Windows (before build 41186) enables local attackers with limited privileges to escalate to system-level access through a race condition. An authenticated user can exploit this vulnerability to gain full control over the affected system, including reading sensitive data and modifying system configurations. No patch is currently available for this high-severity flaw.
Acronis Cyber Protect 17 for Windows before build 41186 allows local attackers with standard user privileges to escalate to system-level access through improper handling of symbolic links. An authenticated attacker can exploit this vulnerability to gain full control over the affected system, including the ability to read, modify, or delete sensitive data and execute arbitrary code. No patch is currently available for this vulnerability.
Acronis Cyber Protect 17 on Linux and Windows before build 41186 allows authenticated users to modify application settings due to inadequate authorization validation. An attacker with valid credentials could exploit this to alter configurations and potentially compromise system integrity or bypass security controls. No patch is currently available.
Acronis Cyber Protect 17 on Linux and Windows (before build 41186) fails to properly validate user permissions, allowing authenticated users to modify resources they should not have access to. The vulnerability requires valid credentials and does not enable remote code execution or denial of service, but could allow privilege escalation or unauthorized data manipulation within the application. No patch is currently available.
Acronis Cyber Protect 17 on Linux and Windows versions prior to build 41186 is vulnerable to denial of service through improper input validation in authentication logging functions. An unauthenticated remote attacker can crash the application or render it unavailable without requiring user interaction. No patch is currently available for this vulnerability.
Improper directory permissions in Acronis Cyber Protect 17 for Windows (before build 41186) allow local authenticated users to escalate privileges through a user-interaction-dependent attack vector. An attacker with local access could modify files or settings to gain elevated system permissions. No patch is currently available for this vulnerability.
Improper authorization checks in Acronis Cyber Protect 17 (Linux, Windows) before build 41186 allow local authenticated users to access sensitive information and modify data. This medium-severity vulnerability requires local access and user privileges but poses no availability risk. No patch is currently available for this issue.
Improper authorization checks in Acronis Cyber Protect 17 (Linux and Windows) before build 41186 allow authenticated users to access sensitive information they should not have permission to view. An attacker with valid credentials can exploit this vulnerability to disclose confidential data without performing any additional actions. No patch is currently available for this medium-severity issue.
Acronis Cyber Protect 17 before build 41186 transmits sensitive cryptographic material unnecessarily, allowing adjacent network attackers to potentially intercept and obtain this sensitive data under specific conditions. The vulnerability requires user interaction and affects both Linux and Windows deployments. No patch is currently available.
Acronis Cyber Protect 17 for Windows before build 41186 is vulnerable to local privilege escalation through DLL hijacking, allowing authenticated attackers to escalate privileges on affected systems. An attacker with local access and low privileges can exploit this vulnerability to gain higher-level permissions without user interaction. No patch is currently available for this vulnerability.
Acronis Cyber Protect 17 before build 41186 on Windows is vulnerable to local privilege escalation through DLL hijacking, allowing authenticated users to gain elevated system privileges. An attacker with local access and low privileges can exploit this weakness to execute code with higher permissions. No patch is currently available for this issue.
Improper authentication in Acronis Cyber Protect 17.
Acronis Cyber Protect 17 on Linux and Windows before build 41186 contains an authorization bypass that allows authenticated users to manipulate resources they should not have access to. The vulnerability requires valid credentials and network access but poses a moderate risk of unauthorized data modification within the affected environment.
Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40497, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186. [CVSS 4.4 MEDIUM]
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 41124. [CVSS 7.3 HIGH]
Sensitive information disclosure and manipulation due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186, Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124. [CVSS 5.5 MEDIUM]
Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124. [CVSS 4.4 MEDIUM]
Windows cmd.exe metacharacter injection in OpenClaw before 2026.2.2. Bypass exec whitelist. Patch available.
Static TLS fingerprint in Rakuten Viber Cloak mode enables tracking despite privacy mode.
RustDesk Client through version 1.4.5 fails to properly verify data authenticity in its heartbeat synchronization loop, allowing remote attackers to manipulate the protocol and cause denial of service without authentication. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects Windows, macOS, Linux, Android, and iOS deployments.
Security vulnerability in RustDesk remote desktop client/server. One of 6+ critical CVEs affecting the open-source remote access platform.
RustDesk Server Pro through version 1.7.5 transmits sensitive address book credentials in cleartext over the network heartbeat synchronization API, enabling attackers to intercept and obtain authentication credentials without authentication. The vulnerability affects Windows, macOS, and Linux deployments where the address book sync functionality is enabled. No patch is currently available.
RustDesk Client through version 1.4.5 transmits sensitive preset address book credentials in cleartext during heartbeat synchronization, enabling network eavesdropping attacks across Windows, macOS, Linux, iOS, and Android platforms. An attacker positioned to intercept network traffic can capture authentication credentials by sniffing the unencrypted JSON payload. No patch is currently available for this high-severity vulnerability (CVSS 8.7).
Security vulnerability in RustDesk remote desktop client/server. One of 6+ critical CVEs affecting the open-source remote access platform.
Security vulnerability in RustDesk remote desktop client/server. One of 6+ critical CVEs affecting the open-source remote access platform.
Security vulnerability in RustDesk remote desktop client/server. One of 6+ critical CVEs affecting the open-source remote access platform.
Security vulnerability in RustDesk remote desktop client/server. One of 6+ critical CVEs affecting the open-source remote access platform.
Security vulnerability in RustDesk remote desktop client/server. One of 6+ critical CVEs affecting the open-source remote access platform.
RustDesk Client through version 1.4.5 on Windows, macOS, and Linux uses weak password hashing and improper object prototype handling in its password security and configuration encryption modules, allowing local authenticated attackers to extract embedded sensitive data including passwords and machine identifiers. The vulnerability affects critical cryptographic functions including symmetric_crypt() and decrypt_str_or_original(), enabling attackers with local access and valid credentials to compromise encrypted credentials and system identifiers. No patch is currently available.
Privilege escalation in RustDesk Client through version 1.4.5 on Windows, macOS, Linux, iOS, and Android allows unauthenticated remote attackers to abuse API sync and configuration management functions. The vulnerability in the rendezvous mediator and HTTP sync modules enables attackers to gain elevated privileges without user interaction. No patch is currently available for affected users.
RustDesk Server Pro through version 1.7.5 uses weak cryptographic algorithms in configuration string generation and web console export functions, enabling attackers to extract sensitive embedded data from exported configurations. This vulnerability affects Windows, macOS, and Linux deployments and requires no authentication or user interaction to exploit. No patch is currently available.
RustDesk Client through version 1.4.5 uses a broken cryptographic algorithm that allows attackers to retrieve sensitive embedded data during config import, URI scheme handling, or CLI operations across Windows, macOS, Linux, iOS, Android, and web clients. An unauthenticated remote attacker can exploit this vulnerability without user interaction to extract sensitive configuration information. No patch is currently available for this high-severity vulnerability.
Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. [CVSS 8.0 HIGH]
Django URL field validation triggers excessive Unicode normalization on Windows when processing certain malicious Unicode characters, enabling remote attackers to cause denial of service through crafted URL inputs. Affected versions include Django 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29, with potential impact to unsupported series 5.0.x, 4.1.x, and 3.2.x. A patch is available for all affected supported versions.
IDExpert Windows Logon Agent has a second RCE vulnerability through another unsigned code download path.
IDExpert Windows Logon Agent by Changing has an RCE vulnerability through download of code without integrity check, allowing malicious update injection.
Gradio versions up to 6.7 contains a vulnerability that allows attackers to read arbitrary files from the file system (CVSS 7.5).
HTTP::Session2 before version 1.12 for Perl generates predictable session identifiers on Windows systems when /dev/urandom is unavailable, falling back to weak randomization using rand() combined with guessable values like PID and epoch time. An attacker could predict valid session IDs to hijack user sessions, as SHA-1 hashing of these weak inputs provides insufficient cryptographic protection. This affects Perl applications using HTTP::Session2 on Windows platforms where secure random sources are not accessible.
Unquoted service path handling in IJ Scan Utility versions 1.1.2 through 1.5.0 on Windows allows privileged local attackers to achieve arbitrary code execution by placing a malicious executable in a predictable directory location. An authenticated user with high privileges could exploit this weakness to execute commands with the same permissions as the vulnerable service. No patch is currently available for this issue.
Null pointer dereference in Windows allows authenticated local users to cause a denial of service condition with potential system instability. An attacker with valid user credentials can trigger this memory safety issue to crash affected processes or degrade system availability. No patch is currently available for this vulnerability.
FreeRDP is a free implementation of the Remote Desktop Protocol. [CVSS 7.5 HIGH]
FreeRDP is a free implementation of the Remote Desktop Protocol. [CVSS 7.5 HIGH]
Use-after-free in FreeRDP xf_SetWindowMinMaxInfo before version 3.23.0. X11 client window management triggers memory corruption. PoC and patch available.
Local denial of service in Windows CLFS.sys driver allows unprivileged users to crash the system through improper handling of special elements. Affected versions include Windows 11 2024 LTSC and Windows Server 2025 prior to the September 2025 cumulative update, while Windows 25H2 and later contain the patch. No public exploit code is currently available, and the vulnerability carries a CVSS score of 5.5 with zero estimated probability of exploitation.
Adb Explorer contains a vulnerability that allows attackers to set the binary's path to point to a remote network resource, hosted on an attack (CVSS 7.8).
Fiber web framework versions 3.0.0 and earlier on Windows contain a path traversal vulnerability that allows remote attackers to bypass static file middleware protections and read arbitrary files from the server. Public exploit code exists for this vulnerability, which affects applications using the vulnerable Fiber versions. The issue has been patched in Fiber v3.1.0.
Local privilege escalation in Genetec Update Service. An authenticated, low-privileged, Windows user could exploit this vulnerability to gain elevated privileges on the affected system. [CVSS 7.8 HIGH]
Local admin could to leak information from the Genetec Update Service configuration web page. An authenticated, admin privileged, Windows user could exploit this vulnerability to gain elevated privileges in the Genetec Update Service. [CVSS 4.2 MEDIUM]
A vulnerability identified in the HX Agent driver file fekern.sys allowed a threat actor with local user access the ability to gain elevated system privileges. [CVSS 7.8 HIGH]
Cryptopro Secure Disk contains a vulnerability that allows attackers to execute arbitrary code in the context of the root user and enables an attacker t (CVSS 6.8).
Local privilege escalation via out-of-bounds memory read in Docker Desktop's grpcfuse kernel module (versions up to 4.61.0) on Linux, Windows, and macOS allows authenticated local attackers to achieve complete system compromise through manipulation of /proc/docker entries. The vulnerability requires local access and valid user credentials but enables reading and modifying arbitrary kernel memory with high impact on confidentiality, integrity, and availability. Docker Desktop 4.62.0 and later resolve this issue.
IDOR vulnerability in SolarWinds Serv-U allows accessing objects belonging to other users. Fourth critical Serv-U vulnerability in this batch.
Second type confusion vulnerability in SolarWinds Serv-U. Different attack vector from CVE-2025-40539 but same impact — arbitrary code execution.
Type confusion vulnerability in SolarWinds Serv-U enables arbitrary code execution. Second critical Serv-U vulnerability.
Broken access control in SolarWinds Serv-U allows unauthorized user creation by exploiting privilege assignment flaws. First of four critical Serv-U vulnerabilities.
A privilege escalation (PE) vulnerability in the Tencent PC Manager app thru 17.10.28554.205 on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition. [CVSS 7.4 HIGH]
A privilege escalation (PE) vulnerability in the Tencent iOA app thru 210.9.28693.621001 on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition. [CVSS 7.4 HIGH]
Werkzeug versions 3.1.5 and below on Windows fail to properly filter reserved device names in the safe_join function when paths contain multiple segments, allowing attackers to craft requests that trigger indefinite hangs by targeting special device names like NUL. Remote attackers can exploit this denial-of-service vulnerability against applications using send_from_directory to serve user-specified files. A patch is available in version 3.1.6.
RustDesk Client for Windows file transfer functionality allows local attackers with low-privileged code execution to read arbitrary files through symlink injection, potentially disclosing sensitive information with SYSTEM-level access. An attacker can exploit the Transfer File feature by uploading a specially crafted symbolic link to bypass access controls and access protected files on the target system. No patch is currently available for this vulnerability.
ADB Explorer through version 0.9.26020 fails to validate user-supplied directory paths, enabling local attackers to trigger recursive deletion of arbitrary filesystem directories including critical system and user folders. An attacker can exploit this by crafting a malicious shortcut or script that launches the application with a sensitive path argument, causing permanent data loss when the application processes the ClearDrag() function at startup or exit. Any user tricked into launching ADB Explorer via a weaponized shortcut or batch file faces complete loss of targeted directories such as Documents or user profile folders.
Spring Data Geode's snapshot import feature on Windows systems is vulnerable to path traversal attacks that enable attackers to write arbitrary files outside the intended extraction directory. Remote attackers can exploit this vulnerability without authentication to potentially overwrite critical system or application files. No patch is currently available.
Remote code execution in Calibre 9.2.1 and earlier allows authenticated users to write arbitrary files via a path traversal flaw in the extract_pictures() function that fails to properly sanitize directory traversal sequences. On Windows systems, attackers can exploit this to write malicious payloads to the Startup folder, achieving code execution upon the next user login. Public exploit code exists for this vulnerability, and a patch is available in version 9.3.0.
Missing authorization in Acronis Cyber Protect 16 allows sensitive data access. CVSS 10.0.
Second improper authentication in Acronis Cyber Protect 16. CVSS 10.0.
Improper authentication in Acronis Cyber Protect 16. CVSS 10.0.
Missing authentication in Acronis Cyber Protect Cloud Agent (Linux, Windows, macOS).
Arbitrary code execution in ADB Explorer version 0.9.26020 and earlier on Windows allows local attackers to execute malicious binaries by manipulating the ManualAdbPath configuration setting without integrity validation. An attacker can exploit this through social engineering by distributing a crafted settings file that redirects the application to a malicious executable, gaining code execution with user privileges. The vulnerability requires user interaction to launch the application with a malicious configuration directory.
Unauthenticated remote file read in Echo web framework versions 5.0.0-5.0.2 on Windows allows attackers to traverse outside the static root directory and access arbitrary files via backslash path sequences in requests. The vulnerability stems from improper path normalization where path.Clean() does not treat backslashes as separators, but the underlying os.Open() call on Windows does, enabling directory traversal. Public exploit code exists for this medium-severity vulnerability, though a patch is available in version 5.0.3.
Notepad++ versions before 8.9.2 allow local code execution through an unsafe search path vulnerability that permits attackers to hijack the Windows Explorer executable if they control the process working directory. A user with local access running the affected application could be tricked into executing a malicious explorer.exe, leading to arbitrary code execution with application privileges. Public exploit code exists for this vulnerability and no patch is currently available.
Buffer overflow in ChaosPro 2.0 fractal generator via configuration file path handling allows code execution through crafted configuration files. PoC available.
Control Center PRO 6.2.9 contains a stack-based buffer overflow vulnerability in the user creation module's username field that allows attackers to overwrite Structured Exception Handler (SEH). [CVSS 8.4 HIGH]
Crystal Live HTTP Server 6.01 contains a directory traversal vulnerability that allows remote attackers to access system files by manipulating URL path segments. [CVSS 7.5 HIGH]
Path traversal vulnerability in the AMR Printer Management 1.01 Beta web service, which allows remote attackers to read arbitrary files from the underlying Windows system by using specially crafted path traversal sequences in requests directed to the web management service.
Windows Admin Center's authentication mechanism can be bypassed by authenticated network users to gain elevated privileges on affected Windows systems. An attacker with valid credentials could exploit this weakness to escalate their access level without additional user interaction. A patch is available to remediate this high-severity vulnerability.
IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to a buffer being overwritten when it is allocated on the stack. [CVSS 6.5 MEDIUM]
Db2 Merge Backup versions up to 12.1.0.0 is affected by incorrect calculation of buffer size (CVSS 6.5).
Db2 Recovery Expert versions up to 5.5.0 is affected by cross-site request forgery (csrf) (CVSS 6.5).
Db2 Recovery Expert versions up to 5.5.0 is affected by cleartext transmission of sensitive information (CVSS 5.9).
Db2 Recovery Expert versions up to 5.5.0 contains a vulnerability that allows attackers to conduct various attacks against the vulnerable system, including cross-site scri (CVSS 6.5).
Db2 Merge Backup versions up to 12.1.0.0 contains a vulnerability that allows attackers to access sensitive information in memory due to the buffer not properly clearing r (CVSS 5.5).
Db2 versions up to 12.1.3 contains a vulnerability that allows attackers to an authenticated user to obtain sensitive information under specific HADR config (CVSS 5.3).
Db2 versions up to 12.1.3 is affected by improper restriction of xml external entity reference (CVSS 7.1).
Db2 contains a vulnerability that allows attackers to an authenticated user to cause a denial of service due to improper neutralizatio (CVSS 6.5).
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic
Total VPN 0.5.29.0 on Windows contains an unquoted search path vulnerability in win-service.exe that allows local attackers with low privileges to achieve code execution through path manipulation. The vulnerability requires high attack complexity and local access, but no patch is currently available from the vendor.
Local privilege escalation in Calero VeraSMART versions before 2026 R1 stems from hardcoded AES encryption keys embedded in Veramark.Framework.dll that protect service account credentials stored in app.settings. An attacker with local system access can extract these static keys, decrypt the stored passwords, and use the recovered credentials to authenticate as the service account, potentially gaining elevated privileges depending on that account's permissions. No patch is currently available for this vulnerability.
ADB Explorer on Windows versions prior to Beta 0.9.26020 allows local attackers to achieve remote code execution by crafting a malicious App.txt settings file that exploits insecure JSON deserialization with enabled type name handling. An attacker can inject a gadget chain payload into the configuration file that executes arbitrary code when the application launches and processes settings. No patch is currently available for affected versions.
Acronis Cyber Protect 17 on Linux and Windows (before build 41186) exposes sensitive information through insecure headless browser configuration, allowing local authenticated users to read confidential data without modifying or disrupting system operations. The vulnerability requires local access and valid credentials but poses a direct confidentiality risk to organizations using affected versions. No patch is currently available.
Acronis Cyber Protect 17 prior to build 41186 contains insufficient access control validation that permits authenticated users to read sensitive data they should not have access to. The vulnerability affects both Linux and Windows deployments and requires valid credentials to exploit, limiting the attack surface to authenticated attackers. No patch is currently available.
Acronis Cyber Protect 17 (Linux, Windows) before build 41186 contains an improper access control vulnerability allowing authenticated users to delete reports they should not have permission to access. An attacker with valid credentials could exploit this to remove audit trails or other critical reports, potentially compromising compliance and forensic capabilities. No patch is currently available for this issue.
Improper symbolic link handling in Acronis Cyber Protect 17 for Windows (before build 41186) enables local attackers with limited privileges to escalate to system-level access through a race condition. An authenticated user can exploit this vulnerability to gain full control over the affected system, including reading sensitive data and modifying system configurations. No patch is currently available for this high-severity flaw.
Acronis Cyber Protect 17 for Windows before build 41186 allows local attackers with standard user privileges to escalate to system-level access through improper handling of symbolic links. An authenticated attacker can exploit this vulnerability to gain full control over the affected system, including the ability to read, modify, or delete sensitive data and execute arbitrary code. No patch is currently available for this vulnerability.
Acronis Cyber Protect 17 on Linux and Windows before build 41186 allows authenticated users to modify application settings due to inadequate authorization validation. An attacker with valid credentials could exploit this to alter configurations and potentially compromise system integrity or bypass security controls. No patch is currently available.
Acronis Cyber Protect 17 on Linux and Windows (before build 41186) fails to properly validate user permissions, allowing authenticated users to modify resources they should not have access to. The vulnerability requires valid credentials and does not enable remote code execution or denial of service, but could allow privilege escalation or unauthorized data manipulation within the application. No patch is currently available.
Acronis Cyber Protect 17 on Linux and Windows versions prior to build 41186 is vulnerable to denial of service through improper input validation in authentication logging functions. An unauthenticated remote attacker can crash the application or render it unavailable without requiring user interaction. No patch is currently available for this vulnerability.
Improper directory permissions in Acronis Cyber Protect 17 for Windows (before build 41186) allow local authenticated users to escalate privileges through a user-interaction-dependent attack vector. An attacker with local access could modify files or settings to gain elevated system permissions. No patch is currently available for this vulnerability.
Improper authorization checks in Acronis Cyber Protect 17 (Linux, Windows) before build 41186 allow local authenticated users to access sensitive information and modify data. This medium-severity vulnerability requires local access and user privileges but poses no availability risk. No patch is currently available for this issue.
Improper authorization checks in Acronis Cyber Protect 17 (Linux and Windows) before build 41186 allow authenticated users to access sensitive information they should not have permission to view. An attacker with valid credentials can exploit this vulnerability to disclose confidential data without performing any additional actions. No patch is currently available for this medium-severity issue.
Acronis Cyber Protect 17 before build 41186 transmits sensitive cryptographic material unnecessarily, allowing adjacent network attackers to potentially intercept and obtain this sensitive data under specific conditions. The vulnerability requires user interaction and affects both Linux and Windows deployments. No patch is currently available.
Acronis Cyber Protect 17 for Windows before build 41186 is vulnerable to local privilege escalation through DLL hijacking, allowing authenticated attackers to escalate privileges on affected systems. An attacker with local access and low privileges can exploit this vulnerability to gain higher-level permissions without user interaction. No patch is currently available for this vulnerability.
Acronis Cyber Protect 17 before build 41186 on Windows is vulnerable to local privilege escalation through DLL hijacking, allowing authenticated users to gain elevated system privileges. An attacker with local access and low privileges can exploit this weakness to execute code with higher permissions. No patch is currently available for this issue.
Improper authentication in Acronis Cyber Protect 17.
Acronis Cyber Protect 17 on Linux and Windows before build 41186 contains an authorization bypass that allows authenticated users to manipulate resources they should not have access to. The vulnerability requires valid credentials and network access but poses a moderate risk of unauthorized data modification within the affected environment.
Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40497, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186. [CVSS 4.4 MEDIUM]
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 41124. [CVSS 7.3 HIGH]
Sensitive information disclosure and manipulation due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186, Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124. [CVSS 5.5 MEDIUM]
Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124. [CVSS 4.4 MEDIUM]
Windows cmd.exe metacharacter injection in OpenClaw before 2026.2.2. Bypass exec whitelist. Patch available.
Static TLS fingerprint in Rakuten Viber Cloak mode enables tracking despite privacy mode.
RustDesk Client through version 1.4.5 fails to properly verify data authenticity in its heartbeat synchronization loop, allowing remote attackers to manipulate the protocol and cause denial of service without authentication. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects Windows, macOS, Linux, Android, and iOS deployments.
Security vulnerability in RustDesk remote desktop client/server. One of 6+ critical CVEs affecting the open-source remote access platform.
RustDesk Server Pro through version 1.7.5 transmits sensitive address book credentials in cleartext over the network heartbeat synchronization API, enabling attackers to intercept and obtain authentication credentials without authentication. The vulnerability affects Windows, macOS, and Linux deployments where the address book sync functionality is enabled. No patch is currently available.
RustDesk Client through version 1.4.5 transmits sensitive preset address book credentials in cleartext during heartbeat synchronization, enabling network eavesdropping attacks across Windows, macOS, Linux, iOS, and Android platforms. An attacker positioned to intercept network traffic can capture authentication credentials by sniffing the unencrypted JSON payload. No patch is currently available for this high-severity vulnerability (CVSS 8.7).
Security vulnerability in RustDesk remote desktop client/server. One of 6+ critical CVEs affecting the open-source remote access platform.
Security vulnerability in RustDesk remote desktop client/server. One of 6+ critical CVEs affecting the open-source remote access platform.
Security vulnerability in RustDesk remote desktop client/server. One of 6+ critical CVEs affecting the open-source remote access platform.
Security vulnerability in RustDesk remote desktop client/server. One of 6+ critical CVEs affecting the open-source remote access platform.
Security vulnerability in RustDesk remote desktop client/server. One of 6+ critical CVEs affecting the open-source remote access platform.
RustDesk Client through version 1.4.5 on Windows, macOS, and Linux uses weak password hashing and improper object prototype handling in its password security and configuration encryption modules, allowing local authenticated attackers to extract embedded sensitive data including passwords and machine identifiers. The vulnerability affects critical cryptographic functions including symmetric_crypt() and decrypt_str_or_original(), enabling attackers with local access and valid credentials to compromise encrypted credentials and system identifiers. No patch is currently available.
Privilege escalation in RustDesk Client through version 1.4.5 on Windows, macOS, Linux, iOS, and Android allows unauthenticated remote attackers to abuse API sync and configuration management functions. The vulnerability in the rendezvous mediator and HTTP sync modules enables attackers to gain elevated privileges without user interaction. No patch is currently available for affected users.
RustDesk Server Pro through version 1.7.5 uses weak cryptographic algorithms in configuration string generation and web console export functions, enabling attackers to extract sensitive embedded data from exported configurations. This vulnerability affects Windows, macOS, and Linux deployments and requires no authentication or user interaction to exploit. No patch is currently available.
RustDesk Client through version 1.4.5 uses a broken cryptographic algorithm that allows attackers to retrieve sensitive embedded data during config import, URI scheme handling, or CLI operations across Windows, macOS, Linux, iOS, Android, and web clients. An unauthenticated remote attacker can exploit this vulnerability without user interaction to extract sensitive configuration information. No patch is currently available for this high-severity vulnerability.
Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. [CVSS 8.0 HIGH]
Django URL field validation triggers excessive Unicode normalization on Windows when processing certain malicious Unicode characters, enabling remote attackers to cause denial of service through crafted URL inputs. Affected versions include Django 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29, with potential impact to unsupported series 5.0.x, 4.1.x, and 3.2.x. A patch is available for all affected supported versions.
IDExpert Windows Logon Agent has a second RCE vulnerability through another unsigned code download path.
IDExpert Windows Logon Agent by Changing has an RCE vulnerability through download of code without integrity check, allowing malicious update injection.
Gradio versions up to 6.7 contains a vulnerability that allows attackers to read arbitrary files from the file system (CVSS 7.5).
HTTP::Session2 before version 1.12 for Perl generates predictable session identifiers on Windows systems when /dev/urandom is unavailable, falling back to weak randomization using rand() combined with guessable values like PID and epoch time. An attacker could predict valid session IDs to hijack user sessions, as SHA-1 hashing of these weak inputs provides insufficient cryptographic protection. This affects Perl applications using HTTP::Session2 on Windows platforms where secure random sources are not accessible.
Unquoted service path handling in IJ Scan Utility versions 1.1.2 through 1.5.0 on Windows allows privileged local attackers to achieve arbitrary code execution by placing a malicious executable in a predictable directory location. An authenticated user with high privileges could exploit this weakness to execute commands with the same permissions as the vulnerable service. No patch is currently available for this issue.
Null pointer dereference in Windows allows authenticated local users to cause a denial of service condition with potential system instability. An attacker with valid user credentials can trigger this memory safety issue to crash affected processes or degrade system availability. No patch is currently available for this vulnerability.
FreeRDP is a free implementation of the Remote Desktop Protocol. [CVSS 7.5 HIGH]
FreeRDP is a free implementation of the Remote Desktop Protocol. [CVSS 7.5 HIGH]
Use-after-free in FreeRDP xf_SetWindowMinMaxInfo before version 3.23.0. X11 client window management triggers memory corruption. PoC and patch available.
Local denial of service in Windows CLFS.sys driver allows unprivileged users to crash the system through improper handling of special elements. Affected versions include Windows 11 2024 LTSC and Windows Server 2025 prior to the September 2025 cumulative update, while Windows 25H2 and later contain the patch. No public exploit code is currently available, and the vulnerability carries a CVSS score of 5.5 with zero estimated probability of exploitation.
Adb Explorer contains a vulnerability that allows attackers to set the binary's path to point to a remote network resource, hosted on an attack (CVSS 7.8).
Fiber web framework versions 3.0.0 and earlier on Windows contain a path traversal vulnerability that allows remote attackers to bypass static file middleware protections and read arbitrary files from the server. Public exploit code exists for this vulnerability, which affects applications using the vulnerable Fiber versions. The issue has been patched in Fiber v3.1.0.
Local privilege escalation in Genetec Update Service. An authenticated, low-privileged, Windows user could exploit this vulnerability to gain elevated privileges on the affected system. [CVSS 7.8 HIGH]
Local admin could to leak information from the Genetec Update Service configuration web page. An authenticated, admin privileged, Windows user could exploit this vulnerability to gain elevated privileges in the Genetec Update Service. [CVSS 4.2 MEDIUM]
A vulnerability identified in the HX Agent driver file fekern.sys allowed a threat actor with local user access the ability to gain elevated system privileges. [CVSS 7.8 HIGH]
Cryptopro Secure Disk contains a vulnerability that allows attackers to execute arbitrary code in the context of the root user and enables an attacker t (CVSS 6.8).
Local privilege escalation via out-of-bounds memory read in Docker Desktop's grpcfuse kernel module (versions up to 4.61.0) on Linux, Windows, and macOS allows authenticated local attackers to achieve complete system compromise through manipulation of /proc/docker entries. The vulnerability requires local access and valid user credentials but enables reading and modifying arbitrary kernel memory with high impact on confidentiality, integrity, and availability. Docker Desktop 4.62.0 and later resolve this issue.
IDOR vulnerability in SolarWinds Serv-U allows accessing objects belonging to other users. Fourth critical Serv-U vulnerability in this batch.
Second type confusion vulnerability in SolarWinds Serv-U. Different attack vector from CVE-2025-40539 but same impact — arbitrary code execution.
Type confusion vulnerability in SolarWinds Serv-U enables arbitrary code execution. Second critical Serv-U vulnerability.
Broken access control in SolarWinds Serv-U allows unauthorized user creation by exploiting privilege assignment flaws. First of four critical Serv-U vulnerabilities.
A privilege escalation (PE) vulnerability in the Tencent PC Manager app thru 17.10.28554.205 on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition. [CVSS 7.4 HIGH]
A privilege escalation (PE) vulnerability in the Tencent iOA app thru 210.9.28693.621001 on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition. [CVSS 7.4 HIGH]
Werkzeug versions 3.1.5 and below on Windows fail to properly filter reserved device names in the safe_join function when paths contain multiple segments, allowing attackers to craft requests that trigger indefinite hangs by targeting special device names like NUL. Remote attackers can exploit this denial-of-service vulnerability against applications using send_from_directory to serve user-specified files. A patch is available in version 3.1.6.
RustDesk Client for Windows file transfer functionality allows local attackers with low-privileged code execution to read arbitrary files through symlink injection, potentially disclosing sensitive information with SYSTEM-level access. An attacker can exploit the Transfer File feature by uploading a specially crafted symbolic link to bypass access controls and access protected files on the target system. No patch is currently available for this vulnerability.
ADB Explorer through version 0.9.26020 fails to validate user-supplied directory paths, enabling local attackers to trigger recursive deletion of arbitrary filesystem directories including critical system and user folders. An attacker can exploit this by crafting a malicious shortcut or script that launches the application with a sensitive path argument, causing permanent data loss when the application processes the ClearDrag() function at startup or exit. Any user tricked into launching ADB Explorer via a weaponized shortcut or batch file faces complete loss of targeted directories such as Documents or user profile folders.
Spring Data Geode's snapshot import feature on Windows systems is vulnerable to path traversal attacks that enable attackers to write arbitrary files outside the intended extraction directory. Remote attackers can exploit this vulnerability without authentication to potentially overwrite critical system or application files. No patch is currently available.
Remote code execution in Calibre 9.2.1 and earlier allows authenticated users to write arbitrary files via a path traversal flaw in the extract_pictures() function that fails to properly sanitize directory traversal sequences. On Windows systems, attackers can exploit this to write malicious payloads to the Startup folder, achieving code execution upon the next user login. Public exploit code exists for this vulnerability, and a patch is available in version 9.3.0.
Missing authorization in Acronis Cyber Protect 16 allows sensitive data access. CVSS 10.0.
Second improper authentication in Acronis Cyber Protect 16. CVSS 10.0.
Improper authentication in Acronis Cyber Protect 16. CVSS 10.0.
Missing authentication in Acronis Cyber Protect Cloud Agent (Linux, Windows, macOS).
Arbitrary code execution in ADB Explorer version 0.9.26020 and earlier on Windows allows local attackers to execute malicious binaries by manipulating the ManualAdbPath configuration setting without integrity validation. An attacker can exploit this through social engineering by distributing a crafted settings file that redirects the application to a malicious executable, gaining code execution with user privileges. The vulnerability requires user interaction to launch the application with a malicious configuration directory.
Unauthenticated remote file read in Echo web framework versions 5.0.0-5.0.2 on Windows allows attackers to traverse outside the static root directory and access arbitrary files via backslash path sequences in requests. The vulnerability stems from improper path normalization where path.Clean() does not treat backslashes as separators, but the underlying os.Open() call on Windows does, enabling directory traversal. Public exploit code exists for this medium-severity vulnerability, though a patch is available in version 5.0.3.
Notepad++ versions before 8.9.2 allow local code execution through an unsafe search path vulnerability that permits attackers to hijack the Windows Explorer executable if they control the process working directory. A user with local access running the affected application could be tricked into executing a malicious explorer.exe, leading to arbitrary code execution with application privileges. Public exploit code exists for this vulnerability and no patch is currently available.
Buffer overflow in ChaosPro 2.0 fractal generator via configuration file path handling allows code execution through crafted configuration files. PoC available.
Control Center PRO 6.2.9 contains a stack-based buffer overflow vulnerability in the user creation module's username field that allows attackers to overwrite Structured Exception Handler (SEH). [CVSS 8.4 HIGH]
Crystal Live HTTP Server 6.01 contains a directory traversal vulnerability that allows remote attackers to access system files by manipulating URL path segments. [CVSS 7.5 HIGH]
Path traversal vulnerability in the AMR Printer Management 1.01 Beta web service, which allows remote attackers to read arbitrary files from the underlying Windows system by using specially crafted path traversal sequences in requests directed to the web management service.
Windows Admin Center's authentication mechanism can be bypassed by authenticated network users to gain elevated privileges on affected Windows systems. An attacker with valid credentials could exploit this weakness to escalate their access level without additional user interaction. A patch is available to remediate this high-severity vulnerability.
IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to a buffer being overwritten when it is allocated on the stack. [CVSS 6.5 MEDIUM]
Db2 Merge Backup versions up to 12.1.0.0 is affected by incorrect calculation of buffer size (CVSS 6.5).
Db2 Recovery Expert versions up to 5.5.0 is affected by cross-site request forgery (csrf) (CVSS 6.5).
Db2 Recovery Expert versions up to 5.5.0 is affected by cleartext transmission of sensitive information (CVSS 5.9).
Db2 Recovery Expert versions up to 5.5.0 contains a vulnerability that allows attackers to conduct various attacks against the vulnerable system, including cross-site scri (CVSS 6.5).
Db2 Merge Backup versions up to 12.1.0.0 contains a vulnerability that allows attackers to access sensitive information in memory due to the buffer not properly clearing r (CVSS 5.5).
Db2 versions up to 12.1.3 contains a vulnerability that allows attackers to an authenticated user to obtain sensitive information under specific HADR config (CVSS 5.3).
Db2 versions up to 12.1.3 is affected by improper restriction of xml external entity reference (CVSS 7.1).
Db2 contains a vulnerability that allows attackers to an authenticated user to cause a denial of service due to improper neutralizatio (CVSS 6.5).
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic
Total VPN 0.5.29.0 on Windows contains an unquoted search path vulnerability in win-service.exe that allows local attackers with low privileges to achieve code execution through path manipulation. The vulnerability requires high attack complexity and local access, but no patch is currently available from the vendor.
Local privilege escalation in Calero VeraSMART versions before 2026 R1 stems from hardcoded AES encryption keys embedded in Veramark.Framework.dll that protect service account credentials stored in app.settings. An attacker with local system access can extract these static keys, decrypt the stored passwords, and use the recovered credentials to authenticate as the service account, potentially gaining elevated privileges depending on that account's permissions. No patch is currently available for this vulnerability.
ADB Explorer on Windows versions prior to Beta 0.9.26020 allows local attackers to achieve remote code execution by crafting a malicious App.txt settings file that exploits insecure JSON deserialization with enabled type name handling. An attacker can inject a gadget chain payload into the configuration file that executes arbitrary code when the application launches and processes settings. No patch is currently available for affected versions.