Windows
Monthly
Nessus Agent on Windows systems contains improper file permission controls that allow local authenticated users to trigger denial of service attacks against the agent process. The vulnerability requires local access with standard user privileges and could disrupt security monitoring capabilities on affected hosts. No patch is currently available for this issue.
Local privilege escalation in Genetec Sipelia Plugin. An authenticated low-privileged Windows user could exploit this vulnerability to gain elevated privileges on the affected system.
Improper Certificate Validation vulnerability in Thales SafeNet Agent for Windows Logon on Windows allows Signature Spoofing by Improper Validation.This issue affects SafeNet Agent for Windows Logon: 4.0.0, 4.1.1, 4.1.2.
Privilege escalation in Dell iDRAC Service Module (Windows versions before 6.0.3.1 and Linux versions before 5.4.1.1) stems from improper access controls that allow local users with low privileges to gain elevated system access. An attacker with local access can exploit this vulnerability to obtain administrative capabilities on affected systems. No patch is currently available for this issue affecting both Windows and Linux environments.
Stack overflow in Torrent FLV Converter 1.51 Build 117 via SEH overwrite. PoC available.
An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to PAN-OS using expired certificates even if the PAN-OS configuration would not normally permit them to do so.
Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in the Mikogo-Service Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific path locations. [CVSS 7.8 HIGH]
its Windows service configuration contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).
GE Vernova Enervista UR Setup version 8.6 and earlier on Windows contains a vulnerability allowing high-privileged local attackers to modify system integrity without user interaction. An attacker with administrative privileges could exploit this flaw to alter critical configuration or data, though no patch is currently available.
A vulnerability in GE Vernova Enervista UR Setup on Windows allows File Manipulation.This issue affects Enervista: 8.6 and prior versions. [CVSS 2.9 LOW]
Unauthenticated attackers can read sensitive configuration files from SiYuan knowledge management systems prior to version 3.5.5 by exploiting case-sensitivity bypass in file access controls on Windows and other case-insensitive filesystems. The /api/file/getFile endpoint fails to properly validate mixed-case path traversal attempts, allowing unauthorized access to protected data. Public exploit code exists for this vulnerability, and no patch is currently available.
Windows App for Mac is susceptible to privilege escalation through improper symbolic link resolution, enabling authenticated local attackers to bypass access controls and gain elevated privileges. The vulnerability stems from insufficient validation during file operations and requires low-level user privileges and specific system conditions to exploit. No patch is currently available.
Windows Shell contains a protection mechanism failure (CVE-2026-21510, CVSS 8.8) that allows unauthenticated remote attackers to bypass security features over a network. KEV-listed, this vulnerability in the core Windows Shell component enables remote code execution by circumventing security boundaries designed to prevent execution of untrusted content received from the network.
Windows Storage component contains an authentication bypass that enables authenticated local users to escalate privileges on Windows 10, Windows 11, and Windows Server 2016/2019 systems. An attacker with valid local credentials can exploit this vulnerability to gain elevated system access without user interaction. No patch is currently available for this HIGH severity issue affecting multiple Windows versions.
Windows Hyper-V fails to properly enforce access controls, enabling local authenticated users to circumvent security features and gain unauthorized system access. This high-severity flaw affects Windows 10, Windows 11, Windows Server 2022, and Hyper-V implementations, allowing privileged attackers to escalate privileges across system boundaries. No patch is currently available for this vulnerability.
Privilege escalation in Windows Cluster Client Failover exploits a use-after-free memory vulnerability, enabling authenticated local users to gain elevated system privileges. The flaw affects Windows Server 2016, 2019, and 2025 installations where an attacker with existing local access can trigger the vulnerability through the failover clustering component. No patch is currently available for this high-severity vulnerability.
Windows HTTP.sys contains an unsafe pointer dereference vulnerability that enables authenticated local attackers to escalate privileges on affected systems including Windows 11, Windows Server 2025, and related versions. An attacker with local user access can exploit this flaw to gain system-level privileges with high confidence in successful exploitation. No patch is currently available for this vulnerability.
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing locally. [CVSS 3.3 LOW]
Heap overflow in Windows Hyper-V enables authenticated local users to achieve arbitrary code execution with high privileges on affected Windows and Windows Server systems. An attacker with local access and user-level permissions can trigger memory corruption through user interaction to compromise system integrity and confidentiality. This vulnerability affects Windows 10 1809, Windows Server 2025, and related Hyper-V implementations with no patch currently available.
Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally. [CVSS 7.3 HIGH]
Windows Kernel heap overflow in Windows 11 25h2 and Windows Server 2025 enables authenticated local attackers to achieve privilege escalation with high impact on confidentiality, integrity, and availability. The vulnerability requires local access and user privileges but no user interaction, making it a practical attack vector for lateral movement within systems. No patch is currently available, leaving affected systems exposed until remediation is released.
Heap overflow in Windows Hyper-V enables authenticated local users to achieve arbitrary code execution with high privileges (CVSS 7.3). Exploitation requires user interaction and local system access, affecting Windows 10 1809 and Windows Server 2025. No patch is currently available.
Windows LDAP service in Server 2022 and 2022 23H2 is vulnerable to denial of service through a null pointer dereference that can be triggered remotely without authentication. An attacker can exploit this flaw over the network to crash the LDAP service and disrupt directory access functionality. No patch is currently available for this vulnerability.
Windows Subsystem for Linux contains a use-after-free vulnerability that enables local privilege escalation for authenticated users. An attacker with valid local access could exploit this memory safety flaw to gain elevated system privileges on affected Windows Server 2022 systems.
Windows Ancillary Function Driver for WinSock in Windows 11 23h2 and Windows Server 2022 23h2 contains a use-after-free vulnerability that allows authenticated local users to achieve privilege escalation. An attacker with local access and valid credentials can trigger the memory safety flaw to gain elevated system privileges. No patch is currently available for this HIGH severity vulnerability.
Windows HTTP.sys contains a race condition between privilege checks and resource access that enables local authenticated users to escalate privileges on Windows 10 21H2, Windows 11 23H2, and Windows Server 2025. An attacker with valid credentials can exploit this timing vulnerability to gain system-level access. No patch is currently available for this vulnerability.
Privilege escalation via heap buffer overflow in Windows Kernel (Windows 10 21H2, Windows Server 2016) allows authenticated local users to gain elevated system privileges. The vulnerability requires local access and user-level permissions, making it exploitable by authorized account holders to bypass security boundaries. No patch is currently available for this issue.
Privilege escalation in the Windows Ancillary Function Driver for WinSock affects Windows 11 and Windows Server 2022/2019, allowing authenticated local users to gain elevated system privileges. The vulnerability stems from improper access control mechanisms and currently lacks a patch. An authenticated attacker with local access can exploit this to achieve full system compromise.
Local privilege escalation in Windows Subsystem for Linux affects Windows 11 23h2 and Windows 10 22h2 through a race condition in shared resource synchronization. An authenticated local attacker can exploit this vulnerability to gain elevated privileges on the system. No patch is currently available for this vulnerability.
Windows Ancillary Function Driver for WinSock contains a heap buffer overflow vulnerability that enables authenticated local users to achieve privilege escalation on affected Windows 10 and Server 2012 systems. An attacker with valid user credentials can exploit this memory corruption flaw to execute arbitrary code with elevated privileges. No patch is currently available for this vulnerability.
Local privilege escalation in Windows Connected Devices Platform Service exploits a race condition in resource synchronization, allowing authenticated attackers to gain elevated privileges on affected Windows systems including Server 2022, Windows 11 25h2, and Windows 10 21h2. The vulnerability requires local access and user interaction is not needed, making it a practical attack vector for users with standard privileges. No patch is currently available.
Windows HTTP.sys contains an untrusted pointer dereference vulnerability that enables authenticated local users to escalate privileges on Windows 11 and Windows Server 2022/2025 systems. An attacker with valid credentials can exploit this flaw to gain elevated access without user interaction. No patch is currently available for this HIGH severity issue affecting multiple Windows versions.
Windows Kernel privilege escalation vulnerability in Windows 10 21H2 and Windows Server 2012 stems from improper synchronization of concurrent access to shared resources, enabling local authenticated users to gain elevated system privileges. The race condition can be triggered without user interaction and impacts confidentiality, integrity, and availability of the affected system. No patch is currently available.
Windows Kernel inadvertently logs sensitive information accessible to authenticated local users, enabling information disclosure attacks. This medium-severity vulnerability affects Windows 10 22H2, Windows 11 23H2, and 24H2, as well as Linux systems, allowing authorized attackers with local access to retrieve confidential data. No patch is currently available for this issue.
Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network. [CVSS 7.5 HIGH]
Local code execution in Windows Notepad stems from inadequate sanitization of command metacharacters, enabling authenticated users to execute arbitrary commands through specially crafted input. The vulnerability requires user interaction and local access, making it exploitable by attackers with limited system privileges. No patch is currently available.
Forticlient versions up to 7.4.4 is affected by improper link resolution before file access (CVSS 7.1).
A flaw has been found in Artifex MuPDF versions up to 1.26.1 is affected by untrusted search path (CVSS 7.0).
SumatraPDF versions 3.5.0 through 3.5.2 fail to validate TLS certificates during software updates and execute installers without signature verification, allowing network attackers to perform man-in-the-middle attacks and inject malicious code. An attacker with any valid TLS certificate can intercept update requests and redirect users to a malicious installer, achieving arbitrary code execution on Windows systems. Public exploit code exists for this vulnerability and no patch is currently available.
PowerDocu versions prior to 2.4.0 allow arbitrary .NET object instantiation and code execution through unsafe deserialization of the $type property in JSON files within Flow or App packages. A local attacker with user interaction can exploit this vulnerability to achieve full system compromise. Public exploit code exists for this vulnerability, and no patch is currently available for affected versions.
SumatraPDF versions 3.5.2 and earlier are vulnerable to a heap buffer over-read in the MOBI file parser due to incomplete bounds validation in the HuffDic decompressor, allowing attackers to crash the application by opening a malicious .mobi file. Public exploit code exists for this vulnerability. Local user interaction is required to trigger the vulnerability, and while denial of service is the primary impact, the out-of-bounds read could potentially leak sensitive memory contents.
SumatraPDF 3.5.2 and earlier on Windows allows arbitrary code execution when a user opens a PDF and selects "Show in folder," as the application executes a malicious explorer.exe binary from the same directory without warning. Public exploit code exists for this vulnerability, which affects any user who opens untrusted PDFs and interacts with the file menu option. An attacker can achieve code execution with the privileges of the victim's user account through a simple social engineering attack.
Dell Display and Peripheral Manager before version 2.2 on Windows contains an insecure link resolution flaw that allows local attackers with low privileges to escalate their access through the installer or service. An authenticated user can exploit improper symlink handling to gain elevated permissions on the system. No patch is currently available for this vulnerability.
Windows services registered by Oki Electric Industry, Ricoh, and Murata Machinery products use unquoted file paths, allowing a local user with write access to the system drive root to achieve arbitrary code execution with SYSTEM privileges. This vulnerability requires elevated permissions and local access to exploit, making it primarily a privilege escalation risk in multi-user environments. No patch is currently available for affected products.
SprintWork 2.3.1 contains multiple local privilege escalation vulnerabilities through insecure file, service, and folder permissions on Windows systems. [CVSS 6.2 MEDIUM]
Remote code execution in Calibre prior to version 9.2.0 through a path traversal flaw in the CHM reader allows local attackers to write arbitrary files with user permissions, enabling payload execution via the Windows Startup folder. Public exploit code exists for this vulnerability. Windows users should upgrade to Calibre 9.2.0 or later to remediate the risk.
Stored cross-site scripting in Xerox CentreWare Web through version 7.0.6 enables attackers to inject malicious scripts that persist on the application and execute in users' browsers. An attacker with local access and user interaction can compromise confidentiality and potentially modify data within the CentreWare environment. No patch is currently available; upgrading to version 7.2.2.25 or later is recommended as a mitigation.
Improper access control in TeamViewer clients (Windows, macOS, Linux) before version 15.74.5 permits authenticated remote users to circumvent confirmation-based access restrictions during active sessions. An attacker with valid remote session credentials can gain unauthorized access without triggering the expected local confirmation prompt, requiring only prior authentication via ID/password, session link, or Easy Access.
Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation FREQSHIP-mini for Windows versions 8.0.0 to 8.0.2 allows a local attacker to execute arbitrary code with system privileges by replacing service executable files (EXE) or DLLs in the installation directory with specially crafted files. As a result, the attacker may be able to disclose, tamper with, delete, or destroy information stored on the PC where the affected product is installed, or cause a Denial of Service (...
multiple Windows services contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).
NETGATE Data Backup 3.0.620 contains an unquoted service path vulnerability in its NGDatBckpSrv Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific directory locations. [CVSS 7.8 HIGH]
Amiti Antivirus 25.0.640 contains an unquoted service path vulnerability in its Windows service configurations. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges by placing executable files in specific directory locations. [CVSS 7.8 HIGH]
A vulnerability exists in BIG-IP Edge Client and browser VPN clients on Windows that may allow attackers to gain access to sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated [CVSS 3.3 LOW]
Docker Desktop for Windows contains multiple incorrect permission assignment vulnerabilities in the installer's handling of the C:\ProgramData\DockerDesktop directory. [CVSS 6.7 MEDIUM]
Pc Helpsoft Driver Updater versions up to 9.1.57803.1174 is affected by improper access control (CVSS 7.8).
Anydesk versions up to 5.4.0 contains a vulnerability that allows attackers to potentially inject malicious executables (CVSS 7.8).
Signal K Server versions prior to 2.20.3 on Windows contain a path traversal vulnerability in the applicationData API that allows authenticated users to read, write, and list arbitrary files by bypassing directory validation using backslashes. The vulnerability exists because the validateAppId() function only blocks forward slashes, allowing attackers to escape the intended applicationData directory through Windows path semantics. Public exploit code exists for this medium-severity flaw, and a patch is available in version 2.20.3.
A medium-severity vulnerability has been identified in BeyondTrust Privilege Management for Windows versions <=25.7.
DeepMgmtService contains a vulnerability that allows attackers to potentially execute code with elevated privileges (CVSS 7.8).
OpenCTI 3.3.1 is vulnerable to a reflected cross-site scripting (XSS) attack via the /graphql endpoint. An attacker can inject arbitrary JavaScript code by sending a crafted GET request with a malicious payload in the query string, leading to execution of JavaScript in the victim's browser. [CVSS 5.4 MEDIUM]
OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthenticated attacker can read arbitrary files from the filesystem by sending crafted GET requests with path traversal sequences (e.g., '../') in the URL. [CVSS 7.5 HIGH]
Port Forwarding Wizard 4.8.0 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code through a long request in the Register feature. [CVSS 8.4 HIGH]
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query with XML columns. [CVSS 6.5 MEDIUM]
Db2 contains a vulnerability that allows attackers to an authenticated user to cause a denial of service due to improper neutralizatio (CVSS 5.3).
Db2 contains a vulnerability that allows attackers to cause a denial of service due to insufficient validation of special elements in (CVSS 6.5).
Db2 contains a vulnerability that allows attackers to cause a denial of service due to improper neutralization of special elements in (CVSS 6.5).
Db2 contains a vulnerability that allows attackers to a local user to cause a denial of service due to improper neutralization of spec (CVSS 6.5).
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 - 11.5.9 could allow an authenticated user to cause a denial of service when given specially crafted query. [CVSS 6.5 MEDIUM]
Db2 contains a vulnerability that allows attackers to a local user with filesystem access to escalate their privileges due to the use (CVSS 8.4).
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service by executing a query that invokes the JSON_Object scalar function, which may trigger an unhandled exception leading to abnormal server termination. [CVSS 6.5 MEDIUM]
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 under specific configuration of cataloged remote storage aliases could allow an authenticated user to execute unauthorized commands due to an authorization bypass vulnerability using a user-controlled key. [CVSS 6.8 MEDIUM]
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic. [CVSS 6.2 MEDIUM]
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 could allow an instance owner to execute malicious code that escalate their privileges to root due to execution of unnecessary privileges operated at a higher than minimum level. [CVSS 7.2 HIGH]
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to cause a denial of service when copying large table containing XML data due to improper allocation of system resources. [CVSS 6.2 MEDIUM]
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service due to improper allocation of resources. [CVSS 6.5 MEDIUM]
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a denial of service as a trap may occur when selecting from certain types of tables. [CVSS 6.5 MEDIUM]
Db2 contains a vulnerability that allows attackers to an authenticated user to cause a denial of service due to excessive use of a glo (CVSS 6.5).
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service using a specially crafted SQL statement including XML that performs uncontrolled recursion. [CVSS 6.5 MEDIUM]
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 is vulnerable to a denial of service as the server may crash when an authenticated user creates a specially crafted query. [CVSS 6.5 MEDIUM]
its Windows service configuration. Local attackers can exploit the unquoted path to inject malicious code contains a security vulnerability (CVSS 7.8).
Chef InSpec versions up to 5.23 and before 7.0.107 creates named pipes with overly permissive default Windows access controls.
Local Admin Service versions up to 1.2.7.23180 is affected by execution with unnecessary privileges (CVSS 7.8).
Icinga PowerShell Framework versions prior to 1.13.4, 1.12.4, and 1.11.2 expose private certificate keys due to overly permissive directory permissions that allow all local users read access to the certificate folder. A local attacker with user-level privileges can retrieve these private keys to impersonate the Icinga service or intercept monitoring communications. No patch is currently available; manual ACL restrictions on the certificate directory are required as a temporary mitigation.
Icinga 2 on Windows versions 2.3.0 through 2.15.1 fail to properly restrict file permissions on the `%ProgramData%\icinga2\var` directory, allowing any local user to read sensitive data including private keys and synchronized configurations. All Windows installations are affected, and attackers with local access can extract cryptographic material and configuration details for lateral movement or further compromise. Patches are available in versions 2.13.14, 2.14.8, and 2.15.2, with workarounds available through updated Icinga for Windows packages or manual ACL remediation.
Stack buffer overflow in Free MP3 CD Ripper 2.8 allows remote code execution via crafted WAV files. PoC available.
Log timestamp tampering in TeamViewer DEX Client versions prior to 26.1 allows adjacent network attackers to inject malicious UDP Sync commands that corrupt event timestamps, undermining log integrity and forensic investigation capabilities. This input validation flaw affects Windows deployments of the NomadBranch service and could enable attackers to obscure the timeline of malicious activities or create misleading audit trails. No patch is currently available for this medium-severity vulnerability.
TeamViewer DEX Client versions before 26.1 contain an out-of-bounds read in the Content Distribution Service that enables remote attackers to leak stack memory and trigger denial of service without authentication. Successful exploitation could disclose memory contents useful for bypassing address space layout randomization and chaining with other vulnerabilities. No patch is currently available for this medium-severity flaw affecting Windows deployments.
Information disclosure and denial-of-service in TeamViewer DEX Client versions before 26.1 allows adjacent network attackers to trigger an out-of-bounds read via specially crafted packets, potentially leaking sensitive memory that could be leveraged to bypass ASLR protections. Affected Windows systems running the NomadBranch.exe content distribution service are vulnerable to attacks requiring only network proximity, with no authentication or user interaction needed.
Denial-of-service in TeamViewer DEX Client versions prior to 26.1 allows adjacent network attackers to crash the NomadBranch.exe service by sending specially crafted UDP packets that trigger a heap buffer overflow. The vulnerability stems from an integer underflow in the UDP command handler that can be exploited without authentication or user interaction. Currently, no patch is available and the attack requires network adjacency to the affected system.
Log tampering in TeamViewer DEX Client versions prior to 26.1 allows adjacent network attackers to inject, modify, or forge entries in the NomadBranch.log file through the UDP network handler, compromising log integrity and audit trail reliability. An attacker with network access can send crafted packets to the Content Distribution Service to manipulate logging records without authentication, potentially obscuring malicious activity or creating false audit entries.
Nessus Agent on Windows systems contains improper file permission controls that allow local authenticated users to trigger denial of service attacks against the agent process. The vulnerability requires local access with standard user privileges and could disrupt security monitoring capabilities on affected hosts. No patch is currently available for this issue.
Local privilege escalation in Genetec Sipelia Plugin. An authenticated low-privileged Windows user could exploit this vulnerability to gain elevated privileges on the affected system.
Improper Certificate Validation vulnerability in Thales SafeNet Agent for Windows Logon on Windows allows Signature Spoofing by Improper Validation.This issue affects SafeNet Agent for Windows Logon: 4.0.0, 4.1.1, 4.1.2.
Privilege escalation in Dell iDRAC Service Module (Windows versions before 6.0.3.1 and Linux versions before 5.4.1.1) stems from improper access controls that allow local users with low privileges to gain elevated system access. An attacker with local access can exploit this vulnerability to obtain administrative capabilities on affected systems. No patch is currently available for this issue affecting both Windows and Linux environments.
Stack overflow in Torrent FLV Converter 1.51 Build 117 via SEH overwrite. PoC available.
An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to PAN-OS using expired certificates even if the PAN-OS configuration would not normally permit them to do so.
Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in the Mikogo-Service Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific path locations. [CVSS 7.8 HIGH]
its Windows service configuration contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).
GE Vernova Enervista UR Setup version 8.6 and earlier on Windows contains a vulnerability allowing high-privileged local attackers to modify system integrity without user interaction. An attacker with administrative privileges could exploit this flaw to alter critical configuration or data, though no patch is currently available.
A vulnerability in GE Vernova Enervista UR Setup on Windows allows File Manipulation.This issue affects Enervista: 8.6 and prior versions. [CVSS 2.9 LOW]
Unauthenticated attackers can read sensitive configuration files from SiYuan knowledge management systems prior to version 3.5.5 by exploiting case-sensitivity bypass in file access controls on Windows and other case-insensitive filesystems. The /api/file/getFile endpoint fails to properly validate mixed-case path traversal attempts, allowing unauthorized access to protected data. Public exploit code exists for this vulnerability, and no patch is currently available.
Windows App for Mac is susceptible to privilege escalation through improper symbolic link resolution, enabling authenticated local attackers to bypass access controls and gain elevated privileges. The vulnerability stems from insufficient validation during file operations and requires low-level user privileges and specific system conditions to exploit. No patch is currently available.
Windows Shell contains a protection mechanism failure (CVE-2026-21510, CVSS 8.8) that allows unauthenticated remote attackers to bypass security features over a network. KEV-listed, this vulnerability in the core Windows Shell component enables remote code execution by circumventing security boundaries designed to prevent execution of untrusted content received from the network.
Windows Storage component contains an authentication bypass that enables authenticated local users to escalate privileges on Windows 10, Windows 11, and Windows Server 2016/2019 systems. An attacker with valid local credentials can exploit this vulnerability to gain elevated system access without user interaction. No patch is currently available for this HIGH severity issue affecting multiple Windows versions.
Windows Hyper-V fails to properly enforce access controls, enabling local authenticated users to circumvent security features and gain unauthorized system access. This high-severity flaw affects Windows 10, Windows 11, Windows Server 2022, and Hyper-V implementations, allowing privileged attackers to escalate privileges across system boundaries. No patch is currently available for this vulnerability.
Privilege escalation in Windows Cluster Client Failover exploits a use-after-free memory vulnerability, enabling authenticated local users to gain elevated system privileges. The flaw affects Windows Server 2016, 2019, and 2025 installations where an attacker with existing local access can trigger the vulnerability through the failover clustering component. No patch is currently available for this high-severity vulnerability.
Windows HTTP.sys contains an unsafe pointer dereference vulnerability that enables authenticated local attackers to escalate privileges on affected systems including Windows 11, Windows Server 2025, and related versions. An attacker with local user access can exploit this flaw to gain system-level privileges with high confidence in successful exploitation. No patch is currently available for this vulnerability.
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing locally. [CVSS 3.3 LOW]
Heap overflow in Windows Hyper-V enables authenticated local users to achieve arbitrary code execution with high privileges on affected Windows and Windows Server systems. An attacker with local access and user-level permissions can trigger memory corruption through user interaction to compromise system integrity and confidentiality. This vulnerability affects Windows 10 1809, Windows Server 2025, and related Hyper-V implementations with no patch currently available.
Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally. [CVSS 7.3 HIGH]
Windows Kernel heap overflow in Windows 11 25h2 and Windows Server 2025 enables authenticated local attackers to achieve privilege escalation with high impact on confidentiality, integrity, and availability. The vulnerability requires local access and user privileges but no user interaction, making it a practical attack vector for lateral movement within systems. No patch is currently available, leaving affected systems exposed until remediation is released.
Heap overflow in Windows Hyper-V enables authenticated local users to achieve arbitrary code execution with high privileges (CVSS 7.3). Exploitation requires user interaction and local system access, affecting Windows 10 1809 and Windows Server 2025. No patch is currently available.
Windows LDAP service in Server 2022 and 2022 23H2 is vulnerable to denial of service through a null pointer dereference that can be triggered remotely without authentication. An attacker can exploit this flaw over the network to crash the LDAP service and disrupt directory access functionality. No patch is currently available for this vulnerability.
Windows Subsystem for Linux contains a use-after-free vulnerability that enables local privilege escalation for authenticated users. An attacker with valid local access could exploit this memory safety flaw to gain elevated system privileges on affected Windows Server 2022 systems.
Windows Ancillary Function Driver for WinSock in Windows 11 23h2 and Windows Server 2022 23h2 contains a use-after-free vulnerability that allows authenticated local users to achieve privilege escalation. An attacker with local access and valid credentials can trigger the memory safety flaw to gain elevated system privileges. No patch is currently available for this HIGH severity vulnerability.
Windows HTTP.sys contains a race condition between privilege checks and resource access that enables local authenticated users to escalate privileges on Windows 10 21H2, Windows 11 23H2, and Windows Server 2025. An attacker with valid credentials can exploit this timing vulnerability to gain system-level access. No patch is currently available for this vulnerability.
Privilege escalation via heap buffer overflow in Windows Kernel (Windows 10 21H2, Windows Server 2016) allows authenticated local users to gain elevated system privileges. The vulnerability requires local access and user-level permissions, making it exploitable by authorized account holders to bypass security boundaries. No patch is currently available for this issue.
Privilege escalation in the Windows Ancillary Function Driver for WinSock affects Windows 11 and Windows Server 2022/2019, allowing authenticated local users to gain elevated system privileges. The vulnerability stems from improper access control mechanisms and currently lacks a patch. An authenticated attacker with local access can exploit this to achieve full system compromise.
Local privilege escalation in Windows Subsystem for Linux affects Windows 11 23h2 and Windows 10 22h2 through a race condition in shared resource synchronization. An authenticated local attacker can exploit this vulnerability to gain elevated privileges on the system. No patch is currently available for this vulnerability.
Windows Ancillary Function Driver for WinSock contains a heap buffer overflow vulnerability that enables authenticated local users to achieve privilege escalation on affected Windows 10 and Server 2012 systems. An attacker with valid user credentials can exploit this memory corruption flaw to execute arbitrary code with elevated privileges. No patch is currently available for this vulnerability.
Local privilege escalation in Windows Connected Devices Platform Service exploits a race condition in resource synchronization, allowing authenticated attackers to gain elevated privileges on affected Windows systems including Server 2022, Windows 11 25h2, and Windows 10 21h2. The vulnerability requires local access and user interaction is not needed, making it a practical attack vector for users with standard privileges. No patch is currently available.
Windows HTTP.sys contains an untrusted pointer dereference vulnerability that enables authenticated local users to escalate privileges on Windows 11 and Windows Server 2022/2025 systems. An attacker with valid credentials can exploit this flaw to gain elevated access without user interaction. No patch is currently available for this HIGH severity issue affecting multiple Windows versions.
Windows Kernel privilege escalation vulnerability in Windows 10 21H2 and Windows Server 2012 stems from improper synchronization of concurrent access to shared resources, enabling local authenticated users to gain elevated system privileges. The race condition can be triggered without user interaction and impacts confidentiality, integrity, and availability of the affected system. No patch is currently available.
Windows Kernel inadvertently logs sensitive information accessible to authenticated local users, enabling information disclosure attacks. This medium-severity vulnerability affects Windows 10 22H2, Windows 11 23H2, and 24H2, as well as Linux systems, allowing authorized attackers with local access to retrieve confidential data. No patch is currently available for this issue.
Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network. [CVSS 7.5 HIGH]
Local code execution in Windows Notepad stems from inadequate sanitization of command metacharacters, enabling authenticated users to execute arbitrary commands through specially crafted input. The vulnerability requires user interaction and local access, making it exploitable by attackers with limited system privileges. No patch is currently available.
Forticlient versions up to 7.4.4 is affected by improper link resolution before file access (CVSS 7.1).
A flaw has been found in Artifex MuPDF versions up to 1.26.1 is affected by untrusted search path (CVSS 7.0).
SumatraPDF versions 3.5.0 through 3.5.2 fail to validate TLS certificates during software updates and execute installers without signature verification, allowing network attackers to perform man-in-the-middle attacks and inject malicious code. An attacker with any valid TLS certificate can intercept update requests and redirect users to a malicious installer, achieving arbitrary code execution on Windows systems. Public exploit code exists for this vulnerability and no patch is currently available.
PowerDocu versions prior to 2.4.0 allow arbitrary .NET object instantiation and code execution through unsafe deserialization of the $type property in JSON files within Flow or App packages. A local attacker with user interaction can exploit this vulnerability to achieve full system compromise. Public exploit code exists for this vulnerability, and no patch is currently available for affected versions.
SumatraPDF versions 3.5.2 and earlier are vulnerable to a heap buffer over-read in the MOBI file parser due to incomplete bounds validation in the HuffDic decompressor, allowing attackers to crash the application by opening a malicious .mobi file. Public exploit code exists for this vulnerability. Local user interaction is required to trigger the vulnerability, and while denial of service is the primary impact, the out-of-bounds read could potentially leak sensitive memory contents.
SumatraPDF 3.5.2 and earlier on Windows allows arbitrary code execution when a user opens a PDF and selects "Show in folder," as the application executes a malicious explorer.exe binary from the same directory without warning. Public exploit code exists for this vulnerability, which affects any user who opens untrusted PDFs and interacts with the file menu option. An attacker can achieve code execution with the privileges of the victim's user account through a simple social engineering attack.
Dell Display and Peripheral Manager before version 2.2 on Windows contains an insecure link resolution flaw that allows local attackers with low privileges to escalate their access through the installer or service. An authenticated user can exploit improper symlink handling to gain elevated permissions on the system. No patch is currently available for this vulnerability.
Windows services registered by Oki Electric Industry, Ricoh, and Murata Machinery products use unquoted file paths, allowing a local user with write access to the system drive root to achieve arbitrary code execution with SYSTEM privileges. This vulnerability requires elevated permissions and local access to exploit, making it primarily a privilege escalation risk in multi-user environments. No patch is currently available for affected products.
SprintWork 2.3.1 contains multiple local privilege escalation vulnerabilities through insecure file, service, and folder permissions on Windows systems. [CVSS 6.2 MEDIUM]
Remote code execution in Calibre prior to version 9.2.0 through a path traversal flaw in the CHM reader allows local attackers to write arbitrary files with user permissions, enabling payload execution via the Windows Startup folder. Public exploit code exists for this vulnerability. Windows users should upgrade to Calibre 9.2.0 or later to remediate the risk.
Stored cross-site scripting in Xerox CentreWare Web through version 7.0.6 enables attackers to inject malicious scripts that persist on the application and execute in users' browsers. An attacker with local access and user interaction can compromise confidentiality and potentially modify data within the CentreWare environment. No patch is currently available; upgrading to version 7.2.2.25 or later is recommended as a mitigation.
Improper access control in TeamViewer clients (Windows, macOS, Linux) before version 15.74.5 permits authenticated remote users to circumvent confirmation-based access restrictions during active sessions. An attacker with valid remote session credentials can gain unauthorized access without triggering the expected local confirmation prompt, requiring only prior authentication via ID/password, session link, or Easy Access.
Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation FREQSHIP-mini for Windows versions 8.0.0 to 8.0.2 allows a local attacker to execute arbitrary code with system privileges by replacing service executable files (EXE) or DLLs in the installation directory with specially crafted files. As a result, the attacker may be able to disclose, tamper with, delete, or destroy information stored on the PC where the affected product is installed, or cause a Denial of Service (...
multiple Windows services contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).
NETGATE Data Backup 3.0.620 contains an unquoted service path vulnerability in its NGDatBckpSrv Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific directory locations. [CVSS 7.8 HIGH]
Amiti Antivirus 25.0.640 contains an unquoted service path vulnerability in its Windows service configurations. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges by placing executable files in specific directory locations. [CVSS 7.8 HIGH]
A vulnerability exists in BIG-IP Edge Client and browser VPN clients on Windows that may allow attackers to gain access to sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated [CVSS 3.3 LOW]
Docker Desktop for Windows contains multiple incorrect permission assignment vulnerabilities in the installer's handling of the C:\ProgramData\DockerDesktop directory. [CVSS 6.7 MEDIUM]
Pc Helpsoft Driver Updater versions up to 9.1.57803.1174 is affected by improper access control (CVSS 7.8).
Anydesk versions up to 5.4.0 contains a vulnerability that allows attackers to potentially inject malicious executables (CVSS 7.8).
Signal K Server versions prior to 2.20.3 on Windows contain a path traversal vulnerability in the applicationData API that allows authenticated users to read, write, and list arbitrary files by bypassing directory validation using backslashes. The vulnerability exists because the validateAppId() function only blocks forward slashes, allowing attackers to escape the intended applicationData directory through Windows path semantics. Public exploit code exists for this medium-severity flaw, and a patch is available in version 2.20.3.
A medium-severity vulnerability has been identified in BeyondTrust Privilege Management for Windows versions <=25.7.
DeepMgmtService contains a vulnerability that allows attackers to potentially execute code with elevated privileges (CVSS 7.8).
OpenCTI 3.3.1 is vulnerable to a reflected cross-site scripting (XSS) attack via the /graphql endpoint. An attacker can inject arbitrary JavaScript code by sending a crafted GET request with a malicious payload in the query string, leading to execution of JavaScript in the victim's browser. [CVSS 5.4 MEDIUM]
OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthenticated attacker can read arbitrary files from the filesystem by sending crafted GET requests with path traversal sequences (e.g., '../') in the URL. [CVSS 7.5 HIGH]
Port Forwarding Wizard 4.8.0 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code through a long request in the Register feature. [CVSS 8.4 HIGH]
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query with XML columns. [CVSS 6.5 MEDIUM]
Db2 contains a vulnerability that allows attackers to an authenticated user to cause a denial of service due to improper neutralizatio (CVSS 5.3).
Db2 contains a vulnerability that allows attackers to cause a denial of service due to insufficient validation of special elements in (CVSS 6.5).
Db2 contains a vulnerability that allows attackers to cause a denial of service due to improper neutralization of special elements in (CVSS 6.5).
Db2 contains a vulnerability that allows attackers to a local user to cause a denial of service due to improper neutralization of spec (CVSS 6.5).
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 - 11.5.9 could allow an authenticated user to cause a denial of service when given specially crafted query. [CVSS 6.5 MEDIUM]
Db2 contains a vulnerability that allows attackers to a local user with filesystem access to escalate their privileges due to the use (CVSS 8.4).
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service by executing a query that invokes the JSON_Object scalar function, which may trigger an unhandled exception leading to abnormal server termination. [CVSS 6.5 MEDIUM]
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 under specific configuration of cataloged remote storage aliases could allow an authenticated user to execute unauthorized commands due to an authorization bypass vulnerability using a user-controlled key. [CVSS 6.8 MEDIUM]
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic. [CVSS 6.2 MEDIUM]
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 could allow an instance owner to execute malicious code that escalate their privileges to root due to execution of unnecessary privileges operated at a higher than minimum level. [CVSS 7.2 HIGH]
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to cause a denial of service when copying large table containing XML data due to improper allocation of system resources. [CVSS 6.2 MEDIUM]
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service due to improper allocation of resources. [CVSS 6.5 MEDIUM]
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a denial of service as a trap may occur when selecting from certain types of tables. [CVSS 6.5 MEDIUM]
Db2 contains a vulnerability that allows attackers to an authenticated user to cause a denial of service due to excessive use of a glo (CVSS 6.5).
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service using a specially crafted SQL statement including XML that performs uncontrolled recursion. [CVSS 6.5 MEDIUM]
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 is vulnerable to a denial of service as the server may crash when an authenticated user creates a specially crafted query. [CVSS 6.5 MEDIUM]
its Windows service configuration. Local attackers can exploit the unquoted path to inject malicious code contains a security vulnerability (CVSS 7.8).
Chef InSpec versions up to 5.23 and before 7.0.107 creates named pipes with overly permissive default Windows access controls.
Local Admin Service versions up to 1.2.7.23180 is affected by execution with unnecessary privileges (CVSS 7.8).
Icinga PowerShell Framework versions prior to 1.13.4, 1.12.4, and 1.11.2 expose private certificate keys due to overly permissive directory permissions that allow all local users read access to the certificate folder. A local attacker with user-level privileges can retrieve these private keys to impersonate the Icinga service or intercept monitoring communications. No patch is currently available; manual ACL restrictions on the certificate directory are required as a temporary mitigation.
Icinga 2 on Windows versions 2.3.0 through 2.15.1 fail to properly restrict file permissions on the `%ProgramData%\icinga2\var` directory, allowing any local user to read sensitive data including private keys and synchronized configurations. All Windows installations are affected, and attackers with local access can extract cryptographic material and configuration details for lateral movement or further compromise. Patches are available in versions 2.13.14, 2.14.8, and 2.15.2, with workarounds available through updated Icinga for Windows packages or manual ACL remediation.
Stack buffer overflow in Free MP3 CD Ripper 2.8 allows remote code execution via crafted WAV files. PoC available.
Log timestamp tampering in TeamViewer DEX Client versions prior to 26.1 allows adjacent network attackers to inject malicious UDP Sync commands that corrupt event timestamps, undermining log integrity and forensic investigation capabilities. This input validation flaw affects Windows deployments of the NomadBranch service and could enable attackers to obscure the timeline of malicious activities or create misleading audit trails. No patch is currently available for this medium-severity vulnerability.
TeamViewer DEX Client versions before 26.1 contain an out-of-bounds read in the Content Distribution Service that enables remote attackers to leak stack memory and trigger denial of service without authentication. Successful exploitation could disclose memory contents useful for bypassing address space layout randomization and chaining with other vulnerabilities. No patch is currently available for this medium-severity flaw affecting Windows deployments.
Information disclosure and denial-of-service in TeamViewer DEX Client versions before 26.1 allows adjacent network attackers to trigger an out-of-bounds read via specially crafted packets, potentially leaking sensitive memory that could be leveraged to bypass ASLR protections. Affected Windows systems running the NomadBranch.exe content distribution service are vulnerable to attacks requiring only network proximity, with no authentication or user interaction needed.
Denial-of-service in TeamViewer DEX Client versions prior to 26.1 allows adjacent network attackers to crash the NomadBranch.exe service by sending specially crafted UDP packets that trigger a heap buffer overflow. The vulnerability stems from an integer underflow in the UDP command handler that can be exploited without authentication or user interaction. Currently, no patch is available and the attack requires network adjacency to the affected system.
Log tampering in TeamViewer DEX Client versions prior to 26.1 allows adjacent network attackers to inject, modify, or forge entries in the NomadBranch.log file through the UDP network handler, compromising log integrity and audit trail reliability. An attacker with network access can send crafted packets to the Content Distribution Service to manipulate logging records without authentication, potentially obscuring malicious activity or creating false audit entries.