Windows
Monthly
Privilege escalation in Windows Virtualization-Based Security (VBS) Enclave affects Windows 11 and Windows Server 2022 through a heap-based buffer overflow in memory management. An authenticated local attacker with high privileges can exploit this vulnerability to gain unauthorized system-level access. No patch is currently available for this medium-severity vulnerability (CVSS 6.7).
Remote denial of service in Windows LSASS affects Windows 10 and 11 through a null pointer dereference that an unauthenticated attacker can trigger over the network. The vulnerability causes service unavailability but does not enable code execution or data theft. No patch is currently available, leaving affected systems vulnerable until Microsoft releases a fix.
Privilege escalation in Windows Management Services on Windows 10 and 11 stems from improper synchronization of shared resources, enabling local authenticated attackers to gain elevated privileges. The race condition can be exploited without user interaction and impacts confidentiality, integrity, and availability across system boundaries. No patch is currently available for this vulnerability.
Privilege escalation in Windows Management Services (Windows 10/11) stems from improper synchronization of shared resources, allowing authenticated local users to gain elevated privileges through race condition exploitation. The vulnerability affects multiple Windows versions including 22H2 and 24H2 builds, with no patch currently available. An attacker with valid credentials can leverage this flaw to escalate from a standard user account to system-level access.
Windows NTLM authentication is vulnerable to path manipulation attacks that enable network-based spoofing when users interact with malicious content, affecting Windows 10 22H2 and Windows Server editions 2008-2016. An unauthenticated attacker can exploit improper file name or path validation to impersonate legitimate systems or services, potentially redirecting authentication requests to attacker-controlled resources. No patch is currently available for this vulnerability.
Local privilege escalation in Windows Desktop Window Manager (DWM) through use-after-free memory corruption affects Windows 10 22H2, Windows Server 2022, and Windows Server 2025. An authenticated local attacker can exploit this vulnerability to gain system-level privileges with no user interaction required. No patch is currently available for this high-severity vulnerability.
Privilege escalation in Windows Win32K ICOMP component via use-after-free memory corruption affects Windows 11 (24h2, 25h2) and Windows Server 2025. An authenticated local attacker can exploit this vulnerability to gain SYSTEM-level privileges with no user interaction required. Currently no patch is available and exploitation requires local access with user-level permissions.
Local privilege escalation in Windows Local Session Manager (LSM) across Windows 11 23h2, Windows Server 2012, and 2019 stems from improper synchronization in shared resource handling, enabling authenticated attackers to elevate privileges on affected systems. The vulnerability requires local access and specific timing conditions to exploit, with no patch currently available. This affects systems running the impacted Windows and Server editions where authenticated users may achieve system-level privileges.
Remote code execution in Windows RRAS affects Windows 10 21h2 and Windows Server 2022 variants through a heap-based buffer overflow triggered over the network without authentication. An attacker can exploit this vulnerability to execute arbitrary code with high privileges, though a user interaction is required to trigger the flaw. No patch is currently available, making this a critical risk for exposed systems.
Local privilege escalation in Windows Management Services affects Windows Server 2019, Windows 11 24h2, and Windows Server 2025 through improper synchronization of shared resources, enabling authenticated users to gain elevated system privileges. The vulnerability exploits a race condition that an attacker can trigger without user interaction, though no patch is currently available.
Windows Management Services on Windows 10 and Windows Server 2019 contains a race condition in shared resource synchronization that enables local privilege escalation for authenticated users. An attacker with local access can exploit improper locking mechanisms to gain elevated system privileges. No patch is currently available for this vulnerability.
Privilege escalation in Windows Management Services affects Windows 11 24H2, Windows Server 2022, and 2025 through a use-after-free memory vulnerability that allows authenticated local attackers to gain elevated system privileges. The vulnerability requires local access and manual user interaction is not required, making it exploitable by any authorized account on the system. Currently no patch is available to remediate this issue.
Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. [CVSS 7.0 HIGH]
Windows Management Services on Windows 10, 11, and Server 2022 expose sensitive information through an information disclosure vulnerability that allows authenticated local users to read confidential data. An attacker with valid credentials can exploit this to access information they should not be authorized to view, though no remote exploitation or system modification is possible. No patch is currently available for affected systems.
Windows Management Services on Windows 10 and Windows Server 2022 contain a race condition in shared resource handling that permits authenticated local attackers to escalate privileges to system level. The vulnerability stems from improper synchronization during concurrent operations and affects multiple Windows versions including Windows 10 22H2 and 1809. No patch is currently available for this high-severity issue (CVSS 7.8).
Windows 10 1607 is affected by access of resource using incompatible type (type confusion) (CVSS 7.8).
Kernel-mode driver use-after-free vulnerabilities in Windows 11 24H2 and Windows Server 2025 enable authenticated local attackers to achieve privilege escalation. An attacker with standard user privileges can exploit memory corruption in kernel drivers to gain SYSTEM-level access without user interaction. No patch is currently available.
Privilege escalation in Windows Management Services affects Windows 10, Windows 11, and Windows Server 2022 through a use-after-free memory vulnerability. An authenticated local attacker can exploit this flaw to gain elevated system privileges. Currently no patch is available and exploitation requires specific conditions to trigger.
Windows Cloud Files Mini Filter Driver contains an unsafe pointer dereference vulnerability that enables authenticated local users to achieve privilege escalation on affected Windows versions including Windows 10 1809, Windows 11, and Windows Server 2022. An attacker with valid credentials can exploit this flaw to gain elevated system privileges without user interaction. No patch is currently available for this high-severity vulnerability.
Remote code execution in Windows Server Update Service affects Windows 11 25h2, Windows Server 2025, 2022, and 2016 due to inadequate input validation, enabling unauthenticated network-based attackers to execute arbitrary code with high impact. The vulnerability requires specific conditions to exploit (high complexity) but carries significant risk across widely-deployed server infrastructure with no patch currently available.
Remote code execution in Windows LSASS (Local Security Authority Subsystem Service) on Windows 11 and Windows Server 2025 stems from a use-after-free memory vulnerability exploitable by authenticated attackers over the network. An attacker with valid credentials can trigger the flaw to execute arbitrary code with SYSTEM privileges, achieving complete system compromise. No patch is currently available, leaving affected systems vulnerable until Microsoft releases a security update.
Windows WalletService contains a race condition that permits local privilege escalation on Windows 10 and Windows 11 systems. An unauthenticated attacker with local access can exploit improper synchronization of shared resources to gain elevated privileges. No patch is currently available for this vulnerability.
Windows Hello privilege escalation on Windows 10, 11, and Server 2019 allows local attackers without credentials to tamper with system integrity through incorrect privilege assignment. The vulnerability requires local access but no user interaction, enabling unauthorized modifications to protected resources. No patch is currently available for this HIGH severity issue affecting multiple Windows versions.
Windows Kerberos authentication in multiple Windows versions accepts untrusted input during security decisions, enabling authenticated network attackers to escalate privileges without user interaction. The vulnerability affects Windows 10 (versions 1607 and 1809), Windows Server 2012, and Windows Server 2025, with no patch currently available. An attacker with valid credentials can exploit this to gain elevated system access across the network.
Privilege escalation via race condition in Windows SMB Server affects Windows 10 21h2, Windows 11 25h2, and Windows Server 2022 23h2, allowing authenticated attackers to gain elevated privileges over the network. The vulnerability stems from improper synchronization when handling concurrent access to shared resources, and no patch is currently available. With a CVSS score of 7.5, this poses a significant risk to organizations using affected Windows versions.
Windows Shell information disclosure in Windows 10, 11, and Server 2019/2022 permits authenticated network attackers to conduct spoofing attacks by accessing sensitive data. The vulnerability requires valid credentials and network access, with no active exploits currently documented. No patch is available at this time.
Windows Clipboard Server contains a use-after-free vulnerability affecting Windows 10 (versions 21H2 and 1809) and Windows Server 2022 (23H2) that enables local privilege escalation without requiring user interaction. An attacker with local access can exploit this memory safety flaw to gain elevated system privileges. No patch is currently available for this vulnerability.
Local privilege escalation in Windows RRAS affects Windows 10, Windows 11, and Windows Server 2022, allowing authenticated users to gain system-level access through improper access control mechanisms. An attacker with local user credentials can exploit this vulnerability to obtain elevated privileges on the affected system. No patch is currently available, leaving vulnerable systems at risk until Microsoft releases a security update.
Use after free in Windows DWM allows an authorized attacker to elevate privileges locally. [CVSS 7.0 HIGH]
Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally. [CVSS 7.8 HIGH]
Information disclosure in Windows Client-Side Caching Service allows authenticated local users to read sensitive data on affected systems including Windows 10, Windows 11, and Windows Server editions. An attacker with valid credentials can exploit improper access controls to access cached information without additional user interaction. No patch is currently available for this vulnerability.
Sensitive information disclosure in the Windows Kernel error message handling allows local authenticated users to read confidential data they shouldn't have access to. The vulnerability affects Windows and Windows Server 2022/2025 platforms and requires valid credentials to exploit, limiting its attack surface. No patch is currently available for this medium-severity issue.
Local code execution in Windows Media affects Windows 11 25h2, Windows Server 2019, and Windows Server 2025 through a heap buffer overflow that requires user interaction to trigger. An attacker with local access can exploit this vulnerability to achieve arbitrary code execution with full system privileges. No patch is currently available for this vulnerability.
Windows Shell path traversal vulnerability affecting Windows 10 21H2, Windows Server 2016, 2019, and 2022 allows an attacker with physical access to spoof system resources without requiring user interaction. The vulnerability has no patch available and poses a confidentiality risk through unauthorized information disclosure.
Windows Server 2008 versions up to - is affected by use of a broken or risky cryptographic algorithm (CVSS 5.5).
Privileged local attackers can exploit a use-after-free vulnerability in the Windows RPC IDL subsystem to gain system-level code execution on affected Windows 10, Windows 11, Windows Server 2016, and Windows Server 2022 systems. The vulnerability requires local access and valid credentials but allows complete compromise of the target system with no user interaction required. No patch is currently available, leaving vulnerable systems at risk.
Windows Ancillary Function Driver for WinSock contains a race condition that enables local privilege escalation on affected Windows systems including Server 2008, Server 2019, and Windows 10 22H2. An authenticated attacker can exploit this timing vulnerability to gain elevated privileges with high impact to confidentiality, integrity, and availability. No patch is currently available for this vulnerability.
Out-of-bounds read in Windows TPM allows an authorized attacker to disclose information locally. [CVSS 5.5 MEDIUM]
Windows Internet Connection Sharing (ICS) contains an out-of-bounds read vulnerability affecting Windows 7 through Windows 11 24H2 and Windows Server 2008-2019, enabling information disclosure through physical access to an affected system. An attacker with direct hardware access can exploit this flaw to read sensitive data from memory, though no patch is currently available. The attack requires physical presence and does not provide code execution or availability impact.
Information disclosure in Windows Tablet UI (TWINUI) subsystem allows authenticated local users to read sensitive data on affected Windows 11 and Windows Server systems. An attacker with local access can exploit this to retrieve confidential information without requiring user interaction. No patch is currently available for this medium-severity vulnerability.
Privilege escalation in Windows Tablet UI (TWINUI) subsystem on Windows 10, Windows Server 2022, and Windows Server 2025 stems from improper synchronization of shared resources, enabling authenticated local attackers to gain elevated privileges. The race condition vulnerability affects multiple Windows versions and currently has no available patch.
Improper access control in Windows Hyper-V enables privileged local users to read sensitive system information without authorization. The vulnerability affects Windows 10 (versions 21H2 and 22H2), Windows Server 2025, and Hyper-V implementations where an authenticated attacker with high privileges can bypass security controls to access confidential data. Currently no patch is available for this medium-severity issue.
Windows Remote Assistance contains a protection mechanism bypass that allows local attackers to circumvent a security feature without user interaction, affecting Windows 11 24h2, Windows Server 2012, 2022, and 2025. The vulnerability requires local access and user interaction to exploit, with potential impact limited to information disclosure. No patch is currently available for this medium-severity issue.
Information disclosure in Windows File Explorer enables local authenticated users to read sensitive data on affected Windows systems including Windows 10 and Windows Server 2025. An attacker with valid local credentials can exploit this vulnerability to access confidential information without requiring user interaction. No patch is currently available for this issue.
Windows RPC implementation leaks sensitive information to local attackers on Windows 10, Windows 11, and Windows Server 2022. An unauthenticated local attacker can exploit this information disclosure vulnerability without user interaction to access confidential data. No patch is currently available for this medium-severity vulnerability.
Heap buffer overflow in Windows Common Log File System Driver (affecting Windows 10 1607, Server 2016, and Server 2022 23h2) enables authenticated local users to achieve complete system compromise through privilege escalation. The vulnerability requires valid credentials but no user interaction, making it a direct path to administrative control for insiders or attackers with initial access. No patch is currently available, leaving affected systems at elevated risk pending remediation.
Improper pointer validation in Windows VBS Enclave allows authenticated local users to read sensitive information on Windows 11 systems across multiple versions. An attacker with local access and valid credentials can exploit this memory safety flaw to bypass enclave protections and disclose confidential data. No patch is currently available.
Windows Kernel inadvertently logs sensitive information to accessible log files, enabling local attackers to read confidential data on affected Windows and Linux systems. This information disclosure vulnerability requires no privileges or user interaction to exploit and impacts Windows Server 2016, 2022, and 2025 along with standard Windows installations. No patch is currently available for this medium-severity issue.
Windows Error Reporting on Windows 10, Windows 11, and Windows Server 2022 fails to properly validate user privileges, enabling local authenticated users to escalate to system-level access. An attacker with valid credentials can exploit this permission handling flaw to gain full control over the affected system. Currently no patch is available for this high-severity vulnerability (CVSS 7.8).
Windows Installer contains a time-of-check time-of-use race condition that allows authenticated local attackers to escalate privileges on Windows 10 1809, Windows 11 25h2, and Windows Server 2022 23h2. An attacker with local access can exploit the window between permission validation and file operation execution to gain elevated system access. No patch is currently available for this vulnerability.
Windows LDAP input validation bypass in Windows 10 21H2, Windows 11 24H2, and Windows Server 2022 23H2 enables authenticated network attackers to modify data integrity without detection. The vulnerability requires valid credentials and network access but does not provide elevation of privilege or confidentiality breaches. No patch is currently available for this medium-severity issue.
Local privilege escalation in Windows Win32K (ICOMP) via type confusion allows authenticated users to gain system-level access on Windows 11 and Windows Server 2025. The vulnerability affects multiple recent Windows versions with no available patch, requiring immediate mitigation strategies for at-risk environments. Exploitation requires local access but no user interaction, making it a significant risk for multi-user systems.
The Windows Ancillary Function Driver for WinSock contains an improper memory deallocation vulnerability (CWE-590) that allows authenticated local attackers to achieve privilege escalation on affected Windows 10 and Windows Server 2019 systems. An attacker with local user privileges can exploit this flaw to gain SYSTEM-level access without user interaction. No patch is currently available for this vulnerability.
Privilege escalation in Windows Kernel Memory affects Windows 10 21h2 and Windows Server 2022 23h2, exploitable by local authenticated users through a race condition between permission checks and memory access. An attacker with local access can leverage this window to gain elevated system privileges. No patch is currently available.
Desktop Windows Manager on Windows 10, Windows 11, and Windows Server 2022 leaks sensitive information to local authenticated users, enabling disclosure of confidential data without modifying or disrupting system functionality. This vulnerability is confirmed actively exploited and affects multiple Windows versions with no patch currently available. An authorized attacker can exploit this with minimal complexity to extract sensitive information from the system.
Windows Hello privilege elevation flaw in Windows 10 21h2, Windows Server 2019, 2022, and 2022 23h2 enables local attackers to modify system data without authorization. The vulnerability stems from improper privilege assignment that bypasses access controls, allowing an unauthenticated attacker with local access to tamper with protected resources. Currently no patch is available and exploitation requires only local access with no special conditions or user interaction.
Windows Deployment Services contains improper access control that enables unauthenticated attackers on an adjacent network to execute arbitrary code with high privileges on affected Windows and Windows Server systems. The vulnerability affects multiple Windows versions including Server 2012, 2019, and 2022 variants, with no patch currently available. An adjacent network attacker requires only network proximity to exploit this vulnerability, making lateral movement within networked environments a significant risk.
A vulnerability has been identified in the installation/uninstallation of the Nessus Agent Tray App on Windows Hosts which could lead to escalation of privileges. [CVSS 8.8 HIGH]
TinyWeb HTTP Server before 1.98 has OS command injection via CGI ISINDEX query parameters. The query string is passed as command-line arguments to CGI executables through Windows CreateProcess(), allowing unauthenticated RCE. Patch available.
Deserialization of Untrusted Data vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Object Injection.This issue affects DX NetOps Spectrum: 24.3.13 and earlier. [CVSS 8.8 HIGH]
Dependency on Vulnerable Third-Party Component vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows DOM-Based XSS.This issue affects DX NetOps Spectrum: 24.3.9 and earlier. [CVSS 6.1 MEDIUM]
Authorization Bypass Through User-Controlled Key vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Privilege Escalation.This issue affects DX NetOps Spectrum: 24.3.10 and earlier. [CVSS 8.8 HIGH]
Improper Authentication vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Authentication Bypass.This issue affects DX NetOps Spectrum: 24.3.10 and earlier. [CVSS 7.5 HIGH]
Cleartext Transmission of Sensitive Information vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 21.2.1 and earlier. [CVSS 7.5 HIGH]
Insufficiently Protected Credentials vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 24.3.13 and earlier. [CVSS 7.5 HIGH]
Broadcom DX NetOps Spectrum (24.3.8 and earlier) exposes session tokens in URL query strings, enabling session hijacking through browser history, referer headers, or proxy logs.
Broadcom DX NetOps Spectrum (23.3.6 and earlier) has unauthenticated OS command injection on both Windows and Linux platforms. As a network management system, compromise gives attackers visibility and control over the entire monitored infrastructure.
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Reflected XSS.This issue affects DX NetOps Spectrum: 24.3.8 and earlier. [CVSS 6.1 MEDIUM]
Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Path Traversal.This issue affects DX NetOps Spectrum: 24.3.8 and earlier. [CVSS 6.5 MEDIUM]
Salesforce Uni2TS time series forecasting library (through 1.2.0) has a code injection vulnerability that allows leveraging executable code in non-executable files across all platforms.
Exposure of sensitive information in the TeamViewer entry dashboard component in Devolutions Remote Desktop Manager 2025.3.24.0 through 2025.3.28.0 on Windows allows an external observer to view a password on screen via a defective masking feature, for example during physical observation or screen sharing. [CVSS 3.3 LOW]
Werkzeug versions prior to 3.1.5 fail to properly validate Windows reserved device names in the safe_join function, allowing attackers to bypass path restrictions by using device names with file extensions or trailing spaces (e.g., CON.txt, AUX ). This denial of service vulnerability affects Windows systems running vulnerable Werkzeug versions and could allow an unauthenticated remote attacker to access restricted files or cause application crashes. A patch is available in version 3.1.5 and later.
An issue was discovered in Nitro PDF Pro for Windows before 14.42.0.34. In certain cases, it displays signer information from a non-verified PDF field rather than from the verified certificate subject. [CVSS 5.5 MEDIUM]
Arbitrary command execution in Greenshot 1.3.310 and earlier stems from insufficient input validation in filename processing, where unsanitized user-supplied filenames are passed directly to shell commands. An attacker can exploit this through a malicious filename containing shell metacharacters to achieve local code execution with user privileges. Public exploit code exists for this vulnerability; users should upgrade to version 1.3.311 or later.
Stored cross-site scripting (XSS, CWE-79) in the survey content and administration functionality in Data Illusion Zumbrunn NGSurvey Enterprise Edition 3.6.4 on all supported platforms ( on Windows and Linux servers ) allows authenticated remote users with survey creation or edit privileges to execute arbitrary JavaScript in other users’ browsers, steal session information and perform unauthorized actions on their behalf via crafted survey content that is rendered without proper output encoding. [CVSS 5.4 MEDIUM]
Fujitsu Security Solution AuthConductor Client Basic V2 version 2.0.25.0 and earlier contains an origin validation flaw that allows authenticated local attackers to execute arbitrary code with SYSTEM privileges and modify registry values. An attacker with login access to an affected Windows system can exploit this vulnerability to achieve complete system compromise. No patch is currently available.
Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard on Windows (Nios II Command Shell modules), Altera Quartus Prime Lite on Windows (Nios II Command Shell modules) allows Search Order Hijacking.This issue affects Quartus Prime Standard: from 19.1 through 24.1; Quartus Prime Lite: from 19.1 through 24.1. [CVSS 6.7 MEDIUM]
Insecure Temporary File vulnerability in Altera Quartus Prime Standard Installer (SFX) on Windows, Altera Quartus Prime Lite Installer (SFX) on Windows allows Explore for Predictable Temporary File Names.This issue affects Quartus Prime Standard: from 23.1 through 24.1; Quartus Prime Lite: from 23.1 through 24.1. [CVSS 6.7 MEDIUM]
Unverified Password Change vulnerability in Progress MOVEit Transfer on Windows (REST API modules).This issue affects MOVEit Transfer: from 2023.1.0 before 2023.1.3, from 2023.0.0 before 2023.0.8, from 2022.1.0 before 2022.1.11, from 2022.0.0 before 2022.0.10. [CVSS 3.7 LOW]
Insecure Temporary File vulnerability in Altera Quartus Prime Pro Installer (SFX) on Windows allows : Use of Predictable File Names.This issue affects Quartus Prime Pro: from 24.1 through 25.1.1. [CVSS 6.7 MEDIUM]
Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro on Windows (System Console modules) allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 17.0 through 25.1.1. [CVSS 6.7 MEDIUM]
Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard Installer (SFX) on Windows, Altera Quartus Prime Lite Installer (SFX) on Windows allows Search Order Hijacking.This issue affects Quartus Prime Standard: from 23.1 through 24.1; Quartus Prime Lite: from 23.1 through 24.1. [CVSS 6.7 MEDIUM]
Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro Installer (SFX) on Windows allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 24.1 through 24.3.1. [CVSS 6.7 MEDIUM]
An issue was discovered in Samsung Magician 6.3.0 through 8.3.2 on Windows. The installer creates a temporary folder with weak permissions during installation, allowing a non-admin user to perform DLL hijacking and escalate privileges. [CVSS 7.8 HIGH]
Bitdefender Total Security, Antivirus, Internet Security, and Endpoint Security Tools prior to version 27.0.47.241 allow local attackers with low privileges to execute arbitrary code as SYSTEM through a complex attack chain. The bdservicehost.exe service deletes files from C:\ProgramData\Atc\Feedback without validating symbolic links (CWE-59), enabling arbitrary file deletion that attackers chain with network-triggered file copy operations and filter driver bypass via DLL injection to achieve full privilege escalation. EPSS indicates 0.02% exploitation probability (6th percentile), and no public exploit code or active exploitation has been identified at time of analysis. Vendor has released patches addressing this multi-stage local escalation vector.
A remote code execution vulnerability (CVSS 6.7). Remediation should follow standard vulnerability management procedures.
In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix uaf in proc_readdir_de() Pde is erased from subdir rbtree through rb_erase(), but not set the node to EMPTY, which may result in uaf access. We should use RB_CLEAR_NODE() set the erased node to EMPTY, then pde_subdir_next() will return NULL to avoid uaf access. We found an uaf issue while using stress-ng testing, need to run testcase getdent and tun in the same time. The steps of the issue is as follows: 1) use getdent to traverse dir /proc/pid/net/dev_snmp6/, and current pde is tun3; 2) in the [time windows] unregister netdevice tun3 and tun2, and erase them from rbtree. erase tun3 first, and then erase tun2. the pde(tun2) will be released to slab; 3) continue to getdent process, then pde_subdir_next() will return pde(tun2) which is released, it will case uaf access. CPU 0 | CPU 1 ------------------------------------------------------------------------- traverse dir /proc/pid/net/dev_snmp6/ | unregister_netdevice(tun->dev) //tun3 tun2 sys_getdents64() | iterate_dir() | proc_readdir() | proc_readdir_de() | snmp6_unregister_dev() pde_get(de); | proc_remove() read_unlock(&proc_subdir_lock); | remove_proc_subtree() | write_lock(&proc_subdir_lock); [time window] | rb_erase(&root->subdir_node, &parent->subdir); | write_unlock(&proc_subdir_lock); read_lock(&proc_subdir_lock); | next = pde_subdir_next(de); | pde_put(de); | de = next; //UAF | rbtree of dev_snmp6 | pde(tun3) / \ NULL pde(tun2)
Server-Side Request Forgery (SSRF) vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes the issue.
The WatchGuard Mobile VPN with SSL Client on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM on the Windows machine where the VPN Client is installed.This issue affects the Mobile VPN with SSL Client 12.0 up to and including 12.11.2.
Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text component in Qt Quick. Missing validation of the width and height in the <img> tag could cause an application to become unresponsive. This issue affects Qt: from 5.0.0 through 6.5.10, from 6.6.0 through 6.8.5, from 6.9.0 through 6.10.0.
Privilege escalation in Windows Virtualization-Based Security (VBS) Enclave affects Windows 11 and Windows Server 2022 through a heap-based buffer overflow in memory management. An authenticated local attacker with high privileges can exploit this vulnerability to gain unauthorized system-level access. No patch is currently available for this medium-severity vulnerability (CVSS 6.7).
Remote denial of service in Windows LSASS affects Windows 10 and 11 through a null pointer dereference that an unauthenticated attacker can trigger over the network. The vulnerability causes service unavailability but does not enable code execution or data theft. No patch is currently available, leaving affected systems vulnerable until Microsoft releases a fix.
Privilege escalation in Windows Management Services on Windows 10 and 11 stems from improper synchronization of shared resources, enabling local authenticated attackers to gain elevated privileges. The race condition can be exploited without user interaction and impacts confidentiality, integrity, and availability across system boundaries. No patch is currently available for this vulnerability.
Privilege escalation in Windows Management Services (Windows 10/11) stems from improper synchronization of shared resources, allowing authenticated local users to gain elevated privileges through race condition exploitation. The vulnerability affects multiple Windows versions including 22H2 and 24H2 builds, with no patch currently available. An attacker with valid credentials can leverage this flaw to escalate from a standard user account to system-level access.
Windows NTLM authentication is vulnerable to path manipulation attacks that enable network-based spoofing when users interact with malicious content, affecting Windows 10 22H2 and Windows Server editions 2008-2016. An unauthenticated attacker can exploit improper file name or path validation to impersonate legitimate systems or services, potentially redirecting authentication requests to attacker-controlled resources. No patch is currently available for this vulnerability.
Local privilege escalation in Windows Desktop Window Manager (DWM) through use-after-free memory corruption affects Windows 10 22H2, Windows Server 2022, and Windows Server 2025. An authenticated local attacker can exploit this vulnerability to gain system-level privileges with no user interaction required. No patch is currently available for this high-severity vulnerability.
Privilege escalation in Windows Win32K ICOMP component via use-after-free memory corruption affects Windows 11 (24h2, 25h2) and Windows Server 2025. An authenticated local attacker can exploit this vulnerability to gain SYSTEM-level privileges with no user interaction required. Currently no patch is available and exploitation requires local access with user-level permissions.
Local privilege escalation in Windows Local Session Manager (LSM) across Windows 11 23h2, Windows Server 2012, and 2019 stems from improper synchronization in shared resource handling, enabling authenticated attackers to elevate privileges on affected systems. The vulnerability requires local access and specific timing conditions to exploit, with no patch currently available. This affects systems running the impacted Windows and Server editions where authenticated users may achieve system-level privileges.
Remote code execution in Windows RRAS affects Windows 10 21h2 and Windows Server 2022 variants through a heap-based buffer overflow triggered over the network without authentication. An attacker can exploit this vulnerability to execute arbitrary code with high privileges, though a user interaction is required to trigger the flaw. No patch is currently available, making this a critical risk for exposed systems.
Local privilege escalation in Windows Management Services affects Windows Server 2019, Windows 11 24h2, and Windows Server 2025 through improper synchronization of shared resources, enabling authenticated users to gain elevated system privileges. The vulnerability exploits a race condition that an attacker can trigger without user interaction, though no patch is currently available.
Windows Management Services on Windows 10 and Windows Server 2019 contains a race condition in shared resource synchronization that enables local privilege escalation for authenticated users. An attacker with local access can exploit improper locking mechanisms to gain elevated system privileges. No patch is currently available for this vulnerability.
Privilege escalation in Windows Management Services affects Windows 11 24H2, Windows Server 2022, and 2025 through a use-after-free memory vulnerability that allows authenticated local attackers to gain elevated system privileges. The vulnerability requires local access and manual user interaction is not required, making it exploitable by any authorized account on the system. Currently no patch is available to remediate this issue.
Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. [CVSS 7.0 HIGH]
Windows Management Services on Windows 10, 11, and Server 2022 expose sensitive information through an information disclosure vulnerability that allows authenticated local users to read confidential data. An attacker with valid credentials can exploit this to access information they should not be authorized to view, though no remote exploitation or system modification is possible. No patch is currently available for affected systems.
Windows Management Services on Windows 10 and Windows Server 2022 contain a race condition in shared resource handling that permits authenticated local attackers to escalate privileges to system level. The vulnerability stems from improper synchronization during concurrent operations and affects multiple Windows versions including Windows 10 22H2 and 1809. No patch is currently available for this high-severity issue (CVSS 7.8).
Windows 10 1607 is affected by access of resource using incompatible type (type confusion) (CVSS 7.8).
Kernel-mode driver use-after-free vulnerabilities in Windows 11 24H2 and Windows Server 2025 enable authenticated local attackers to achieve privilege escalation. An attacker with standard user privileges can exploit memory corruption in kernel drivers to gain SYSTEM-level access without user interaction. No patch is currently available.
Privilege escalation in Windows Management Services affects Windows 10, Windows 11, and Windows Server 2022 through a use-after-free memory vulnerability. An authenticated local attacker can exploit this flaw to gain elevated system privileges. Currently no patch is available and exploitation requires specific conditions to trigger.
Windows Cloud Files Mini Filter Driver contains an unsafe pointer dereference vulnerability that enables authenticated local users to achieve privilege escalation on affected Windows versions including Windows 10 1809, Windows 11, and Windows Server 2022. An attacker with valid credentials can exploit this flaw to gain elevated system privileges without user interaction. No patch is currently available for this high-severity vulnerability.
Remote code execution in Windows Server Update Service affects Windows 11 25h2, Windows Server 2025, 2022, and 2016 due to inadequate input validation, enabling unauthenticated network-based attackers to execute arbitrary code with high impact. The vulnerability requires specific conditions to exploit (high complexity) but carries significant risk across widely-deployed server infrastructure with no patch currently available.
Remote code execution in Windows LSASS (Local Security Authority Subsystem Service) on Windows 11 and Windows Server 2025 stems from a use-after-free memory vulnerability exploitable by authenticated attackers over the network. An attacker with valid credentials can trigger the flaw to execute arbitrary code with SYSTEM privileges, achieving complete system compromise. No patch is currently available, leaving affected systems vulnerable until Microsoft releases a security update.
Windows WalletService contains a race condition that permits local privilege escalation on Windows 10 and Windows 11 systems. An unauthenticated attacker with local access can exploit improper synchronization of shared resources to gain elevated privileges. No patch is currently available for this vulnerability.
Windows Hello privilege escalation on Windows 10, 11, and Server 2019 allows local attackers without credentials to tamper with system integrity through incorrect privilege assignment. The vulnerability requires local access but no user interaction, enabling unauthorized modifications to protected resources. No patch is currently available for this HIGH severity issue affecting multiple Windows versions.
Windows Kerberos authentication in multiple Windows versions accepts untrusted input during security decisions, enabling authenticated network attackers to escalate privileges without user interaction. The vulnerability affects Windows 10 (versions 1607 and 1809), Windows Server 2012, and Windows Server 2025, with no patch currently available. An attacker with valid credentials can exploit this to gain elevated system access across the network.
Privilege escalation via race condition in Windows SMB Server affects Windows 10 21h2, Windows 11 25h2, and Windows Server 2022 23h2, allowing authenticated attackers to gain elevated privileges over the network. The vulnerability stems from improper synchronization when handling concurrent access to shared resources, and no patch is currently available. With a CVSS score of 7.5, this poses a significant risk to organizations using affected Windows versions.
Windows Shell information disclosure in Windows 10, 11, and Server 2019/2022 permits authenticated network attackers to conduct spoofing attacks by accessing sensitive data. The vulnerability requires valid credentials and network access, with no active exploits currently documented. No patch is available at this time.
Windows Clipboard Server contains a use-after-free vulnerability affecting Windows 10 (versions 21H2 and 1809) and Windows Server 2022 (23H2) that enables local privilege escalation without requiring user interaction. An attacker with local access can exploit this memory safety flaw to gain elevated system privileges. No patch is currently available for this vulnerability.
Local privilege escalation in Windows RRAS affects Windows 10, Windows 11, and Windows Server 2022, allowing authenticated users to gain system-level access through improper access control mechanisms. An attacker with local user credentials can exploit this vulnerability to obtain elevated privileges on the affected system. No patch is currently available, leaving vulnerable systems at risk until Microsoft releases a security update.
Use after free in Windows DWM allows an authorized attacker to elevate privileges locally. [CVSS 7.0 HIGH]
Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally. [CVSS 7.8 HIGH]
Information disclosure in Windows Client-Side Caching Service allows authenticated local users to read sensitive data on affected systems including Windows 10, Windows 11, and Windows Server editions. An attacker with valid credentials can exploit improper access controls to access cached information without additional user interaction. No patch is currently available for this vulnerability.
Sensitive information disclosure in the Windows Kernel error message handling allows local authenticated users to read confidential data they shouldn't have access to. The vulnerability affects Windows and Windows Server 2022/2025 platforms and requires valid credentials to exploit, limiting its attack surface. No patch is currently available for this medium-severity issue.
Local code execution in Windows Media affects Windows 11 25h2, Windows Server 2019, and Windows Server 2025 through a heap buffer overflow that requires user interaction to trigger. An attacker with local access can exploit this vulnerability to achieve arbitrary code execution with full system privileges. No patch is currently available for this vulnerability.
Windows Shell path traversal vulnerability affecting Windows 10 21H2, Windows Server 2016, 2019, and 2022 allows an attacker with physical access to spoof system resources without requiring user interaction. The vulnerability has no patch available and poses a confidentiality risk through unauthorized information disclosure.
Windows Server 2008 versions up to - is affected by use of a broken or risky cryptographic algorithm (CVSS 5.5).
Privileged local attackers can exploit a use-after-free vulnerability in the Windows RPC IDL subsystem to gain system-level code execution on affected Windows 10, Windows 11, Windows Server 2016, and Windows Server 2022 systems. The vulnerability requires local access and valid credentials but allows complete compromise of the target system with no user interaction required. No patch is currently available, leaving vulnerable systems at risk.
Windows Ancillary Function Driver for WinSock contains a race condition that enables local privilege escalation on affected Windows systems including Server 2008, Server 2019, and Windows 10 22H2. An authenticated attacker can exploit this timing vulnerability to gain elevated privileges with high impact to confidentiality, integrity, and availability. No patch is currently available for this vulnerability.
Out-of-bounds read in Windows TPM allows an authorized attacker to disclose information locally. [CVSS 5.5 MEDIUM]
Windows Internet Connection Sharing (ICS) contains an out-of-bounds read vulnerability affecting Windows 7 through Windows 11 24H2 and Windows Server 2008-2019, enabling information disclosure through physical access to an affected system. An attacker with direct hardware access can exploit this flaw to read sensitive data from memory, though no patch is currently available. The attack requires physical presence and does not provide code execution or availability impact.
Information disclosure in Windows Tablet UI (TWINUI) subsystem allows authenticated local users to read sensitive data on affected Windows 11 and Windows Server systems. An attacker with local access can exploit this to retrieve confidential information without requiring user interaction. No patch is currently available for this medium-severity vulnerability.
Privilege escalation in Windows Tablet UI (TWINUI) subsystem on Windows 10, Windows Server 2022, and Windows Server 2025 stems from improper synchronization of shared resources, enabling authenticated local attackers to gain elevated privileges. The race condition vulnerability affects multiple Windows versions and currently has no available patch.
Improper access control in Windows Hyper-V enables privileged local users to read sensitive system information without authorization. The vulnerability affects Windows 10 (versions 21H2 and 22H2), Windows Server 2025, and Hyper-V implementations where an authenticated attacker with high privileges can bypass security controls to access confidential data. Currently no patch is available for this medium-severity issue.
Windows Remote Assistance contains a protection mechanism bypass that allows local attackers to circumvent a security feature without user interaction, affecting Windows 11 24h2, Windows Server 2012, 2022, and 2025. The vulnerability requires local access and user interaction to exploit, with potential impact limited to information disclosure. No patch is currently available for this medium-severity issue.
Information disclosure in Windows File Explorer enables local authenticated users to read sensitive data on affected Windows systems including Windows 10 and Windows Server 2025. An attacker with valid local credentials can exploit this vulnerability to access confidential information without requiring user interaction. No patch is currently available for this issue.
Windows RPC implementation leaks sensitive information to local attackers on Windows 10, Windows 11, and Windows Server 2022. An unauthenticated local attacker can exploit this information disclosure vulnerability without user interaction to access confidential data. No patch is currently available for this medium-severity vulnerability.
Heap buffer overflow in Windows Common Log File System Driver (affecting Windows 10 1607, Server 2016, and Server 2022 23h2) enables authenticated local users to achieve complete system compromise through privilege escalation. The vulnerability requires valid credentials but no user interaction, making it a direct path to administrative control for insiders or attackers with initial access. No patch is currently available, leaving affected systems at elevated risk pending remediation.
Improper pointer validation in Windows VBS Enclave allows authenticated local users to read sensitive information on Windows 11 systems across multiple versions. An attacker with local access and valid credentials can exploit this memory safety flaw to bypass enclave protections and disclose confidential data. No patch is currently available.
Windows Kernel inadvertently logs sensitive information to accessible log files, enabling local attackers to read confidential data on affected Windows and Linux systems. This information disclosure vulnerability requires no privileges or user interaction to exploit and impacts Windows Server 2016, 2022, and 2025 along with standard Windows installations. No patch is currently available for this medium-severity issue.
Windows Error Reporting on Windows 10, Windows 11, and Windows Server 2022 fails to properly validate user privileges, enabling local authenticated users to escalate to system-level access. An attacker with valid credentials can exploit this permission handling flaw to gain full control over the affected system. Currently no patch is available for this high-severity vulnerability (CVSS 7.8).
Windows Installer contains a time-of-check time-of-use race condition that allows authenticated local attackers to escalate privileges on Windows 10 1809, Windows 11 25h2, and Windows Server 2022 23h2. An attacker with local access can exploit the window between permission validation and file operation execution to gain elevated system access. No patch is currently available for this vulnerability.
Windows LDAP input validation bypass in Windows 10 21H2, Windows 11 24H2, and Windows Server 2022 23H2 enables authenticated network attackers to modify data integrity without detection. The vulnerability requires valid credentials and network access but does not provide elevation of privilege or confidentiality breaches. No patch is currently available for this medium-severity issue.
Local privilege escalation in Windows Win32K (ICOMP) via type confusion allows authenticated users to gain system-level access on Windows 11 and Windows Server 2025. The vulnerability affects multiple recent Windows versions with no available patch, requiring immediate mitigation strategies for at-risk environments. Exploitation requires local access but no user interaction, making it a significant risk for multi-user systems.
The Windows Ancillary Function Driver for WinSock contains an improper memory deallocation vulnerability (CWE-590) that allows authenticated local attackers to achieve privilege escalation on affected Windows 10 and Windows Server 2019 systems. An attacker with local user privileges can exploit this flaw to gain SYSTEM-level access without user interaction. No patch is currently available for this vulnerability.
Privilege escalation in Windows Kernel Memory affects Windows 10 21h2 and Windows Server 2022 23h2, exploitable by local authenticated users through a race condition between permission checks and memory access. An attacker with local access can leverage this window to gain elevated system privileges. No patch is currently available.
Desktop Windows Manager on Windows 10, Windows 11, and Windows Server 2022 leaks sensitive information to local authenticated users, enabling disclosure of confidential data without modifying or disrupting system functionality. This vulnerability is confirmed actively exploited and affects multiple Windows versions with no patch currently available. An authorized attacker can exploit this with minimal complexity to extract sensitive information from the system.
Windows Hello privilege elevation flaw in Windows 10 21h2, Windows Server 2019, 2022, and 2022 23h2 enables local attackers to modify system data without authorization. The vulnerability stems from improper privilege assignment that bypasses access controls, allowing an unauthenticated attacker with local access to tamper with protected resources. Currently no patch is available and exploitation requires only local access with no special conditions or user interaction.
Windows Deployment Services contains improper access control that enables unauthenticated attackers on an adjacent network to execute arbitrary code with high privileges on affected Windows and Windows Server systems. The vulnerability affects multiple Windows versions including Server 2012, 2019, and 2022 variants, with no patch currently available. An adjacent network attacker requires only network proximity to exploit this vulnerability, making lateral movement within networked environments a significant risk.
A vulnerability has been identified in the installation/uninstallation of the Nessus Agent Tray App on Windows Hosts which could lead to escalation of privileges. [CVSS 8.8 HIGH]
TinyWeb HTTP Server before 1.98 has OS command injection via CGI ISINDEX query parameters. The query string is passed as command-line arguments to CGI executables through Windows CreateProcess(), allowing unauthenticated RCE. Patch available.
Deserialization of Untrusted Data vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Object Injection.This issue affects DX NetOps Spectrum: 24.3.13 and earlier. [CVSS 8.8 HIGH]
Dependency on Vulnerable Third-Party Component vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows DOM-Based XSS.This issue affects DX NetOps Spectrum: 24.3.9 and earlier. [CVSS 6.1 MEDIUM]
Authorization Bypass Through User-Controlled Key vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Privilege Escalation.This issue affects DX NetOps Spectrum: 24.3.10 and earlier. [CVSS 8.8 HIGH]
Improper Authentication vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Authentication Bypass.This issue affects DX NetOps Spectrum: 24.3.10 and earlier. [CVSS 7.5 HIGH]
Cleartext Transmission of Sensitive Information vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 21.2.1 and earlier. [CVSS 7.5 HIGH]
Insufficiently Protected Credentials vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 24.3.13 and earlier. [CVSS 7.5 HIGH]
Broadcom DX NetOps Spectrum (24.3.8 and earlier) exposes session tokens in URL query strings, enabling session hijacking through browser history, referer headers, or proxy logs.
Broadcom DX NetOps Spectrum (23.3.6 and earlier) has unauthenticated OS command injection on both Windows and Linux platforms. As a network management system, compromise gives attackers visibility and control over the entire monitored infrastructure.
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Reflected XSS.This issue affects DX NetOps Spectrum: 24.3.8 and earlier. [CVSS 6.1 MEDIUM]
Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Path Traversal.This issue affects DX NetOps Spectrum: 24.3.8 and earlier. [CVSS 6.5 MEDIUM]
Salesforce Uni2TS time series forecasting library (through 1.2.0) has a code injection vulnerability that allows leveraging executable code in non-executable files across all platforms.
Exposure of sensitive information in the TeamViewer entry dashboard component in Devolutions Remote Desktop Manager 2025.3.24.0 through 2025.3.28.0 on Windows allows an external observer to view a password on screen via a defective masking feature, for example during physical observation or screen sharing. [CVSS 3.3 LOW]
Werkzeug versions prior to 3.1.5 fail to properly validate Windows reserved device names in the safe_join function, allowing attackers to bypass path restrictions by using device names with file extensions or trailing spaces (e.g., CON.txt, AUX ). This denial of service vulnerability affects Windows systems running vulnerable Werkzeug versions and could allow an unauthenticated remote attacker to access restricted files or cause application crashes. A patch is available in version 3.1.5 and later.
An issue was discovered in Nitro PDF Pro for Windows before 14.42.0.34. In certain cases, it displays signer information from a non-verified PDF field rather than from the verified certificate subject. [CVSS 5.5 MEDIUM]
Arbitrary command execution in Greenshot 1.3.310 and earlier stems from insufficient input validation in filename processing, where unsanitized user-supplied filenames are passed directly to shell commands. An attacker can exploit this through a malicious filename containing shell metacharacters to achieve local code execution with user privileges. Public exploit code exists for this vulnerability; users should upgrade to version 1.3.311 or later.
Stored cross-site scripting (XSS, CWE-79) in the survey content and administration functionality in Data Illusion Zumbrunn NGSurvey Enterprise Edition 3.6.4 on all supported platforms ( on Windows and Linux servers ) allows authenticated remote users with survey creation or edit privileges to execute arbitrary JavaScript in other users’ browsers, steal session information and perform unauthorized actions on their behalf via crafted survey content that is rendered without proper output encoding. [CVSS 5.4 MEDIUM]
Fujitsu Security Solution AuthConductor Client Basic V2 version 2.0.25.0 and earlier contains an origin validation flaw that allows authenticated local attackers to execute arbitrary code with SYSTEM privileges and modify registry values. An attacker with login access to an affected Windows system can exploit this vulnerability to achieve complete system compromise. No patch is currently available.
Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard on Windows (Nios II Command Shell modules), Altera Quartus Prime Lite on Windows (Nios II Command Shell modules) allows Search Order Hijacking.This issue affects Quartus Prime Standard: from 19.1 through 24.1; Quartus Prime Lite: from 19.1 through 24.1. [CVSS 6.7 MEDIUM]
Insecure Temporary File vulnerability in Altera Quartus Prime Standard Installer (SFX) on Windows, Altera Quartus Prime Lite Installer (SFX) on Windows allows Explore for Predictable Temporary File Names.This issue affects Quartus Prime Standard: from 23.1 through 24.1; Quartus Prime Lite: from 23.1 through 24.1. [CVSS 6.7 MEDIUM]
Unverified Password Change vulnerability in Progress MOVEit Transfer on Windows (REST API modules).This issue affects MOVEit Transfer: from 2023.1.0 before 2023.1.3, from 2023.0.0 before 2023.0.8, from 2022.1.0 before 2022.1.11, from 2022.0.0 before 2022.0.10. [CVSS 3.7 LOW]
Insecure Temporary File vulnerability in Altera Quartus Prime Pro Installer (SFX) on Windows allows : Use of Predictable File Names.This issue affects Quartus Prime Pro: from 24.1 through 25.1.1. [CVSS 6.7 MEDIUM]
Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro on Windows (System Console modules) allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 17.0 through 25.1.1. [CVSS 6.7 MEDIUM]
Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard Installer (SFX) on Windows, Altera Quartus Prime Lite Installer (SFX) on Windows allows Search Order Hijacking.This issue affects Quartus Prime Standard: from 23.1 through 24.1; Quartus Prime Lite: from 23.1 through 24.1. [CVSS 6.7 MEDIUM]
Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro Installer (SFX) on Windows allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 24.1 through 24.3.1. [CVSS 6.7 MEDIUM]
An issue was discovered in Samsung Magician 6.3.0 through 8.3.2 on Windows. The installer creates a temporary folder with weak permissions during installation, allowing a non-admin user to perform DLL hijacking and escalate privileges. [CVSS 7.8 HIGH]
Bitdefender Total Security, Antivirus, Internet Security, and Endpoint Security Tools prior to version 27.0.47.241 allow local attackers with low privileges to execute arbitrary code as SYSTEM through a complex attack chain. The bdservicehost.exe service deletes files from C:\ProgramData\Atc\Feedback without validating symbolic links (CWE-59), enabling arbitrary file deletion that attackers chain with network-triggered file copy operations and filter driver bypass via DLL injection to achieve full privilege escalation. EPSS indicates 0.02% exploitation probability (6th percentile), and no public exploit code or active exploitation has been identified at time of analysis. Vendor has released patches addressing this multi-stage local escalation vector.
A remote code execution vulnerability (CVSS 6.7). Remediation should follow standard vulnerability management procedures.
In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix uaf in proc_readdir_de() Pde is erased from subdir rbtree through rb_erase(), but not set the node to EMPTY, which may result in uaf access. We should use RB_CLEAR_NODE() set the erased node to EMPTY, then pde_subdir_next() will return NULL to avoid uaf access. We found an uaf issue while using stress-ng testing, need to run testcase getdent and tun in the same time. The steps of the issue is as follows: 1) use getdent to traverse dir /proc/pid/net/dev_snmp6/, and current pde is tun3; 2) in the [time windows] unregister netdevice tun3 and tun2, and erase them from rbtree. erase tun3 first, and then erase tun2. the pde(tun2) will be released to slab; 3) continue to getdent process, then pde_subdir_next() will return pde(tun2) which is released, it will case uaf access. CPU 0 | CPU 1 ------------------------------------------------------------------------- traverse dir /proc/pid/net/dev_snmp6/ | unregister_netdevice(tun->dev) //tun3 tun2 sys_getdents64() | iterate_dir() | proc_readdir() | proc_readdir_de() | snmp6_unregister_dev() pde_get(de); | proc_remove() read_unlock(&proc_subdir_lock); | remove_proc_subtree() | write_lock(&proc_subdir_lock); [time window] | rb_erase(&root->subdir_node, &parent->subdir); | write_unlock(&proc_subdir_lock); read_lock(&proc_subdir_lock); | next = pde_subdir_next(de); | pde_put(de); | de = next; //UAF | rbtree of dev_snmp6 | pde(tun3) / \ NULL pde(tun2)
Server-Side Request Forgery (SSRF) vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes the issue.
The WatchGuard Mobile VPN with SSL Client on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM on the Windows machine where the VPN Client is installed.This issue affects the Mobile VPN with SSL Client 12.0 up to and including 12.11.2.
Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text component in Qt Quick. Missing validation of the width and height in the <img> tag could cause an application to become unresponsive. This issue affects Qt: from 5.0.0 through 6.5.10, from 6.6.0 through 6.8.5, from 6.9.0 through 6.10.0.