| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| External control of file name or path in Windows Kernel allows an authorized attacker to elevate privileges locally. |
| Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally. |
| Heap-based buffer overflow in Windows File Server allows an authorized attacker to elevate privileges locally. |
| Out-of-bounds read in Push Message Routing Service allows an authorized attacker to disclose information locally. |
| Out-of-bounds read in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally. |
| Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to elevate privileges locally. |
| Use after free in RPC Runtime allows an authorized attacker to execute code over a network. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. |
| Use after free in Broadcast DVR allows an authorized attacker to elevate privileges locally. |
| Improper restriction of communication channel to intended endpoints in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network. |
| Improper access control in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally. |
| Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network. |
| A Missing Authentication for Critical Function vulnerability in command processing of Juniper Networks Junos OS allows a privileged local attacker to gain access to line cards running Junos OS Evolved
as root.
This issue affects systems running Junos OS using Linux-based line cards. Affected line cards include:
* MPC7, MPC8, MPC9, MPC10, MPC11
* LC2101, LC2103
* LC480, LC4800, LC9600
* MX304 (built-in FPC)
* MX-SPC3
* SRX5K-SPC3
* EX9200-40XS
* FPC3-PTX-U2, FPC3-PTX-U3
* FPC3-SFF-PTX
* LC1101, LC1102, LC1104, LC1105
This issue affects Junos OS:
* all versions before 22.4R3-S8,
* from 23.2 before 23.2R2-S6,
* from 23.4 before 23.4R2-S6,
* from 24.2 before 24.2R2-S3,
* from 24.4 before 24.4R2,
* from 25.2 before 25.2R2. |
| FileZilla Client 3.63.1 contains a DLL hijacking vulnerability that allows attackers to execute malicious code by placing a crafted TextShaping.dll in the application directory. Attackers can generate a reverse shell payload using msfvenom and replace the missing DLL to achieve remote code execution when the application launches. |
| AirVPN Eddie on MacOS contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root.This issue affects Eddie: 2.24.6. |
| A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives. |
| Multiple authenticated stored cross-site scripting (XSS) vulnerabilities in the Permissions module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Group, Category or Description parameters. |
| An authenticated stored cross-site scripting (XSS) vulnerability in the Category module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter. |
| An authenticated stored cross-site scripting (XSS) vulnerability in the Role Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Role Name parameter. |
