CVE Brief Security Intelligence

A security feature bypass vulnerability in Microsoft Office Word exists due to reliance on untrusted inputs, allowing an unauthorized local attacker to circumvent security protections.

Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate their privileges locally on the affected system.

A protection mechanism failure in the Windows Shell allows an unauthenticated attacker to bypass security features over a network connection.

A protection mechanism failure in the MSHTML Framework allows an unauthenticated attacker to bypass security features over a network, potentially leading to unauthorized system access.

An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet FortiOS 7

A type confusion vulnerability in the Desktop Window Manager (DWM) allows an authorized local attacker to elevate their privileges to a higher level.

Docpedia developed by Flowring has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents

The Custom Block Builder – Lazy Blocks plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4

A heap-based buffer overflow in the Microsoft Graphics Component allows an authenticated user to gain elevated system privileges through local exploitation.

A heap-based buffer overflow in Microsoft Office Excel enables an unauthorized attacker to achieve local privilege escalation on affected systems.

A code injection vulnerability in Microsoft Defender for Linux allows an unauthenticated attacker on an adjacent network to execute arbitrary code.

Improper certificate validation in Azure Local allows an unauthenticated network attacker to execute arbitrary code on the target system.

Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally

Use after free in Windows Cluster Client Failover allows an authorized attacker to elevate privileges locally

Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network

Improper access control in Windows Hyper-V allows an authorized attacker to bypass a security feature locally

Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in Apache HertzBeat

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5

A high-severity vulnerability exists in SumatraPDF for Windows. This flaw could allow for exploitation when the reader processes specially crafted multi-format documents.

PowerDocu contains a Windows GUI executable to perform technical documentations

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally

Untrusted pointer dereference in Windows HTTP

Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally

Time-of-check time-of-use (toctou) race condition in Windows HTTP

Untrusted pointer dereference in Windows HTTP

An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data

Super-linter is a combination of multiple linters to run as a GitHub Action or standalone

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier

Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network

Improper neutralization of special elements used in a command ('command injection') in Github Copilot allows an unauthorized attacker to execute code over a network

Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server

Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network

Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network

The SAP Solution Tools Plug-In (ST-PI) fails to perform necessary authorization checks in a specific function module, allowing authenticated users to access sensitive information.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ergosis Security Systems Computer Industry and Trade Inc

An authenticated user can cause a Denial of Service in SAP systems by invoking a remote-enabled function module with an excessively large loop-control parameter.

FreeRDP is a free implementation of the Remote Desktop Protocol

FreeRDP is a free implementation of the Remote Desktop Protocol

Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools

Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools

AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user

Unrestricted Upload of File with Dangerous Type vulnerability in Birtech Information Technologies Industry and Trade Ltd

A flaw was found in Keycloak

ZAI Shell is an autonomous SysOps agent designed to navigate, repair, and secure complex environments

Authorization Bypass Through User-Controlled Key vulnerability in Dinibh Puzzle Software Solutions Dinibh Patrol Tracking System allows Exploitation of Trusted Identifiers

Worklenz is a project management tool

Execution After Redirect (EAR) vulnerability in Sarman Soft Software and Technology Services Industry and Trade Ltd

An out-of-bounds write in the firmware for Intel AMT and Standard Manageability within Ring 3 user applications may allow an attacker to cause a denial of service.

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saastech Cleaning and Internet Services Inc

In JetBrains PyCharm before 2025

Crafted delegations or IP fragments can poison cached delegations in Recursor

Improper input validation for some Server Firmware Update Utility(SysFwUpdt) before version 16

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi Corporate Information Systems Ltd

A flaw was found in Keycloak

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files

Improper input validation in Power BI allows an authorized attacker to execute code over a network

Race condition for some TDX Module within Ring 0: Hypervisor may allow an escalation of privilege

A flaw in Intel Quick Assist Technology allows an attacker with Ring 0 access to bypass hardware interface protections, leading to kernel-level privilege escalation.

vscode-spell-checker is a basic spell checker that works well with code and documents

A vulnerability has been identified in NX (All versions < V2512)

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512)

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512)

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512)

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512)

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512)

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512)

A vulnerability has been identified in SINEC NMS (All versions < V4

A vulnerability has been identified in SINEC NMS (All versions), User Management Component (UMC) (All versions < V2

Audition versions 25

After Effects versions 25

After Effects versions 25

After Effects versions 25

After Effects versions 25

After Effects versions 25

After Effects versions 25

After Effects versions 25

After Effects versions 25

After Effects versions 25

After Effects versions 25

After Effects versions 25

After Effects versions 25

Substance3D - Designer versions 15

Substance3D - Designer versions 15

After Effects versions 25

InDesign Desktop versions 21

Substance3D - Stager versions 3

Substance3D - Stager versions 3

Substance3D - Stager versions 3

Substance3D - Stager versions 3

Substance3D - Stager versions 3

Bridge versions 15

Bridge versions 15

DNG SDK versions 1

DNG SDK versions 1

Lightroom Desktop versions 15

Cube is a semantic layer for building data applications

MUNGE is an authentication service for creating and validating user credentials

A vulnerability has been identified in Polarion V2404 (All versions < V2404