CVE Brief Security Intelligence

A security feature bypass vulnerability in Microsoft Office Word exists due to reliance on untrusted inputs, allowing an unauthorized local attacker to circumvent security protections.

Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate their privileges locally on the affected system.

A protection mechanism failure in the Windows Shell allows an unauthenticated attacker to bypass security features over a network connection.

A protection mechanism failure in the MSHTML Framework allows an unauthenticated attacker to bypass security features over a network, potentially leading to unauthorized system access.

The wpForo Forum plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2

An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet FortiOS 7

A type confusion vulnerability in the Desktop Window Manager (DWM) allows an authorized local attacker to elevate their privileges to a higher level.

Use after free in CSS in Google Chrome prior to 145

Heap buffer overflow in Codecs in Google Chrome prior to 145

The Custom Block Builder – Lazy Blocks plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4

A heap-based buffer overflow in the Microsoft Graphics Component allows an authenticated user to gain elevated system privileges through local exploitation.

A heap-based buffer overflow in Microsoft Office Excel enables an unauthorized attacker to achieve local privilege escalation on affected systems.

A code injection vulnerability in Microsoft Defender for Linux allows an unauthenticated attacker on an adjacent network to execute arbitrary code.

Inappropriate implementation in WebGPU in Google Chrome prior to 145

Improper certificate validation in Azure Local allows an unauthenticated network attacker to execute arbitrary code on the target system.

The 'Videospirecore Theme Plugin' plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1

Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally

Use after free in Windows Cluster Client Failover allows an authorized attacker to elevate privileges locally

Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network

Improper access control in Windows Hyper-V allows an authorized attacker to bypass a security feature locally

Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in Apache HertzBeat

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally

Untrusted pointer dereference in Windows HTTP

Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally

Time-of-check time-of-use (toctou) race condition in Windows HTTP

Untrusted pointer dereference in Windows HTTP

WorkgroupMail 7

Dell Update Package (DUP) Framework, versions 23

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code

An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a custom operator in the public schema and place malicious code in that operator

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions

Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network

Improper neutralization of special elements used in a command ('command injection') in Github Copilot allows an unauthorized attacker to execute code over a network

Improper input validation in AMD Graphics Driver could allow an attacker to supply a specially crafted pointer, potentially leading to arbitrary code execution

The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execution due to insufficient sanitization of MDX content

Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network

Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ergosis Security Systems Computer Industry and Trade Inc

A buffer overflow vulnerability has been reported to affect Qsync Central

A buffer overflow vulnerability has been reported to affect Qsync Central

A buffer overflow vulnerability has been reported to affect Qsync Central

Authorization Bypass Through User-Controlled Key vulnerability in Dinibh Puzzle Software Solutions Dinibh Patrol Tracking System allows Exploitation of Trusted Identifiers

Worklenz is a project management tool

An out-of-bounds write vulnerability has been reported to affect Qsync Central

JUNG Smart Visu Server 1

Execution After Redirect (EAR) vulnerability in Sarman Soft Software and Technology Services Industry and Trade Ltd

Statmatic is a Laravel and Git powered content management system (CMS)

An out-of-bounds write in the firmware for Intel AMT and Standard Manageability within Ring 3 user applications may allow an attacker to cause a denial of service.

Kanboard is project management software focused on Kanban methodology

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saastech Cleaning and Internet Services Inc

Cleartext Transmission of Sensitive Information vulnerability in Pan Software & Information Technologies Ltd

Improper input validation for some Server Firmware Update Utility(SysFwUpdt) before version 16

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi Corporate Information Systems Ltd

A use of externally-controlled format string vulnerability has been reported to affect Qsync Central

Improper input validation in Power BI allows an authorized attacker to execute code over a network

Race condition for some TDX Module within Ring 0: Hypervisor may allow an escalation of privilege

A flaw in Intel Quick Assist Technology allows an attacker with Ring 0 access to bypass hardware interface protections, leading to kernel-level privilege escalation.

A vulnerability has been identified in NX (All versions < V2512)

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512)

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512)

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512)

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512)

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512)

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512)

A vulnerability has been identified in SINEC NMS (All versions < V4

A vulnerability has been identified in SINEC NMS (All versions), User Management Component (UMC) (All versions < V2

Audition versions 25

After Effects versions 25

After Effects versions 25

After Effects versions 25

After Effects versions 25

After Effects versions 25

After Effects versions 25

After Effects versions 25

After Effects versions 25

After Effects versions 25

After Effects versions 25

After Effects versions 25

After Effects versions 25

Substance3D - Designer versions 15

Substance3D - Designer versions 15

After Effects versions 25

InDesign Desktop versions 21

Substance3D - Stager versions 3

Substance3D - Stager versions 3

Substance3D - Stager versions 3

Substance3D - Stager versions 3

Substance3D - Stager versions 3

Bridge versions 15

Bridge versions 15

DNG SDK versions 1

DNG SDK versions 1

Lightroom Desktop versions 15

BlackMoon FTP Server 3

Mikogo 5