CVE Brief Security Intelligence

A heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute arbitrary code locally.

A heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute arbitrary code locally.

A heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute arbitrary code locally.

A heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute arbitrary code locally.

A use-after-free vulnerability in the WebShare component of Google Chrome on Windows allows for potential exploitation.

Microsoft Edge contains a cross-site scripting (XSS) vulnerability that allows an authenticated attacker to perform spoofing attacks over a network.

A type confusion vulnerability in Microsoft Office allows an unauthorized attacker to execute arbitrary code locally on an affected system.

A type confusion vulnerability in Microsoft Office allows an unauthorized attacker to execute arbitrary code locally on an affected system.

A vulnerability exists within the Content Server component of Oracle WebCenter Content that may allow an attacker to compromise the integrity and availability of the system.

Oracle Data Integrator contains a vulnerability in its Market Place component that may allow for unauthorized system interaction or compromise.

A high-severity vulnerability exists within the Console component of the Oracle WebLogic Server, potentially allowing for unauthorized system interaction.

A high-severity vulnerability within the Siebel Cloud Manager component of Oracle Siebel CRM may permit unauthorized access or manipulation of critical CRM functions.

An inappropriate implementation vulnerability in the WebView component of Google Chrome on Android may allow for unauthorized behavior by malicious applications.

A race condition vulnerability exists within the Safe Browsing component of Google Chrome for macOS, potentially allowing for memory corruption or bypass of security features.

A race condition within the Google Chrome Updater for macOS could allow an attacker to interfere with the update process, potentially leading to unauthorized operations.

The SP Movie Database component for Joomla! contains a security vulnerability that could potentially be leveraged to compromise the integrity of the application.

Microsoft 365 Copilot's Business Chat is vulnerable to an open redirect, which can be leveraged by an unauthorized attacker to facilitate privilege escalation over a network.

A memory safety vulnerability in the Linux kernel ksmbd module allows out-of-bounds writes during compound SMB requests, potentially leading to system crashes or arbitrary code execution.

A flaw in the Linux kernel SMB client allows for improper validation of DACL pointers, potentially leading to security descriptor corruption.

A slab-out-of-bounds read vulnerability exists in the Linux kernel's t7xx WWAN driver when handling modem messages.

A vulnerability in the Linux kernel's mac80211 subsystem occurs when MLO connection preparation fails.

An insecure default resource initialization in GitHub Copilot and Visual Studio Code allows unauthenticated attackers to perform information disclosure over a network.

A critical security flaw in an unspecified router allows unauthenticated local network users to gain administrative control and modify operational settings.

The Linux kernel ksmbd module fails to properly validate ACE sizes in smb_check_perm_dacl, allowing for buffer boundary violations when processing access control lists.

A security vulnerability in the Joomla NextGen Editor extension allows for unauthorized access or potential compromise of the CMS environment.

A high-severity vulnerability in the Joomla Survey Force Deluxe extension may allow unauthenticated attackers to compromise the web application.

A security vulnerability exists in the Joomla OSDownloads extension. The specific technical details of the flaw are currently limited.

An authenticated privilege escalation vulnerability exists in F5 BIG-IP via the iControl SOAP interface, allowing administrators to create unauthorized SNMP configuration objects.

The David Lingren Media Library Assistant plugin is vulnerable to blind SQL injection, allowing attackers to manipulate database queries.

A security vulnerability affects the Joomla! vBizz component, potentially exposing the site to unauthorized actions or data compromise.

Capgo versions prior to 12 are affected by a security vulnerability requiring immediate attention from administrators.

A path traversal vulnerability in Microsoft SQL Server allows an authorized attacker to execute arbitrary code over the network.

A use-after-free vulnerability in the Networking HTTP component could potentially lead to arbitrary code execution or system instability.

A security vulnerability exists in the SAP nanobot personal AI assistant. The specific technical nature of the flaw is currently undisclosed by the vendor.

An authentication bypass vulnerability in F5 BIG-IP Appliance mode allows administrators to circumvent existing system restrictions.

A denial-of-service (DoS) vulnerability exists in the 10G iSCSI interface of the Hitachi Virtual Storage Platform, potentially allowing an attacker to disrupt storage availability.

Capgo versions prior to 12 contain a critical security vulnerability that requires immediate remediation.

A vulnerability exists in the Joomla My Projects 2 component, which may allow for unauthorized actions or information disclosure within the affected Joomla environment.

A vulnerability exists in the Joomla User Bench 1 component, which may allow for unauthorized actions or security bypasses within the affected Joomla environment.

The JB Visa component for Joomla contains a high-severity vulnerability that may allow for unauthorized system interaction.

The Quiz Deluxe component for Joomla contains a high-severity vulnerability that may lead to unauthorized system access or data exposure.

The RPC Responsive Portfolio component for Joomla contains a high-severity vulnerability that may lead to unauthorized system access or data compromise.

A vulnerability exists within the Joomla! Component Price Alert 3, potentially allowing for unauthorized exploitation of the system.

The Joomla! Component Bargain Product VM3 contains a security vulnerability that requires immediate attention to prevent unauthorized system exploitation.

The Joomla! Component Ajax Quiz is susceptible to a security vulnerability that could potentially allow for unauthorized access or system manipulation.

The FocalPoint Pro and Free components for Joomla! contain a security vulnerability that may expose the application to unauthorized access or potential compromise.

The Calendar Planner component for Joomla! is susceptible to a security vulnerability that may facilitate unauthorized access or malicious activity within the web environment.