| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Windows Kernel Elevation of Privilege Vulnerability |
| Windows Hyper-V Denial of Service Vulnerability |
| Windows Print Spooler Elevation of Privilege Vulnerability |
| Windows Graphics Component Elevation of Privilege Vulnerability |
| Windows Graphics Component Information Disclosure Vulnerability |
| Windows Print Spooler Elevation of Privilege Vulnerability |
| Windows Projected File System Elevation of Privilege Vulnerability |
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability |
| Windows Bluetooth Driver Elevation of Privilege Vulnerability |
| Windows Bluetooth Driver Information Disclosure Vulnerability |
| Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability |
| Windows Media Remote Code Execution Vulnerability |
| Windows Media Remote Code Execution Vulnerability |
| Multiple vulnerabilities in the update process of Cisco ThousandEyes Endpoint Agent for Windows could allow an authenticated, local attacker to delete arbitrary files on an affected device.
These vulnerabilities are due to improper access controls on files that are in the local file system. An attacker could exploit these vulnerabilities by using a symbolic link to perform an agent upgrade that redirects the delete operation of any protected file. A successful exploit could allow the attacker to delete arbitrary files from the file system of the affected device. |
| Memory corruption while processing command message in WLAN Host. |
| Insufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low) |
| Heap buffer overflow in Codecs in Google Chrome on Windows prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) |
| InCopy versions 20.2, 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| In mintplex-labs/anything-llm v1.5.11 desktop version for Windows, the application opens server port 3001 on 0.0.0.0 with no authentication by default. This vulnerability allows an attacker to gain full backend access, enabling them to perform actions such as deleting all data from the workspace. |
| Audition versions 25.2, 24.6.3 and earlier are affected by an Access of Memory Location After End of Buffer vulnerability that could result in application denial-of-service. An attacker could leverage this vulnerability to crash the application or disrupt its functionality. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
