Windows Kernel Security Vulnerabilities
7.8CVSS
8.4AI Score
0.0005EPSS
7.8CVSS
7.9AI Score
0.001EPSS
7.8CVSS
7.9AI Score
0.0005EPSS
5.5CVSS
5.9AI Score
0.0005EPSS
5.5CVSS
5.9AI Score
0.0005EPSS
Sensitive information leak through log files. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build...
5.5CVSS
4.7AI Score
0.0004EPSS
Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build...
5.5CVSS
4AI Score
0.0004EPSS
Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30991, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build...
5.5CVSS
6AI Score
0.0004EPSS
Excessive attack surface due to binding to an unrestricted IP address. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30430, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build...
7.5CVSS
4.7AI Score
0.001EPSS
A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a...
7.5CVSS
7.4AI Score
0.001EPSS
Insufficient Logging vulnerability in Hitachi HiRDB Server, HiRDB Server With Addtional Function, HiRDB Structured Data Access Facility.This issue affects HiRDB Server: before 09-60-39, before 09-65-23, before 09-66-17, before 10-01-10, before 10-03-12, before 10-04-06, before 10-05-06, before...
7.5CVSS
7.5AI Score
0.0005EPSS
IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive...
7.5CVSS
7.1AI Score
0.001EPSS
Improper path handling in Typora before 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/typemark/". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text from....
6.5CVSS
6.3AI Score
0.001EPSS
DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows, Linux and macOS allows arbitrary JavaScript code to run in the context of MarkText main window. This vulnerability can be exploited if a user copies text from a malicious webpage and paste it into...
9.6CVSS
8.5AI Score
0.001EPSS
Improper path handling in Typora before 1.6.7 on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text from a malicious.....
7.4CVSS
7.3AI Score
0.001EPSS
DOM-based XSS in updater/update.html in Typora before 1.6.7 on Windows and Linux allows a crafted markdown file to run arbitrary JavaScript code in the context of Typora main window via loading typora://app/typemark/updater/update.html in tag. This vulnerability can be exploited if a user opens a.....
9.6CVSS
8.6AI Score
0.001EPSS
Improper path handling in Obsidian desktop before 1.2.8 on Windows, Linux and macOS allows a crafted webpage to access local files and exfiltrate them to remote web servers via "app://local/". This vulnerability can be exploited if a user opens a malicious markdown file in Obsidian, or copies text....
8.2CVSS
6.6AI Score
0.001EPSS
Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may permit a privileged attacker to perform memory reads/writes potentially leading to a loss of confidentiality or arbitrary kernel...
6.7CVSS
6.4AI Score
0.0004EPSS
IBM TXSeries for Multiplatforms 8.1, 8.2, and 9.1 is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting a slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service. IBM X-Force.....
7.5CVSS
7.3AI Score
0.001EPSS
Genesys Administrator Extension (GAX) before 9.0.105.15 is vulnerable to Cross Site Scripting (XSS) via the Business Structure page of the iWD plugin, aka...
6.1CVSS
6AI Score
0.0005EPSS
7.8CVSS
8.1AI Score
0.0005EPSS
7.8CVSS
8.5AI Score
0.001EPSS
7.8CVSS
8.5AI Score
0.0005EPSS
7.8CVSS
8AI Score
0.001EPSS
7.8CVSS
8.5AI Score
0.001EPSS
Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel...
7.8CVSS
7.4AI Score
0.0004EPSS
Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary buffer potentially resulting in a Windows crash leading to denial of...
5.5CVSS
5.8AI Score
0.0004EPSS
Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary address potentially resulting in a Windows crash leading to denial of...
5.5CVSS
5.7AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrafterCMS Engine on Windows, MacOS, Linux, x86, ARM, 64 bit allows Reflected XSS.This issue affects CrafterCMS: from 4.0.0 through 4.0.2, from 3.1.0 through...
7.4CVSS
6.2AI Score
0.001EPSS
There is a stored Cross-site Scripting vulnerability in Esri ArcGIS Server versions 10.8.1 – 11.0 on Windows and Linux platforms that may allow a remote, unauthenticated attacker to create crafted content which when clicked could potentially execute arbitrary JavaScript code in the victim’s...
6.1CVSS
6.3AI Score
0.001EPSS
There is a Cross-site Scripting vulnerability in ArcGIS Server in versions 10.8.1 – 11.1 that may allow a remote, authenticated attacker to create a crafted link which onmouseover wont execute but could potentially render an image in the victims browser. The privileges required to execute this...
3.4CVSS
4.1AI Score
0.0005EPSS
IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: ...
7.5CVSS
7.1AI Score
0.001EPSS
IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute. IBM X-Force ID: ...
5.3CVSS
5.1AI Score
0.0004EPSS
IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: ...
6.5CVSS
5.3AI Score
0.0004EPSS
IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information due to an insecure security configuration in InfoSphere Data Flow Designer. IBM X-Force ID: ...
6.5CVSS
5.9AI Score
0.0005EPSS
Cleartext Transmission of Sensitive Information vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows Interception.This issue affects Hitachi Device Manager: before...
9CVSS
7.5AI Score
0.001EPSS
Expression Language Injection vulnerability in Hitachi Replication Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Replication Manager: before...
9.8CVSS
9.6AI Score
0.002EPSS
Improper Validation of Certificate with Host Mismatch vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows Man in the Middle Attack.This issue affects Hitachi Device Manager: before...
8.1CVSS
8AI Score
0.001EPSS
CWE-502 Deserialization of Untrusted Data at the rabbitmq-connector plugin module in Apache EventMesh (incubating) V1.7.0\V1.8.0 on windows\linux\mac os e.g. platforms allows attackers to send controlled message and remote code execute via rabbitmq messages. Users can use the code under the...
9.8CVSS
9.4AI Score
0.007EPSS
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 with a Federated configuration is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user with SYSADM privileges could overflow the buffer and execute arbitrary code on the system. IBM...
6.7CVSS
6.8AI Score
0.0004EPSS
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain system information using a specially crafted query that could aid in further attacks against the system. IBM X-Force ID: ...
5.3CVSS
4.9AI Score
0.001EPSS
7.8CVSS
7.9AI Score
0.0005EPSS
7CVSS
7.2AI Score
0.0004EPSS
7.8CVSS
7.9AI Score
0.001EPSS
7.8CVSS
7.9AI Score
0.0004EPSS
7.8CVSS
7.9AI Score
0.0005EPSS
8.8CVSS
8.8AI Score
0.001EPSS
7CVSS
7.2AI Score
0.0004EPSS
7.8CVSS
7.9AI Score
0.001EPSS
7.8CVSS
7.9AI Score
0.001EPSS