CVE-2025-26678

Improper access control in Windows Defender Application Control WDAC allows an unauthorized attacker to bypass a security feature locally...

CVE-2025-26678

Improper access control in Windows Defender Application Control WDAC allows an unauthorized attacker to bypass a security feature locally...

CVE-2025-26678 Windows Defender Application Control Security Feature Bypass Vulnerability

...

CVE-2025-26678

CVE-2025-26678 is a local security bypass in Windows Defender Application Control (WDAC) due to improper access control. The issue affects WDAC’s security feature and can be exploited locally to bypass protections. Public sources confirm the vulnerability and that updates released in April 2025 f...

CVE-2025-26678 Windows Defender Application Control Security Feature Bypass Vulnerability

...

Windows Defender Application Control Security Feature Bypass Vulnerability

Improper access control in Windows Defender Application Control WDAC allows an unauthorized attacker to bypass a security feature locally...

Microsoft Windows Defender Application Control（WDAC） 访问控制错误漏洞

Microsoft Windows Defender Application Control WDAC is a security tool from Microsoft Corporation USA that restricts the operation of programs at the software level by configuring policies to reduce the scope of what hackers can attack. An access control error vulnerability exists in Microsoft...

Threat actors leverage tax season to deploy tax-themed phishing campaigns

As Tax Day approaches in the United States on April 15, Microsoft has observed several phishing campaigns using tax-related themes for social engineering to steal credentials and deploy malware. These campaigns notably use redirection methods such as URL shorteners and QR codes contained in...

Malicious code in sharpdefender (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Security Bulletin: Multiple vulnerabilities in IBM Storage Defender – Data Protect

Summary There are multiple vulnerabilities in Open Source packages that affect IBM Storage Defender – Data Protect. These vulnerabilities can result in runtime errors, denial of service, remote code execution, arbitrary command execution, bypass of security restrictions, incorrect file permission...

Security Bulletin: A buffer overread, security restrictions bypass, a use-after-free, and other vulnerabilities might affect IBM Storage Defender – Resiliency Service

Summary IBM Storage Defender – Resiliency Service is vulnerable to a buffer overread, security restrictions bypass, a use-after-free, and others. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2020-15945 DESCRIPTION: Lua 5.4.0 fixed in 5.4.1 has a segmentation fault in...

Security Bulletin: IBM Storage Defender Data Protect vulnerable to CVE-2024-45801 due to dependency on Open Source library.

Summary IBM Storage Defender Data Protect is vulnerable to CVE-2024-45801 due to dependency on Open Source library. Vulnerability Details CVEID:CVE-2024-45801 DESCRIPTION: DOMPurify could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in dept...

Malicious code in pydefender (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a1e2cc2d94eff74e302118c35c34f87e76175fe507facbe21c29883960c8223e setup.py is prepared to download and run an obfuscated batch script. While the script is not detected by any AV currently, in the sandbox analysis it reveals...

MAL-2025-191833 Malicious code in pydefender (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a1e2cc2d94eff74e302118c35c34f87e76175fe507facbe21c29883960c8223e setup.py is prepared to download and run an obfuscated batch script. While the script is not detected by any AV currently, in the sandbox analysis it reveals...

SUSE SLES15 / openSUSE 15 Security Update : azure-cli (SUSE-SU-2025:0751-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0751-1 advisory. - CVE-2024-43591: improper neutralization of special elements could allow users to run Azure CLI commands that result in certa...

Security update for azure-cli

This update for azure-cli fixes the following issues: CVE-2024-43591: improper neutralization of special elements could allow users to run Azure CLI commands that result in certain service management operations being performed with System level permissions in Azure Defender for Cloud bsc1231971...

SUSE-SU-2025:0751-1 Security update for azure-cli

This update for azure-cli fixes the following issues: - CVE-2024-43591: improper neutralization of special elements could allow users to run Azure CLI commands that result in certain service management operations being performed with System level permissions in Azure Defender for Cloud bsc1231971...

Security Bulletin: Denial of service, SQL injection, and other vulnerabilities might affect IBM Storage Defender – Resiliency Service

Summary IBM Storage Defender – Resiliency Service is vulnerable to denial of service, SQL injection, and others. The vulnerabilities have been addressed. CVE-2023-52425, CVE-2024-53908, CVE-2024-53907, CVE-2023-52426, CVE-2022-29162, CVE-2023-25809, CVE-2023-27561, CVE-2023-28642, CVE-2024-21626,...

CVE-2024-21971

Improper input validation in AMD Crash Defender could allow an attacker to provide the Windows® system process ID to a kernel-mode driver, resulting in an operating system crash, potentially leading to denial of service...

CVE-2024-21971

Improper input validation in AMD Crash Defender could allow an attacker to provide the Windows® system process ID to a kernel-mode driver, resulting in an operating system crash, potentially leading to denial of service...