4835 matches found
CVE-2025-7207
A vulnerability, which was classified as problematic, was found in mruby up to 3.4.0-rc2. Affected is the function scopenew of the file mrbgems/mruby-compiler/core/codegen.c of the component nregs Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locall...
CVE-2025-7207 mruby nregs codegen.c scope_new heap-based overflow
A vulnerability, which was classified as problematic, was found in mruby up to 3.4.0-rc2. Affected is the function scopenew of the file mrbgems/mruby-compiler/core/codegen.c of the component nregs Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locall...
CVE-2025-7207 mruby nregs codegen.c scope_new heap-based overflow
A vulnerability, which was classified as problematic, was found in mruby up to 3.4.0-rc2. Affected is the function scopenew of the file mrbgems/mruby-compiler/core/codegen.c of the component nregs Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locall...
CVE-2025-7207
Summary (CVE-2025-7207): A heap-based buffer overflow affects mruby up to 3.4.0-rc2, specifically the function scope_new in file mrbgems/mruby-compiler/core/codegen.c (component nregs Handler). The vulnerability can be triggered locally; an attack requires local access, and the exploit has been d...
CVE-2025-7207
A vulnerability, which was classified as problematic, was found in mruby up to 3.4.0-rc2. Affected is the function scopenew of the file mrbgems/mruby-compiler/core/codegen.c of the component nregs Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locall...
CVE-2025-49703
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally...
CVE-2025-49686
Null pointer dereference in Windows TCP/IP allows an authorized attacker to elevate privileges locally...
CVE-2025-49680
Improper link resolution before file access 'link following' in Windows Performance Recorder allows an authorized attacker to deny service locally...
CVE-2025-49660
Use after free in Windows Event Tracing allows an authorized attacker to elevate privileges locally...
CVE-2025-48820
Improper link resolution before file access 'link following' in Windows AppX Deployment Service allows an authorized attacker to elevate privileges locally...
CVE-2025-47996
Integer underflow wrap or wraparound in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally...
CVE-2025-47987
Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally...
CVE-2025-47982
Improper input validation in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally...
CVE-2025-47985
Untrusted pointer dereference in Windows Event Tracing allows an authorized attacker to elevate privileges locally...
CVE-2025-47159
Protection mechanism failure in Windows Virtualization-Based Security VBS Enclave allows an authorized attacker to elevate privileges locally...
CVE-2025-49732
Technical details about CVE-2025-49732 are not provided in the connected documents. Public information appears limited to the CVE entry and general Microsoft updates; monitor for official advisories for affected products, impact, and fix timing.
CVE-2025-49667
Technical details about CVE-2025-49667 are not publicly provided in the supplied connected and initial documents. Monitor for updates from official advisories; current materials only indicate a local privilege escalation via Win32K ICOMP without specifics.
CVE-2025-48816
Technical details for CVE-2025-48816 (affected components, exploitability, and specific impact) are not provided in the connected documents. Monitor for updates; no public disclosure details are included in the supplied materials.
CVE-2025-48811
CVE-2025-48811 affects Windows Virtualization-Based Security (VBS) Enclave, with the root cause described as missing integrity check in the Enclave. The NCSC advisory lists this CVE as impacting Windows VBS Enclave and notes an ability to obtain increased privileges. The entry indicates that Micr...
CVE-2025-48799
CVE-2025-48799 is an Elevation of Privilege flaw in Windows Update Service (wuauserv) described as: improper link resolution before file access ('link following') can allow an authorized local attacker to elevate to NT AUTHORITY\SYSTEM when Windows 10/11 systems have at least two drives and Stora...