CVE-2025-6119 Open Asset Import Library Assimp BVHLoader.cpp ReadNodeChannels use after free

A vulnerability classified as critical has been found in Open Asset Import Library Assimp up to 5.4.3. Affected is the function Assimp::BVHLoader::ReadNodeChannels in the library assimp/code/AssetLib/BVH/BVHLoader.cpp. The manipulation of the argument pNode leads to use after free. Attacking...

CVE-2025-6119 Open Asset Import Library Assimp BVHLoader.cpp ReadNodeChannels use after free

A vulnerability classified as critical has been found in Open Asset Import Library Assimp up to 5.4.3. Affected is the function Assimp::BVHLoader::ReadNodeChannels in the library assimp/code/AssetLib/BVH/BVHLoader.cpp. The manipulation of the argument pNode leads to use after free. Attacking...

CVE-2025-33062

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally...

CVE-2025-32720

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally...

CVE-2025-32714

Improper access control in Windows Installer allows an authorized attacker to elevate privileges locally...

CVE-2025-33067

Improper privilege management in Windows Kernel allows an unauthorized attacker to elevate privileges locally...

CVE-2025-35978

Improper restriction of communication channel to intended endpoints issue exists in UpdateNavi V1.4 L10 to L33 and UpdateNaviInstallService Service 1.2.0091 to 1.2.0125. If a local authenticated attacker send malicious data, an arbitrary registry value may be modified or arbitrary code may be...

CVE-2025-47962

Improper access control in Windows SDK allows an authorized attacker to elevate privileges locally...

CVE-2025-47956

External control of file name or path in Windows Security App allows an authorized attacker to perform spoofing locally...

CVE-2025-33067

Improper privilege management in Windows Kernel allows an unauthorized attacker to elevate privileges locally...

CVE-2025-32718

Integer overflow or wraparound in Windows SMB allows an authorized attacker to elevate privileges locally...

CVE-2025-32718

Integer overflow or wraparound in Windows SMB allows an authorized attacker to elevate privileges locally...

CVE-2025-32713

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally...

CVE-2025-32712

Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally...

CVE-2025-24065

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally...

Windows SDK Elevation of Privilege Vulnerability

Improper access control in Windows SDK allows an authorized attacker to elevate privileges locally...

Windows Storage Management Provider Information Disclosure Vulnerability

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally...

Windows Recovery Driver Elevation of Privilege Vulnerability

Improper link resolution before file access 'link following' in Windows Recovery Driver allows an authorized attacker to elevate privileges locally...

PT-2025-24664 · Ivanti · Ivanti Workspace Control

Name of the Vulnerable Software and Affected Versions: Ivanti Workspace Control versions prior to 10.19.0.0 Description: A hardcoded key in the software allows a local authenticated attacker to decrypt stored SQL credentials. Recommendations: For versions prior to 10.19.0.0, update to version...

PT-2025-24863

Name of the Vulnerable Software and Affected Versions Microsoft Office affected versions not specified Description The issue is related to a use after free condition in Microsoft Office, allowing an unauthorized attacker to execute code locally. This can enable remote attackers to execute arbitra...