4829 matches found
CVE-2025-2308
CVE-2025-2308 affects HDF5 1.14.6, specifically the H5Z__scaleoffset_decompress_one_byte function in the Scale-Offset Filter. The cited issue is a heap-based buffer overflow exploitable via local access; disclosure indicates public exploits and local attack requirements. Several trusted sources (...
CVE-2025-21199
Improper privilege management in Azure Agent Installer allows an authorized attacker to elevate privileges locally...
PT-2025-11304
Name of the Vulnerable Software and Affected Versions HDF5 version 1.14.6 Description A critical vulnerability was found in HDF5, affecting the function H5Z scaleoffset decompress one byte of the component Scale-Offset Filter. The manipulation leads to heap-based buffer overflow. An attack must b...
CVE-2025-24066
Heap-based buffer overflow in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally...
CVE-2025-24076
Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally...
X.Org Server CreatePointerBarrierClient Out-Of-Bounds Write Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of disable...
Odyssey CMS 加密问题漏洞
Odyssey CMS is a content management system from Odyssey, Inc. An encryption issue vulnerability exists in Odyssey CMS version 10.34 and earlier, which stems from the fact that incorrect operation of the parameter g-recaptcha-response can lead to a key management error, which could lead to a local...
CVE-2025-25008
Improper link resolution before file access 'link following' in Microsoft Windows allows an authorized attacker to elevate privileges locally...
CVE-2025-26627
Improper neutralization of special elements used in a command 'command injection' in Azure Arc allows an authorized attacker to elevate privileges locally...
CVE-2025-24991
Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally...
CVE-2025-24076
Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally...
CVE-2025-24059
Incorrect conversion between numeric types in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally...
CVE-2025-24046
Use after free in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally...
CVE-2025-24044
Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally...
CVE-2025-26631
CVE-2025-26631 affects Visual Studio Code and is described as an Uncontrolled search path element that can allow an authorized, local attacker to escalate privileges. Connected sources (e.g., Nessus plugin for Microsoft Visual Studio Code security update) note that the issue affects installations...
CVE-2025-24991
CVE-2025-24991 is an NTFS out-of-bounds read vulnerability in Windows that can disclose local information after mounting a malicious VHD. Exploitation requires local access and user interaction (per CVSS) or mounting a crafted disk image (per patch-cycle reporting). Microsoft has issued updates; ...
CVE-2025-24076
CVE-2025-24076 affects the Windows Cross Device Service, enabling local privilege escalation via improper access control. Public material confirms a local, low-privilege attacker can escalate to SYSTEM by exploiting DLL handling in the Cross Device Service (e.g., by replacing CrossDevice.Streamin...
CVE-2025-24067
CVE-2025-24067 is described in the connected documents as a heap-based buffer overflow in the Microsoft Streaming Service Driver that allows an authenticated, local attacker to elevate privileges. The vulnerability concerns the Windows kernel streaming service component and is listed with a high ...
CVE-2025-24066
CVE-2025-24066 is a local privilege escalation in Windows Kernel-Mode Drivers caused by a heap-based buffer overflow in the kernel streaming service driver. The impact is increased privileges (local), with the vulnerability exploitable only locally. Microsoft has released updates addressing this ...
CVE-2025-25008
CVE-2025-25008 describes an elevation-of-privilege in Windows due to improper link resolution before file access (link following). An authorized, local attacker could exploit this to gain higher privileges. CVSSv3.1 base score is 7.1 (High); attack vector LOCAL; privileges required LOW; user inte...