25207 matches found
CVE-2025-59515
Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally...
CVE-2025-59515
Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally...
2025-11 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5068787)
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer...
2025-11 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5068787)
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer...
EUVD-2025-93418
Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally...
CVE-2025-62452
Technical details about CVE-2025-62452 (heap-based buffer overflow in RRAS) are not publicly provided in the supplied documents. The connected KB/MS documents do not specify affected products/versions, exploit details, or mitigations. Monitor for updates.
CVE-2025-59507 Windows Speech Runtime Elevation of Privilege Vulnerability
...
CVE-2025-20065
Uncontrolled search path for some Display Virtualization for Windows OS software before version 1797 within Ring 2: Device Drivers may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of...
CVE-2025-20065
Uncontrolled search path for some Display Virtualization for Windows OS software before version 1797 within Ring 2: Device Drivers may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of...
AWS VDP: AWS Auto Scaling Service Reporting "AWS Internal" for CloudTrail Events Generated from Specific Endpoints
A vulnerability was discovered in the AWS Auto Scaling service, where 6 API endpoints incorrectly reported the user-agent and network information as "AWS Internal" in CloudTrail logs. This allowed the adversary to perform API calls using these endpoints and evade the logging of their IP address a...
EUVD-2025-74038
AXIS Optimizer was vulnerable to an unquoted search path vulnerability, which could potentially lead to privilege escalation within Microsoft Windows operating system. This vulnerability can only be exploited if the attacker has access to the local Windows machine and sufficient access rights...
CVE-2025-10714
AXIS Optimizer was vulnerable to an unquoted search path vulnerability, which could potentially lead to privilege escalation within Microsoft Windows operating system. This vulnerability can only be exploited if the attacker has access to the local Windows machine and sufficient access rights...
CVE-2025-10714
AXIS Optimizer is affected by an unquoted search path vulnerability that could enable privilege escalation on Windows. Exploitation requires local access and administrator rights to write in the AXIS Optimizer installation directory. CVSSv3.1 base metrics indicate a HIGH severity (8.4) with LOCAL...
CVE-2025-42892
Due to an OS Command Injection vulnerability in SAP Business Connector, an authenticated attacker with administrative access and adjacent network access could upload specially crafted content to the server. If processed by the application, this content enables execution of arbitrary operating...
CVE-2025-42894 Path Traversal vulnerability in SAP Business Connector
Due to a Path Traversal vulnerability in SAP Business Connector, an attacker authenticated as an administrator with adjacent access could read, write, overwrite, and delete arbitrary files on the host system. Successful exploitation could enable the attacker to execute arbitrary operating system...
CVE-2025-42894 Path Traversal vulnerability in SAP Business Connector
Due to a Path Traversal vulnerability in SAP Business Connector, an attacker authenticated as an administrator with adjacent access could read, write, overwrite, and delete arbitrary files on the host system. Successful exploitation could enable the attacker to execute arbitrary operating system...
CVE-2025-42892 OS Command Injection vulnerability in SAP Business Connector
Due to an OS Command Injection vulnerability in SAP Business Connector, an authenticated attacker with administrative access and adjacent network access could upload specially crafted content to the server. If processed by the application, this content enables execution of arbitrary operating...
AXIS OS 安全漏洞
AXIS OS is an edge device operating system from Axis Sweden. AXIS OS suffers from a security vulnerability that stems from a symbolic link attack that could lead to elevation of privilege...
Microsoft Windows 资源管理错误漏洞
Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft Corporation USA. A resource management error vulnerability exists in Microsoft Windows. An attacker could exploit this vulnerability to gain elevated privileges. The following products and editions are...
Microsoft Windows Ancillary Function Driver for WinSock 竞争条件问题漏洞
Microsoft Windows Ancillary Function Driver for WinSock is a helper function driver for Winsock from Microsoft Corporation USA. A competitive condition issue vulnerability exists in Microsoft Windows Ancillary Function Driver for WinSock. An attacker could exploit the vulnerability to elevate...