CVE-2025-35968

Protection mechanism failure in the UEFI firmware for the Slim Bootloader within firmware may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via...

CVE-2025-24848

Intel CIP software prior to WIN_DCA_2.4.0.11001 suffers a protection mechanism failure in Ring 3 (User Applications) that may allow an Elevation of Privilege by a local attacker with privileged user context and high attack complexity. Affected products are Intel® CIP software before WIN_DCA_2.4.0...

CVE-2025-24848

Protection mechanism failure for some IntelR CIP software before version WINDCA2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This...

CVE-2025-24834

Intel CIP software prior to WIN_DCA_2.4.0.11001 contains a protection mechanism failure in Ring 3: User Applications, which may allow information disclosure. An unprivileged, unauthenticated user with low-complexity attack could exposure data via adjacent access. Affected products: Intel CIP soft...

CVE-2025-24834

Protection mechanism failure for some IntelR CIP software before version WINDCA2.4.0.11001 within Ring 3: User Applications may allow an information disclosure. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable data exposure. This result...

CVE-2025-10905

Collision in MiniFilter driver in Avast Software Avast Free Antivirus before 25.9 on Windows allows a local attacker with administrative privileges to disable real-time protection and self-defense mechanisms...

CVE-2025-10905 Collision in minifilter driver of Avast Free Antivirus results in disabling of real-time protection

Collision in MiniFilter driver in Avast Software Avast Free Antivirus before 25.9 on Windows allows a local attacker with administrative privileges to disable real-time protection and self-defense mechanisms...

CVE-2025-10905 Collision in minifilter driver of Avast Free Antivirus results in disabling of real-time protection

Collision in MiniFilter driver in Avast Software Avast Free Antivirus before 25.9 on Windows allows a local attacker with administrative privileges to disable real-time protection and self-defense mechanisms...

CVE-2025-10905

Affected software: Avast Free Antivirus (Gen Digital). Vulnerable component: MiniFilter driver. Description across connected sources indicates a collision in the MiniFilter driver prior to Avast Free Antivirus 25.9 on Windows. Impact: local attacker with administrative privileges can disable real...

kernel: ipv6: use RCU protection in ip6_default_advmss()

In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU protection in ip6defaultadvmss ip6defaultadvmss needs rcu protection to make sure the net structure it reads does not disappear...

kernel: ipv6: use RCU protection in ip6_default_advmss()

In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU protection in ip6defaultadvmss ip6defaultadvmss needs rcu protection to make sure the net structure it reads does not disappear...

kernel: ipvlan: Fix use-after-free in ipvlan_get_iflink().

In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix use-after-free in ipvlangetiflink. syzbot presented an use-after-free report 0 regarding ipvlan and linkwatch. ipvlan does not hold a refcnt of the lower device unlike vlan and macvlan. If the linkwatch work is...

kernel: openvswitch: use RCU protection in ovs_vport_cmd_fill_info()

In the Linux kernel, the following vulnerability has been resolved: openvswitch: use RCU protection in ovsvportcmdfillinfo ovsvportcmdfillinfo can be called without RTNL or RCU. Use RCU protection and devnetrcu to avoid potential UAF...

Windows Administrator Protection Elevation of Privilege Vulnerability

Untrusted search path in Windows Administrator Protection allows an authorized attacker to elevate privileges locally...

Windows Administrator Protection Elevation of Privilege Vulnerability

Privilege context switching error in Windows Administrator Protection allows an authorized attacker to elevate privileges locally...

CVE-2025-63710

The sendmessage.php endpoint in SourceCodester Simple Public Chat Room 1.0 is vulnerable to Cross-Site Request Forgery CSRF. The application does not implement any CSRF-protection mechanisms such as tokens, nonces, or same-site cookie restrictions. An attacker can create a malicious HTML page tha...

Intel NPU Driver for Linux 安全漏洞

Intel NPU Driver for Linux is a neural processing unit driver from Intel Corporation USA. A security vulnerability exists in Intel NPU Driver for Linux, which stems from a protection mechanism failure that could lead to a denial of service attack...

Microsoft Windows 安全漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft Corporation USA. A security vulnerability exists in Microsoft Windows Administrator Protection. An attacker could exploit this vulnerability to gain elevated privileges. The following products and version...

WordPress Plugin KiotViet Sync Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin KiotViet Sync, which ste...

PT-2025-46479

Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description An issue exists in Windows Administrator Protection related to an untrusted search path. This allows an authorized attacker to elevate privileges locally. Approximately 1 billion devices...