CVE-2025-10213 DLL search path hijacking vulnerability

DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a dxtn.dll file of their choice in the 'C:\Users\AppData\Local\Microsoft\WindowsApps' directory, which could lead to arbitrary...

CVE-2025-53809

Improper input validation in Windows Local Security Authority Subsystem Service LSASS allows an authorized attacker to deny service over a network...

CVE-2024-13972

CVE-2024-13972 affects Sophos Intercept X for Windows updater prior to Core Agent 2024.3.2. The root cause is mishandling of registry permissions that allows a local user to escalate to SYSTEM during a product upgrade. CVSSv3.1 vector: LOCAL, LOW attack complexity, PR: LOW, UI: NONE, Scope: CHANG...

Advantech iView SQL Injection Vulnerability (CNVD-2025-17830)

Advantech iView is a Simple Network Protocol SNMP based software from Advantech, China to manage B + B SmartWorx devices. An SQL injection vulnerability exists in Advantech iView, which can be exploited by an attacker to perform SQL injection and execute code in the context of the 'nt...

CVE-2025-36630 Local Privilege Escalation

In Tenable Nessus versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege...

CVE-2025-36631

CVE-2025-36631 affects Tenable Agent on Windows before version 10.8.5, where a non-administrative user could overwrite arbitrary local system files with content written to logs, executing with SYSTEM privileges (local privilege escalation). The issue is confirmed across multiple sources in the co...

CVE-2025-36633 Local Privilege Escalation

In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could arbitrarily delete local system files with SYSTEM privilege, potentially leading to local privilege escalation...

CVE-2025-33057

Null pointer dereference in Windows Local Security Authority LSA allows an authorized attacker to deny service over a network...

CVE-2025-32724

Uncontrolled resource consumption in Windows Local Security Authority Subsystem Service LSASS allows an unauthorized attacker to deny service over a network...

CVE-2025-32724

Uncontrolled resource consumption in Windows Local Security Authority Subsystem Service LSASS allows an unauthorized attacker to deny service over a network...

CVE-2025-32724

Uncontrolled resource consumption in Windows Local Security Authority Subsystem Service LSASS allows an unauthorized attacker to deny service over a network...

CVE-2025-33056 Windows Local Security Authority (LSA) Denial of Service Vulnerability

...

PT-2025-24836

Name of the Vulnerable Software and Affected Versions Windows Local Security Authority Subsystem Service LSASS affected versions not specified Description The issue concerns uncontrolled resource consumption in the Windows Local Security Authority Subsystem Service LSASS, allowing an unauthorized...

PT-2025-24842 · Microsoft · Windows Local Security Authority +1

Name of the Vulnerable Software and Affected Versions: Windows Local Security Authority LSA affected versions not specified Description: A null pointer dereference issue in the Windows Local Security Authority LSA allows an authorized attacker to cause a denial of service over a network...

KLA84760 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, gain privileges, execute arbitrary code, cause denial of service, spoof user interface. Below is a complete list of...

Windows LAPS

Binary data wmiwindowslaps.nbin...

CVE-2025-5265

Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This bug only affects Firefox for Windows. Other versions of Firefox are unaffected.. Th...

CVE-2025-5265 Potential local code execution in “Copy as cURL” command

Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This bug only affects Firefox for Windows. Other versions of Firefox are unaffected.. Th...

CVE-2025-35471

conda-forge openssl-feedstock before 066e83c 2024-05-20, on Microsoft Windows, configures OpenSSL to use an OPENSSLDIR file path that can be written to by non-privilged local users. By writing a specially crafted openssl.cnf file in OPENSSLDIR, a non-privileged local user can execute arbitrary co...

CVE-2025-30408

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent Windows before build 39904, Acronis Cyber Protect 16 Windows before build 39938...