Defense at AI speed: Microsoft’s new multi-model agentic security system tops leading industry benchmark

In this article 1. AI-powered vulnerability discovery at hyper-scale 2. Codename: MDASH—Microsoft Security’s new multi-model agentic scanning harness 3. Using codename MDASH for security research 4. The 5.12.2026 Patch Tuesday cohort 5. Two deep dives 1. CVE-2026-33827—Remote unauthenticated UAF ...

CVE-2025-59683

Pexip Infinity 15.0 through 38.0 before 38.1 has Improper Access Control in the Secure Scheduler for Exchange service, when used with Office 365 Legacy Exchange Tokens. This allows a remote attacker to read potentially sensitive data and excessively consume resources, leading to a denial of servi...

EUVD-2025-205370

Pexip Infinity 15.0 through 38.0 before 38.1 has Improper Access Control in the Secure Scheduler for Exchange service, when used with Office 365 Legacy Exchange Tokens. This allows a remote attacker to read potentially sensitive data and excessively consume resources, leading to a denial of servi...

CVE-2025-59683

Pexip Infinity 15.0 through 38.0 before 38.1 has Improper Access Control in the Secure Scheduler for Exchange service, when used with Office 365 Legacy Exchange Tokens. This allows a remote attacker to read potentially sensitive data and excessively consume resources, leading to a denial of servi...

CVE-2025-59683

Pexip Infinity 15.0 through 38.0 before 38.1 has Improper Access Control in the Secure Scheduler for Exchange service, when used with Office 365 Legacy Exchange Tokens. This allows a remote attacker to read potentially sensitive data and excessively consume resources, leading to a denial of servi...

CVE-2023-53946

Arcsoft PhotoStudio 6.0.0.172 contains an unquoted service path vulnerability in the ArcSoft Exchange Service that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted path and trigger the service to execute arbitrary code with system-level...

CVE-2023-53946

Arcsoft PhotoStudio 6.0.0.172 contains an unquoted service path vulnerability in the ArcSoft Exchange Service that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted path and trigger the service to execute arbitrary code with system-level...

CVE-2023-53946

Affected software: Arcsoft PhotoStudio 6.0.0.172. Vulnerability: unquoted service path in the ArcSoft Exchange Service that can be exploited by local attackers to escalate privileges by placing a malicious executable in the unquoted path, triggering code execution with system-level permissions. I...

CVE-2023-53946 Arcsoft PhotoStudio 6.0.0.172 Unquoted Service Path Privilege Escalation

Arcsoft PhotoStudio 6.0.0.172 contains an unquoted service path vulnerability in the ArcSoft Exchange Service that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted path and trigger the service to execute arbitrary code with system-level...

EUVD-2025-204607

Arcsoft PhotoStudio 6.0.0.172 contains an unquoted service path vulnerability in the ArcSoft Exchange Service that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted path and trigger the service to execute arbitrary code with system-level...

Arcsoft PhotoStudio 代码问题漏洞

Arcsoft PhotoStudio is an image editing software from China's Arcsoft Corporation. A code issue vulnerability exists in Arcsoft PhotoStudio version 6.0.0.172, which stems from the presence of unquoted service paths to the ArcSoft Exchange Service, which could lead to elevation of privilege...

PT-2025-52517

Name of the Vulnerable Software and Affected Versions Arcsoft PhotoStudio version 6.0.0.172 Description Arcsoft PhotoStudio 6.0.0.172 contains an unquoted service path vulnerability within the ArcSoft Exchange Service. This allows local attackers to potentially escalate privileges. Specifically,...

Description of the security update for Microsoft Exchange Server 2013: March 8, 2022 (KB5010324)

Description of the security update for Microsoft Exchange Server 2013: March 8, 2022 KB5010324 This security update rollup resolves vulnerabilities in Microsoft Exchange Server. To learn more about these vulnerabilities, see the following Common Vulnerabilities and Exposures CVE:CVE-2022-23277 |...

The vulnerability of the Windows operating system’s buffer exchange service allows attackers to escalate their privileges.

The vulnerability of the Windows operating system’s buffer exchange service is related to insecure management of privileges. Exploiting this vulnerability can allow an attacker to increase their privileges...

The vulnerability of the MOBIKE microprogramming-based key exchange service provided by Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense allows a attacker to trigger a memory leak or restart of the vulnerable device.

The vulnerability of the MOBIKE microprogramming-based key exchange service of Cisco Adaptive Security Appliances and Cisco Firepower Threat Defense is related to resource release errors. Exploiting this vulnerability can allow a malicious actor to trigger memory leaks or restart the vulnerable...

The vulnerability of the Microsoft Team Foundation Server software, related to errors in the authentication process, allows a violator to execute arbitrary commands.

The vulnerability of the Microsoft Team Foundation Server TFS exists due to the lack of basic authentication when exchanging data between the software platform and the search service. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

F*EX 20111129-2 Cross Site Scripting Vulnerability

------------------------------------------------------------------------ FEX 20111129-2 Cross Site Scripting Vulnerability ------------------------------------------------------------------------ title.............: FEX 20111129-2 Cross Site Scripting Vulnerabilities author............: muuratsal...