CVE-2025-26679

Use after free in RPC Endpoint Mapper Service allows an authorized attacker to elevate privileges locally...

CVE-2025-26679

Use after free in RPC Endpoint Mapper Service allows an authorized attacker to elevate privileges locally...

CVE-2025-26679 RPC Endpoint Mapper Service Elevation of Privilege Vulnerability

...

CVE-2025-26679

CVE-2025-26679 is described as a use-after-free in the RPC Endpoint Mapper Service that allows a locally authenticated attacker to escalate privileges. Connected sources corroborate its existence and categorize the impact as a privilege-escalation flaw within Windows’ RPC Endpoint Mapper componen...

CVE-2025-26679 RPC Endpoint Mapper Service Elevation of Privilege Vulnerability

...

RPC Endpoint Mapper Service Elevation of Privilege Vulnerability

Use after free in RPC Endpoint Mapper Service allows an authorized attacker to elevate privileges locally...

PT-2025-15520 · Microsoft · Windows Rpc Endpoint Mapper Service +1

Name of the Vulnerable Software and Affected Versions: Windows RPC Endpoint Mapper Service affected versions not specified Description: The issue is related to a use after free vulnerability in the RPC Endpoint Mapper Service, which allows an authorized attacker to elevate privileges locally. Thi...

CLSA-2025-1742472545 kernel: Fix of 9 CVEs

USB: serial: ioedgeport: fix use after free in debug printk CVE-2024-50267 - HID: core: zero-initialize the report buffer CVE-2024-50302 - dm cache: fix potential out-of-bounds access on the first resume CVE-2024-50278 - dm cache: fix out-of-bounds access to the dirty bitset when resizing...

CVE-2025-25590

yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the component /mapper/xml/AddressDao.xml...

CVE-2025-25580

yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the listNameBySql method at /xml/UserMapper.xml...

device-mapper-multipath bug fix and enhancement update

An update is available for device-mapper-multipath. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the...

Creating Scripts to Identify Vulnerable Proxy Servers

This whitepaper covers how to create Nmap scripts to identify banners and versions of proxy servers. It also covers methods to mitigate the public visibility of banners and version information on proxy servers. Written in Portuguese...

Creating Scripts to Identify Vulnerable FTPs

This whitepaper covers how to create Nmap scripts to identify banners and versions of FTP servers. It also covers methods to mitigate the public visibility of banners and version information on FTP servers. Written in Portuguese...

GHSA-GVGG-2R3R-53X7 Improper Authorization in Keycloak Organization Mapper Allows Unauthorized Organization Claims

This vulnerability is caused by the improper mapping of users to organizations based solely on email/username patterns. The issue is limited to the token claim level, meaning the user is not truly added to the organization but may appear as such in applications relying on these claims. The risk...

keycloak-services: Improper Authorization in Keycloak Organization Mapper Allows Unauthorized Organization Claims

A flaw was found in the Keycloak organization feature, which allows the incorrect assignment of an organization to a user if their username or email matches the organization’s domain pattern. This issue occurs at the mapper level, leading to misrepresentation in tokens. If an application relies o...

Linux Distros Unpatched Vulnerability : CVE-2024-57929

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dm array: fix releasing a faulty array block twice in dmarraycursorend When dmbmreadlock fails due to locking or checksum errors, it releases the faulty block...

Linux Distros Unpatched Vulnerability : CVE-2021-47498

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dm rq: don't queue request to blk-mq during DM suspend DM uses blk-mq's quiesce/unquiesce to stop/start device mapper queue. But blk-mq's unquiesce may come fro...

CVE-2025-1958

A vulnerability, which was classified as critical, has been found in aaluoxiang oasystem 1.0. This issue affects some unknown processing of the file src/main/resources/mappers/address-mapper.xml. The manipulation of the argument outtype leads to sql injection. The attack may be initiated remotely...

CVE-2025-1843

A vulnerability, which was classified as critical, has been found in Mini-Tmall up to 20250211. This issue affects the function select of the file com/xq/tmall/dao/ProductMapper.java. The manipulation of the argument orderBy leads to sql injection. The attack may be initiated remotely. The exploi...

SUSE CVE-2022-49270

In the Linux kernel, the following vulnerability has been resolved: dm: fix use-after-free in dmcleanupzoneddev dmcleanupzoneddev uses queue, so it must be called before blkcleanupdisk starts its killing: blkcleanupdisk-blkcleanupqueue-kobjectput-blkreleasequeue-...