HTTP Request Smuggling

Overview Microsoft.AspNetCore.App.Runtime.win-arm64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to HTTP Request Smuggling via the interpretation of...

HTTP Request Smuggling

Overview Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to HTTP Request Smuggling via the interpretation ...

HTTP Request Smuggling

Overview Microsoft.AspNetCore.App.Runtime.linux-arm64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to HTTP Request Smuggling via the interpretation of...

CVE-2025-58716 Windows Speech Runtime Elevation of Privilege Vulnerability

...

CVE-2025-58716 Windows Speech Runtime Elevation of Privilege Vulnerability

...

CVE-2025-58716

CVE-2025-58716 affects Microsoft Windows Speech and is caused by improper input validation, enabling an authorized attacker to perform local privilege escalation. The CVE is documented with a CVSS v3.1 base score of 8.8 (High) and LOCAL attack vector, requiring LOW privileges and no user interact...

CVE-2025-58715 Windows Speech Runtime Elevation of Privilege Vulnerability

...

CVE-2025-58715 Windows Speech Runtime Elevation of Privilege Vulnerability

...

CVE-2025-58715

CVE-2025-58715 is a Windows Speech vulnerability where an integer overflow/wraparound in the Windows Speech component could enable an authorized, local attacker to elevate privileges. The provided materials identify the affected component as Microsoft Windows Speech and the impact as local privil...

Windows Speech Runtime Elevation of Privilege Vulnerability

Improper input validation in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally...

Windows Speech Runtime Elevation of Privilege Vulnerability

Integer overflow or wraparound in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally...

CVE-2025-11498

An Improper Neutralization of Formula Elements in a CSV File vulnerability exists in System Diagnostics Manager SDM of B&R Automation Runtime versions before 6.4 enabling a remote attacker to inject formula data into a generated CSV file. The exploitation of this vulnerability requires the attack...

CVE-2025-11498 CSV Formula Injection Vulnerability

An Improper Neutralization of Formula Elements in a CSV File vulnerability exists in System Diagnostics Manager SDM of B&R Automation Runtime versions before 6.4 enabling a remote attacker to inject formula data into a generated CSV file. The exploitation of this vulnerability requires the attack...

CVE-2025-11498 CSV Formula Injection Vulnerability

An Improper Neutralization of Formula Elements in a CSV File vulnerability exists in System Diagnostics Manager SDM of B&R Automation Runtime versions before 6.4 enabling a remote attacker to inject formula data into a generated CSV file. The exploitation of this vulnerability requires the attack...

CVE-2025-11498

CVE-2025-11498 affects the System Diagnostics Manager (SDM) component of B&R Automation Runtime before 6.4. The issue is an Improper Neutralization of Formula Elements in a CSV File, allowing a remote attacker to inject formula data into a generated CSV. Exploitation requires the attacker to craf...

B&R Automation Runtime 安全漏洞

B&R Automation Runtime is an automation runtime from B&R Automation. A security vulnerability exists in B&R Automation Runtime versions prior to 6.4 that stems from improper neutralization of formula elements in a CSV file, which could allow a remote attacker to inject formula data...

Microsoft Windows 输入验证错误漏洞

Microsoft Windows is a suite of operating systems used by Microsoft Corporation USA for personal devices. An input validation error vulnerability exists in Microsoft Windows Speech Runtime, which stems from a vulnerability that can be exploited by an attacker to elevate privileges...

Medium: cuda-runtime-12-9

Issue Overview: NVIDIA nvJPEG library contains a vulnerability where an attacker can cause an out-of-bounds read by means of a specially crafted JPEG file. A successful exploit of this vulnerability might lead to information disclosure or denial of service. CVE-2025-23272 Affected Packages:...

Microsoft Windows DirectX 代码问题漏洞

Microsoft Windows DirectX is a DirectX end-user runtime Web installer from Microsoft Corporation USA. A code issue vulnerability exists in Microsoft Windows DirectX, which can be exploited by an attacker to cause a denial of service on a system...

Ash Framework: Filter authorization misapplies impossible bypass/runtime policies

Summary When using filter authorization, two edge cases could cause the policy compiler/authorizer to generate a permissive filter: 1. Bypass policies whose condition can never pass at runtime were compiled as ORANDcondition, compiledpolicies, NOTcondition. If the condition could never be true at...