21767 matches found
Windows Recovery Driver Elevation of Privilege Vulnerability
Improper link resolution before file access 'link following' in Windows Recovery Driver allows an authorized attacker to elevate privileges locally...
Windows Storage Management Provider Information Disclosure Vulnerability
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally...
Windows SMB Client Elevation of Privilege Vulnerability
Integer overflow or wraparound in Windows SMB allows an authorized attacker to elevate privileges locally...
Win32k Elevation of Privilege Vulnerability
Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally...
Windows Schannel Remote Code Execution Vulnerability
Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a network...
.NET and Visual Studio Remote Code Execution Vulnerability
Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network...
Remote Desktop Protocol Client Information Disclosure Vulnerability
Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network...
Windows Remote Desktop Services Remote Code Execution Vulnerability
Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network...
Power Automate Elevation of Privilege Vulnerability
Exposure of sensitive information to an unauthorized actor in Power Automate allows an unauthorized attacker to elevate privileges over a network...
Chromium: CVE-2025-5068 Use after free in Blink
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2025-5419 Out of bounds read and write in V8
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. Google is aware that an exploit for CVE-2025-5419 exists in the wild...
setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write
...
Chromium: CVE-2025-5066 Inappropriate implementation in Messages
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2025-5067 Inappropriate implementation in Tab Strip
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2025-5283 Use after free in libvpx
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2025-5281 Inappropriate implementation in BFCache
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2025-5065 Inappropriate implementation in FileSystemAccess API
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2025-5064 Inappropriate implementation in Background Fetch API
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2025-5280 Out of bounds write in V8
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2025-5063 Use after free in Compositing
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Helm Allows A Specially Crafted JSON Schema To Cause A Stack Overflow
...
Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination
...
Libsoup: heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space()
...
Rpm-ostree: world-readable /etc/shadow file
...
Integer overflow in PeCoffLoaderRelocateImage
...
Secrets leakage to telemetry endpoint via cache backend configuration via buildx
...
A memory leak issue discovered in YASM v.1.3.0 allows a local attacker to cause a denial of service via the new_Token function in the modules/preprocs/nasm/nasm-pp:1512.
...
An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c mishandles the situation where a guest writes NumVFs greater than TotalVFs, leading to a buffer overflow in VF implementations.
...
An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c does not set NumVFs to PCI_SRIOV_TOTAL_VF, and thus interaction with hw/nvme/ctrl.c is mishandled.
...
PyTorch torch.mkldnn_max_pool2d denial of service
...
Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm/intnum.c and /elf/elf.c, which allows the attacker to cause a denial of service via a crafted file.
...
iniparser v4.1 is vulnerable to NULL Pointer Dereference in function iniparser_getlongint which misses check NULL for function iniparser_getstring's return.
...
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.
...
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
...
Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability
Improper link resolution before file access 'link following' in Microsoft Edge Chromium-based allows an authorized attacker to elevate privileges locally...
Chromium: CVE-2025-4609 Incorrect handle provided in unspecified circumstances in Mojo
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2025-4664 Insufficient policy enforcement in Loader
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. Google is aware of reports that an exploit for CVE-2025-4664 exists in the wild...
Pcp: pmpost symlink attack allows escalating pcp to root user
...
A Stack Buffer Overflow vulnerability in zziplibv 0.13.77 allows attackers to cause a denial of service via the __zzip_fetch_disk_trailer() function at /zzip/zip.c.
...
NULL pointer dereference on specially crafted HTTP/2 request
...
Microsoft Defender for Endpoint Elevation of Privilege Vulnerability
Improper access control in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally...
Pcp: pmcd heap corruption through metric pmstore operations
...
An issue was discovered in function zzip_disk_entry_to_file_header in mmapped.c in zziplib 0.13.69, which will lead to a denial-of-service.
...
OptiPNG v0.7.7 was discovered to contain a global buffer overflow via the 'buffer' variable at gifread.c.
...
A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library), versions 2.5 and 2.6. Processing a maliciously crafted input data for gsl_stats_quantile_from_sorted_data of the library may lead to unexpected application termination or arbitrary code execution.
...
Opencryptoki: timing side-channel in handling of rsa pkcs#1 v1.5 padded ciphertexts (marvin)
...
Regular Expression Denial of Service (ReDoS)
...
Heap Buffer Overflow vulnerability in zziplib v0.13.77 allows attackers to cause a denial of service via the __zzip_parse_root_directory() function at /zzip/zip.c.
...
CVE-2019-13045
...
CVE-2017-5974
...