22096 matches found
GitHub: CVE-2025-27614 Gitk Arbitrary Code Execution Vulnerability
CVE-2025-27614 is regarding a vulnerability in Gitk where a Git repository can be crafted in such a way that a user who has cloned the repository can be tricked into running any script supplied by the attacker by invoking gitk filename, where filename has a particular structure. GitHub created th...
Windows Input Method Editor (IME) Elevation of Privilege Vulnerability
Out-of-bounds read in Microsoft Input Method Editor IME allows an authorized attacker to elevate privileges locally...
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network...
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network...
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network...
Windows Event Tracing Elevation of Privilege Vulnerability
Untrusted pointer dereference in Windows Event Tracing allows an authorized attacker to elevate privileges locally...
Windows Virtualization-Based Security (VBS) Elevation of Privilege Vulnerability
Missing support for integrity check in Windows Virtualization-Based Security VBS Enclave allows an authorized attacker to elevate privileges locally...
Microsoft PC Manager Elevation of Privilege Vulnerability
Improper link resolution before file access 'link following' in Microsoft PC Manager allows an authorized attacker to elevate privileges locally...
Windows Notification Elevation of Privilege Vulnerability
Use after free in Windows Notification allows an authorized attacker to elevate privileges locally...
Microsoft SharePoint Remote Code Execution Vulnerability
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...
Microsoft Office Remote Code Execution Vulnerability
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally...
Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability
Use after free in Windows Universal Plug and Play UPnP Device Host allows an authorized attacker to elevate privileges over an adjacent network...
Remote Desktop Client Remote Code Execution Vulnerability
Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network...
Windows Connected Devices Platform Service Elevation of Privilege Vulnerability
Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally...
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network...
Windows Imaging Component Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Imaging Component allows an unauthorized attacker to disclose information locally...
Windows Storage VSP Driver Elevation of Privilege Vulnerability
Improper input validation in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally...
Microsoft Configuration Manager Remote Code Execution Vulnerability
Improper neutralization of special elements used in an sql command 'sql injection' in Microsoft Configuration Manager allows an authorized attacker to execute code over an adjacent network...
GitHub: CVE-2025-48386 Git Credential Helper Vulnerability
CVE-2025-48386 is regarding a vulnerability in Git where the wincred credential helper uses a static buffer target as a unique key for storing and comparing against internal storage. This credential helper does not properly bounds check the available space remaining in the buffer before appending...
Windows Miracast Wireless Display Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over an adjacent network...
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network...
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network...
Windows Graphics Component Elevation of Privilege Vulnerability
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally...
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network...
Windows Print Spooler Denial of Service Vulnerability
Uncontrolled resource consumption in Windows Print Spooler Components allows an authorized attacker to deny service over an adjacent network...
Microsoft Office Remote Code Execution Vulnerability
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally...
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network...
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally...
Windows AppX Deployment Service Elevation of Privilege Vulnerability
Improper link resolution before file access 'link following' in Windows AppX Deployment Service allows an authorized attacker to elevate privileges locally...
Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability
Sensitive data storage in improperly locked memory in Windows Universal Plug and Play UPnP Device Host allows an authorized attacker to elevate privileges over an adjacent network...
Windows BitLocker Security Feature Bypass Vulnerability
Time-of-check time-of-use toctou race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack...
Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability
Access of resource using incompatible type 'type confusion' in Windows SSDP Service allows an authorized attacker to elevate privileges locally...
Remote Desktop Licensing Service Security Feature Bypass Vulnerability
Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an unauthorized attacker to bypass a security feature over a network...
HID Class Driver Elevation of Privilege Vulnerability
Integer overflow or wraparound in HID class driver allows an authorized attacker to elevate privileges locally...
Windows Secure Kernel Mode Information Disclosure Vulnerability
Processor optimization removal or modification of security-critical code in Windows Secure Kernel Mode allows an authorized attacker to disclose information locally...
Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
Missing support for integrity check in Windows Virtualization-Based Security VBS Enclave allows an authorized attacker to elevate privileges locally...
Windows Secure Kernel Mode Information Disclosure Vulnerability
Processor optimization removal or modification of security-critical code in Windows Kernel allows an authorized attacker to disclose information locally...
Windows Kerberos Denial of Service Vulnerability
Out-of-bounds read in Windows Kerberos allows an authorized attacker to deny service over a network...
Windows StateRepository API Server file Tampering Vulnerability
Missing authorization in Windows StateRepository API allows an authorized attacker to perform tampering locally...
GitHub: CVE-2025-48384 Git Symlink Vulnerability
CVE-2025-48384 is regarding a vulnerability in Git where when reading a config value, Git strips any trailing carriage return and line feed CRLF. When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a...
Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization 'race condition' in Capability Access Management Service camsvc allows an unauthorized attacker to elevate privileges locally...
Azure Service Fabric Runtime Elevation of Privilege Vulnerability
Improper link resolution before file access 'link following' in Service Fabric allows an authorized attacker to elevate privileges locally...
AMD: CVE-2024-36357 Transient Scheduler Attack in L1 Data Queue
The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protecti...
Windows Graphics Component Remote Code Execution Vulnerability
Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to execute code locally...
Microsoft Windows QoS Scheduler Driver Elevation of Privilege Vulnerability
Time-of-check time-of-use toctou race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally...
Microsoft SQL Server Information Disclosure Vulnerability
Use of uninitialized resource in SQL Server allows an unauthorized attacker to disclose information over a network...
Microsoft SharePoint Remote Code Execution Vulnerability
Improper control of generation of code 'code injection' in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...
Microsoft Word Remote Code Execution Vulnerability
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally...
Microsoft Office Remote Code Execution Vulnerability
Access of resource using incompatible type 'type confusion' in Microsoft Office allows an unauthorized attacker to execute code locally...
Microsoft Word Remote Code Execution Vulnerability
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally...