Lucene search
K
ZdiMost viewed

16763 matches found

Zero Day Initiative
Zero Day Initiative
•added 2023/05/04 12:0 a.m.•35 views

D-Link DAP-1360 Multiple Parameters Stack-Based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /cgi-bin/webproc endpoint. When parsing the errorpage and nextpage...

8.8CVSS7.4AI score0.01101EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/05/04 12:0 a.m.•35 views

D-Link DIR-2640 DestNetwork Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handli...

6.8CVSS7.5AI score0.01796EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/05/04 12:0 a.m.•35 views

D-Link DAP-1360 webproc var:sys_Token Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling requests to the /cgi-bin/webproc endpoint. When parsing t...

7.5CVSS7.4AI score0.00913EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/05/01 12:0 a.m.•35 views

Foxit PDF Editor XLS File Parsing Exposed Dangerous Method Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XL...

7.8CVSS6.9AI score0.00538EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/05/01 12:0 a.m.•35 views

(Pwn2Own) VMware Workstation UHCI Component Uninitialized Variable Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

6CVSS6.9AI score0.00375EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/05/01 12:0 a.m.•35 views

(Pwn2Own) NETGEAR RAX30 libcms_cli Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the libcmscl...

8CVSS7.6AI score0.01371EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/04/24 12:0 a.m.•35 views

Microsoft Excel 3MF File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3MF...

7.8CVSS7.7AI score0.00784EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/04/14 12:0 a.m.•35 views

(Pwn2Own) Sonos One Speaker msprox Endpoint Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos One Speaker. Authentication is not required to exploit this vulnerability. The specific flaw exists within the msprox endpoint. The issue results from the lack of proper...

5.4CVSS6.1AI score0.0063EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/04/13 12:0 a.m.•35 views

Linux Kernel udmabuf Improper Validation of Array Index Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within a fault handler. The...

8.2CVSS7.6AI score0.01013EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
•added 2023/03/31 12:0 a.m.•35 views

Microsoft 3D Builder GLTF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

3.3CVSS6.7AI score0.00939EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/03/16 12:0 a.m.•35 views

Siemens Tecnomatix Plant Simulation SPP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists withi...

7.8CVSS7.6AI score0.00223EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/03/07 12:0 a.m.•35 views

Omron CX-One CXP File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CXP...

7.8CVSS5.2AI score0.00564EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/02/24 12:0 a.m.•35 views

Oracle WebRTC Session Controller parseCert Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle WebRTC Session Controller. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parseCert function. The issue results from the lack of proper...

9.8CVSS9.2AI score0.00839EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/02/09 12:0 a.m.•35 views

VMware vRealize Log Insight getConfig Missing Authentication for Critical Function Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose information on affected installations of VMware vRealize Log Insight. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getConfig function. The issue results from the lack of authentication prio...

7.5CVSS1.7AI score0.21657EPSS
Exploits3References1
Zero Day Initiative
Zero Day Initiative
•added 2023/01/18 12:0 a.m.•35 views

Microsoft Word SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP...

7.8CVSS5.3AI score0.00824EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/01/18 12:0 a.m.•35 views

Microsoft 3D Builder WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing o...

5.3CVSS7.6AI score0.00929EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/12/15 12:0 a.m.•35 views

Microsoft Office Visio DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Visio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing...

7.8CVSS5.2AI score0.00815EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/11/22 12:0 a.m.•35 views

Microsoft Exchange MsiDatabase Exposed Dangerous Function Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the MsiDatabase class. The issue results from the exposure of a dangerous functio...

4.3CVSS0.9AI score0.9997EPSS
Exploits11References1
Zero Day Initiative
Zero Day Initiative
•added 2022/11/22 12:0 a.m.•35 views

Microsoft Exchange PromptPreviewRpcResponse Exposed Dangerous Function Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the PromptPreviewRpcResponse class. The issue results from the exposure of a...

4.3CVSS0.6AI score0.9997EPSS
Exploits11References1
Zero Day Initiative
Zero Day Initiative
•added 2022/11/22 12:0 a.m.•35 views

Microsoft Exchange DbgEngDataReader Exposed Dangerous Function Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the DbgEngDataReader class. The issue results from the exposure of a dangerous...

4.3CVSS0.8AI score0.9997EPSS
Exploits11References1
Zero Day Initiative
Zero Day Initiative
•added 2022/11/22 12:0 a.m.•35 views

Microsoft Exchange FileDependency Exposed Dangerous Function Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the FileDependency class. The issue results from the exposure of a dangerous...

4.3CVSS0.8AI score0.9997EPSS
Exploits11References1
Zero Day Initiative
Zero Day Initiative
•added 2022/11/21 12:0 a.m.•35 views

TP-Link TL-WR940N httpd Incorrect Implementation of Authentication Algorithm Information Disclosure Vulnerability

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default...

6.5CVSS0.5AI score0.00587EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2022/11/03 12:0 a.m.•35 views

SAP 3D Visual Enterprise Author CUR File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

7.8CVSS4.5AI score0.00521EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/11/03 12:0 a.m.•35 views

D-Link DIR-1935 SetSysEmailSettings Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handli...

6.8CVSS3.3AI score0.01085EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/11/03 12:0 a.m.•35 views

D-Link DIR-1935 HNAP_AUTH Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of Login requests to the web management portal. When...

8.8CVSS5.1AI score0.01006EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/10/14 12:0 a.m.•35 views

Adobe ColdFusion Application Server Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe ColdFusion. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Application Server endpoint, which listens on TCP port 8500 by default. The issue...

8.1CVSS4.7AI score0.80023EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/10/14 12:0 a.m.•35 views

Adobe ColdFusion ODBC Server Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe ColdFusion. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of GIOP packets. The issue results from the lack of proper validation of...

9.8CVSS3.1AI score0.42577EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/10/07 12:0 a.m.•35 views

PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

3.3CVSS3.1AI score0.00357EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/10/07 12:0 a.m.•35 views

PDF-XChange Editor U3D File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

7.8CVSS5.2AI score0.00339EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/09/23 12:0 a.m.•35 views

Trend Micro Deep Security Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Deep Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Trend...

7.8CVSS5.5AI score0.00209EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/09/14 12:0 a.m.•35 views

D-Link DIR-2150 anweb action_handler Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anweb service, which listens on TCP ports 80 and 443 by default. The issue results...

8.8CVSS5.2AI score0.00623EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/08/23 12:0 a.m.•35 views

(Pwn2Own) Softing Secure Integration Server wbemcomn Uncontrolled Search Path Element Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of Softing Secure Integration Server. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

7.2CVSS3.9AI score0.09501EPSS
Exploits3References1
Zero Day Initiative
Zero Day Initiative
•added 2022/08/23 12:0 a.m.•35 views

AVEVA Edge APP File Insufficient UI Warning Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of APP...

7.8CVSS2.2AI score0.00647EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/08/18 12:0 a.m.•35 views

Adobe Illustrator Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

7.8CVSS5.2AI score0.00354EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/08/18 12:0 a.m.•35 views

PDF-XChange Editor JPG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

7.8CVSS4.8AI score0.00781EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/08/18 12:0 a.m.•35 views

PDF-XChange Editor submitForm Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the submitForm...

7.8CVSS2.3AI score0.0077EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/08/05 12:0 a.m.•35 views

OPC Foundation UA .NET Standard BrowseRequest Missing Authentication Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of OPC Foundation UA .NET Standard. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OPC UA BrowseRequests. The issue results from th...

5.3CVSS1.7AI score0.01028EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/07/28 12:0 a.m.•35 views

(Pwn2Own) Unified Automation OPC UA C++ Improper Update of Reference Count Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation OPC UA C++ Demo Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the OpcUaSecureListenerProcessSessionCallRequest...

7.5CVSS3.2AI score0.0178EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/07/15 12:0 a.m.•35 views

Microsoft Windows win32kfull UMPDDrvStartBanding Use-After-Free Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the win32kfull...

8.8CVSS5.6AI score0.09415EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/07/12 12:0 a.m.•35 views

X.Org Server ProcXkbSetDeviceInfo Out-Of-Bounds Access Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of...

7.8CVSS3.9AI score0.00573EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/06/30 12:0 a.m.•35 views

Parallels Desktop Updater Incorrect Permission Assignment Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the update...

7.8CVSS4.5AI score0.00277EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/06/16 12:0 a.m.•35 views

SAP 3D Visual Enterprise Viewer JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

7.8CVSS4.7AI score0.00972EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/05/26 12:0 a.m.•35 views

Trend Micro Maximum Security Link Following Arbitrary File Deletion Vulnerability

This vulnerability allows local attackers to delete arbitrary files on affected installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

6.1CVSS4.5AI score0.00435EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/05/26 12:0 a.m.•35 views

Ivanti Avalanche Web File Server Service Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Web File Server service...

9.8CVSS3.9AI score0.84454EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/05/10 12:0 a.m.•35 views

Microsoft Windows OpenType Font File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

9.6CVSS5.3AI score0.04504EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/04/12 12:0 a.m.•35 views

Bentley MicroStation CONNECT IFC File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS5.8AI score0.00897EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/04/08 12:0 a.m.•35 views

Rockwell Automation Connected Components Workbench CCWARC File Parsing Deserialization Of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Connected Components Workbench. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...

7.8CVSS4.7AI score0.11654EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/04/05 12:0 a.m.•35 views

Autodesk Navisworks Manage DWFX File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Manage. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS5.6AI score0.0062EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/03/09 12:0 a.m.•35 views

Microsoft Windows CLFS Integer Overflow Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

4.2CVSS6.6AI score0.01054EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/03/09 12:0 a.m.•35 views

Microsoft Windows win32kfull PDEV Use-After-Free Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of PD...

8.8CVSS8.1AI score0.07618EPSS
Exploits0References1
Total number of security vulnerabilities5000