| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cleartext transmission of sensitive information in Windows Hello allows an unauthorized attacker to bypass a security feature locally. |
| A vulnerability classified as problematic was found in lenve VBlog up to 1.0.0. Affected by this vulnerability is the function addNewArticle of the file blogserver/src/main/java/org/sang/service/ArticleService.java. The manipulation of the argument mdContent/htmlContent leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
| Use after free in Xbox allows an authorized attacker to elevate privileges locally. |
| Improper input validation in Windows Error Reporting allows an authorized attacker to elevate privileges locally. |
| Use after free in Windows Kernel allows an unauthorized attacker to elevate privileges locally. |
| Improper access control in Windows Error Reporting allows an authorized attacker to elevate privileges locally. |
| Time-of-check time-of-use (toctou) race condition in NtQueryInformation Token function (ntifs.h) allows an authorized attacker to elevate privileges locally. |
| Heap-based buffer overflow in Azure Local allows an authorized attacker to elevate privileges locally. |
| Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. |
| A vulnerability has been found in newbee-mall up to 613a662adf1da7623ec34459bc83e3c1b12d8ce7. This issue affects the function paySuccess of the file /paySuccess of the component Order Status Handler. The manipulation of the argument orderNo leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. |
| Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. |
| A vulnerability was found in newbee-mall 1.0. Impacted is the function mallKaptcha of the file /common/mall/kaptcha. The manipulation results in guessable captcha. The attack can be executed remotely. A high complexity level is associated with this attack. The exploitability is considered difficult. The exploit has been made public and could be used. |
| Improper access control in KnoxGuard prior to SMR Oct-2025 Release 1 allows physical attackers to use the privileged APIs. |
| Out-of-bounds write in the parsing header for JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to cause memory corruption. |
| Out-of-bounds read in the allocation of image buffer in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory. |
| Newforma Info Exchange (NIX) accepts serialized .NET data via the '/remoteweb/remote.rem' endpoint, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\NetworkService' privileges. The vulnerable endpoint is used by Newforma Project Center Server (NPCS), so a compromised NIX system can be used to attack an associated NPCS system. To mitigate this vulnerability, restrict network access to the '/remoteweb/remote.rem' endpoint, for example using the IIS URL Rewrite Module. |
| Newforma Project Center Server (NPCS) accepts serialized .NET data via the '/ProjectCenter.rem' endpoint on 9003/tcp, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\NetworkService' privileges. According to the recommended architecture, the vulnerable NPCS endpoint is only accessible on an internal network. To mitigate this vulnerability, restrict network access to NPCS. |
| Newforma Info Exchange (NIX) accepts requests to '/UserWeb/Common/MarkupServices.ashx' specifying the 'DownloadExportedPDF' command that allow an authenticated user to read and delete arbitrary files with 'NT AUTHORITY\NetworkService' privileges.
In Newforma before 2023.1, anonymous access is enabled by default (CVE-2025-35062), allowing an otherwise unauthenticated attacker to effectively authenticate as 'anonymous' and exploit this file upload vulnerability. |
| Newforma Info Exchange (NIX) stores credentials used to configure NPCS in 'HKLM\Software\WOW6432Node\Newforma\<version>\Credentials'. The credentials are encrypted but the encryption key is stored in the same registry location. Authenticated users can access both the credentials and the encryption key. If these are Active Directory credentials, an attacker may be able to gain access to additional systems and resources. |
