| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques outlined here:
* https://w4ke.info/2025/06/18/funky-chunks.html
* https://w4ke.info/2025/10/29/funky-chunks-2.html
Jetty terminates chunk extension parsing at \r\n inside quoted strings instead of treating this as an error.
POST / HTTP/1.1
Host: localhost
Transfer-Encoding: chunked
1;ext="val
X
0
GET /smuggled HTTP/1.1
...
Note how the chunk extension does not close the double quotes, and it is able to inject a smuggled request. |
| Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java), an unauthenticated attacker could supply crafted input that is interpreted by the application and causes it to reference attacker-controlled content. If a victim accesses the affected functionality, that attacker-controlled content could be executed in the victim�s browser, potentially resulting in session compromise. This could allow the attacker to execute arbitrary client-side code, impacting the confidentiality and integrity of the application, with no impact to availability. |
| Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC. |
| Use after free in Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) allows an authorized attacker to elevate privileges locally. |
| Untrusted pointer dereference in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally. |
| Use after free in Windows WalletService allows an authorized attacker to elevate privileges locally. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally. |
| Use after free in Windows User Interface Core allows an authorized attacker to elevate privileges locally. |
| Use after free in Windows TDI Translation Driver (tdx.sys) allows an authorized attacker to elevate privileges locally. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally. |
| Use after free in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally. |
| Improper access control in Windows RPC API allows an authorized attacker to elevate privileges locally. |
| Access of resource using incompatible type ('type confusion') in Windows OLE allows an authorized attacker to elevate privileges locally. |
| Null pointer dereference in Windows Redirected Drive Buffering allows an authorized attacker to deny service locally. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally. |
| Time-of-check time-of-use (toctou) race condition in Windows LUAFV allows an authorized attacker to elevate privileges locally. |
| Improper authorization in Windows Kerberos allows an authorized attacker to elevate privileges over an adjacent network. |
| Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally. |
