| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Bridge is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| Bridge is affected by an Untrusted Pointer Dereference vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| Bridge is affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| The Shibboleth WordPress plugin before 2.5.4 does not fail closed when its HTTP header identity mode is enabled without an anti-spoofing key, treating any request that carries identity headers as an authenticated session without verifying them. On a deployment where untrusted client headers reach the application, an unauthenticated attacker can log in with forged identity headers and, when automatic account creation and the default administrator role mapping are enabled, create and sign in as a new administrator. Exploitation requires the non-default HTTP header attribute mode, an empty or absent spoof key, automatic account creation enabled, and a deployment that does not strip untrusted client headers before they reach the application. |
| Heap-based buffer overflow in Windows Win32K allows an authorized attacker to elevate privileges locally. |
| In Modem, there is a possible memory corruption due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01402160; Issue ID: MSV-7298. |
| The WebAuthn Provider for Two Factor WordPress plugin before 2.5.6 does not correctly validate the second-factor authentication response, allowing an attacker who already knows a user's password to bypass the two-factor authentication requirement by submitting a malformed request. |
| Incorrect conversion between numeric types in Windows NTFS allows an authorized attacker to elevate privileges locally. |
| Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally. |
| Deserialization of untrusted data in SQL Server allows an authorized attacker to execute code over a network. |
| Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. |
| The Quotes llama WordPress plugin before 3.1.6 does not properly sanitize and escape a user-supplied parameter before using it in a SQL query, allowing unauthenticated attackers to perform UNION-based SQL injection and read arbitrary data from the database, including password hashes. |
| Use after free in Microsoft Message Queuing Queue Manager allows an unauthorized attacker to execute code over a network. |
| Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network. |
| Use after free in Windows DHCP Client allows an unauthorized attacker to execute code locally. |
| Heap-based buffer overflow in Windows DHCP Server allows an authorized attacker to elevate privileges over an adjacent network. |
| Adobe Commerce is affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could exploit this vulnerability to execute malicious SQL commands, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue does not require user interaction. |
| Heap-based buffer overflow in Active Directory Domain Services allows an unauthorized attacker to execute code over a network. |
| Heap-based buffer overflow in Active Directory Domain Services allows an authorized attacker to execute code over a network. |
| Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges locally. |