| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Windows Bluetooth Driver Elevation of Privilege Vulnerability |
| Windows Bluetooth Driver Information Disclosure Vulnerability |
| Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability |
| Windows Media Remote Code Execution Vulnerability |
| Windows Media Remote Code Execution Vulnerability |
| Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability |
| Weak authentication in EOL ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.
NOTE: This CVE affects only End Of Life (EOL) software components. The vendor, Microsoft, has indicated there will be no future updates nor support provided upon inquiry. |
| Multiple vulnerabilities in the update process of Cisco ThousandEyes Endpoint Agent for Windows could allow an authenticated, local attacker to delete arbitrary files on an affected device.
These vulnerabilities are due to improper access controls on files that are in the local file system. An attacker could exploit these vulnerabilities by using a symbolic link to perform an agent upgrade that redirects the delete operation of any protected file. A successful exploit could allow the attacker to delete arbitrary files from the file system of the affected device. |
| Memory corruption while processing command message in WLAN Host. |
| Improper input validation in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally. |
| No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| Exposure of private personal information to an unauthorized actor in Dynamics 365 FastTrack Implementation Assets allows an unauthorized attacker to disclose information over a network. |
| A remote code execution vulnerability exists in PowerShell Editor Services, aka "PowerShell Editor Services Remote Code Execution Vulnerability." This affects PowerShell Editor, PowerShell Extension. |
| Visual Studio Code npm-script Extension Remote Code Execution Vulnerability |
| Visual Studio Code Python Extension Remote Code Execution Vulnerability |
| Insufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low) |
| Heap buffer overflow in Codecs in Google Chrome on Windows prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) |
| InCopy versions 20.2, 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| In mintplex-labs/anything-llm v1.5.11 desktop version for Windows, the application opens server port 3001 on 0.0.0.0 with no authentication by default. This vulnerability allows an attacker to gain full backend access, enabling them to perform actions such as deleting all data from the workspace. |
