| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| NVIDIA Display Driver for Windows and Linux contains a vulnerability in a video decoder, where an attacker might cause an out-of-bounds read. A successful exploit of this vulnerability might lead to information disclosure or denial of service. |
| Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. This can be used to leak the NTLMv2 hash from a Windows system. |
| The GC-AGENTS-SERVICE running as part of Akamai´s Guardicore Platform Agent for Windows versions prior to v49.20.1, v50.15.0, v51.12.0, v52.2.0 is affected by a local privilege escalation vulnerability. The service will attempt to read an OpenSSL configuration file from a non-existent location that standard Windows users have default write access to. This allows an unprivileged local user to create a crafted "openssl.cnf" file in that location and, by specifying the path to a custom DLL file in a custom OpenSSL engine definition, execute arbitrary commands with the privileges of the Guardicore Agent process. Since Guardicore Agent runs with SYSTEM privileges, this permits an unprivileged user to fully elevate privileges to SYSTEM level in this manner. |
| SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. A command injection vulnerability exists in SonarQube GitHub Action in version 4.0.0 to before version 6.0.0 when workflows pass user-controlled input to the args parameter on Windows runners without proper validation. This vulnerability bypasses a previous security fix and allows arbitrary command execution, potentially leading to exposure of sensitive environment variables and compromise of the runner environment. The vulnerability has been fixed in version 6.0.0. Users should upgrade to this version or later. |
| Uncontrolled search path for some Display Virtualization for Windows OS software before version 1797 within Ring 2: Device Drivers may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. |
| Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 40734. |
| A vulnerability (CWE-428) has been identified in the Uninterruptible Power Supply (UPS) management application provided by OMRON SOCIAL SOLUTIONS Co., Ltd., where the executable file paths of Windows services are not enclosed in quotation marks. If the installation folder path of this product contains spaces, there is a possibility that unauthorized files may be executed under the service privileges by using paths containing spaces. |
| Selea CarPlateServer 4.0.1.6 contains an unquoted service path vulnerability in the Windows service configuration that allows local users to potentially execute code with elevated privileges. Attackers can exploit the service's unquoted binary path by inserting malicious code in the system root path that could execute with LocalSystem privileges during application startup or reboot. |
| A potential insufficient access control vulnerability was reported in the Lenovo Dispatcher 3.0 and Dispatcher 3.1 drivers used by some Lenovo consumer notebooks that could allow an authenticated local user to execute code with elevated privileges. The Lenovo Dispatcher 3.2 driver is not affected. This vulnerability does not affect systems when the Windows feature Core Isolation Memory Integrity is enabled. Lenovo systems preloaded with Windows 11 have this feature enabled by default. |
| Improper resource release in the call termination process in AWS Wickr before version 6.62.13 on Windows, macOS and Linux may allow a call participant to continue receiving audio input from another user after they close their call window. This issue occurs under certain conditions, which require the affected user to take a particular action within the application
To mitigate this issue, users should upgrade AWS Wickr, Wickr Gov and Wickr Enterprise desktop version to version 6.62.13. |
| An information exposure vulnerability in the Palo Alto Networks User-ID Credential Agent (Windows-based) can expose the service account password under specific non-default configurations. This allows an unprivileged Domain User to escalate privileges by exploiting the account’s permissions. The impact varies by configuration:
* Minimally Privileged Accounts: Enable disruption of User-ID Credential Agent operations (e.g., uninstalling or disabling the agent service), weakening network security policies that leverage Credential Phishing Prevention https://docs.paloaltonetworks.com/advanced-url-filtering/administration/url-filtering-features/credential-phishing-prevention under a Domain Credential Filter https://docs.paloaltonetworks.com/advanced-url-filtering/administration/url-filtering-features/credential-phishing-prevention/methods-to-check-for-corporate-credential-submissions configuration.
* Elevated Accounts (Server Operator, Domain Join, Legacy Features): Permit increased impacts, including server control (e.g., shutdown/restart), domain manipulation (e.g., rogue computer objects), and network compromise via reconnaissance or client probing. |
| Tampering of the registry entries might have led to preventing the ESET security products from starting correctly on the next system startup or to unauthorized changes in the product's configuration. |
| Incorrect Default Permissions vulnerability in MongoDB Atlas SQL ODBC driver on Windows allows Privilege Escalation.This issue affects MongoDB Atlas SQL ODBC driver: from 1.0.0 through 2.0.0. |
| HYDRA X, MIP 2 and FEDRA 2 of MPDV Mikrolab GmbH suffer from an unauthenticated local file disclosure vulnerability in all releases until Maintenance Pack 36 with Servicepack 8 (week 36/2025), which allows an attacker to read arbitrary files from the Windows operating system. The "Filename" parameter of the public $SCHEMAS$ ressource is vulnerable and can be exploited easily. |
| SAP GUI for Windows may allow a highly privileged user on the affected client PC to locally access sensitive information stored in process memory during runtime.This vulnerability has a high impact on confidentiality, with no impact on integrity and availability. |
| Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to memory corruption. An attacker can issue an api call to trigger this vulnerability. This vulnerability is triggered when submitting a `WinBioControlUnit` call to the StorageAdapter with the ControlCode 2 (`WBIO_USH_GET_IDENTITY`) with an improper `ReceiveBuferSize` value. |
| Deep Instinct Windows Agent 1.2.24.0 contains an unquoted service path vulnerability in the DeepNetworkService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files\HP Sure Sense\DeepNetworkService.exe to inject malicious code that would execute with LocalSystem permissions during service startup. |
| A logic error exists in the Falcon sensor for Windows that could allow an attacker, with the prior ability to execute code on a host, to delete arbitrary files. CrowdStrike released a security fix for this issue in Falcon sensor for Windows versions 7.24 and above and all Long Term Visibility (LTV) sensors.
There is no indication of exploitation of these issues in the wild. Our threat hunting and intelligence teams are actively monitoring for exploitation and we maintain visibility into any such attempts.
The Falcon sensor for Mac, the Falcon sensor for Linux and the Falcon sensor for Legacy Systems are not impacted by this.
CrowdStrike was made aware of this issue through our HackerOne bug bounty program. It was discovered by Cong Cheng and responsibly disclosed. |
| A race condition exists in the Falcon sensor for Windows that could allow an attacker, with the prior ability to execute code on a host, to delete arbitrary files. CrowdStrike released a security fix for this issue in Falcon sensor for Windows versions 7.24 and above and all Long Term Visibility (LTV) sensors.
There is no indication of exploitation of these issues in the wild. Our threat hunting and intelligence team are actively monitoring for exploitation and we maintain visibility into any such attempts.
The Falcon sensor for Mac, the Falcon sensor for Linux and the Falcon sensor for Legacy Systems are not impacted by this.
CrowdStrike was made aware of this issue through our HackerOne bug bounty program. It was discovered by Cong Cheng and responsibly disclosed. |
| An insufficient policy enforcement vulnerability in Palo Alto Networks Prisma® Browser on Windows allows a locally authenticated non-admin user to bypass the screenshot control feature of the browser.
Browser self-protection should be enabled to mitigate this issue. |
