| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Windows BitLocker Information Disclosure Vulnerability |
| Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability |
| Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature locally. |
| Incorrect conversion between numeric types in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. |
| Improper isolation or compartmentalization in Azure PromptFlow allows an unauthorized attacker to execute code over a network. |
| Sensitive data storage in improperly locked memory in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. |
| Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network. |
| External control of file name or path in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally. |
| Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network. |
| Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. |
| Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. |
| Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network. |
| Protection mechanism failure in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally. |
| Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
| The Sencore SMP100 SMP Media Platform (firmware versions V4.2.160, V60.1.4, V60.1.29) is vulnerable to session hijacking due to improper session management on the /UserManagement.html endpoint. Attackers who are on the same network as the victim and have access to the target's logged-in session can access the endpoint and add new users without any authentication. This allows attackers to gain unauthorized access to the system and perform malicious activities. |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to view certain pipeline values by querying the API. |
| This vulnerability occurs when the system permits multiple simultaneous
connections to the backend using the same charging station ID. This can
result in unauthorized access, data inconsistency, or potential
manipulation of charging sessions. The lack of proper session management
and expiration control allows attackers to exploit this weakness by
reusing valid charging station IDs to establish multiple sessions
concurrently. |
| A truncated 802.15.4 packet can lead to an assert, resulting in a denial of service. |
| Azure HDInsight Apache Oozie Workflow Scheduler XXE Elevation of Privilege Vulnerability |
| A flaw was found in Moodle. An open redirect vulnerability in the OAuth login flow allows a remote attacker to redirect users to attacker-controlled pages after they have successfully authenticated. This occurs due to insufficient validation of redirect parameters, which could lead to phishing attacks or information disclosure. |
