CVE Catalog

A use-after-free vulnerability has been identified in the Windows Kernel, allowing an authorized attacker to locally elevate privileges. This vulnerability requires exploitation of a race condition, and successfully exploiting it could grant SYSTEM privileges to the attacker.

A use-after-free vulnerability has been identified in the Windows DWM Core Library, allowing an authorized attacker to locally elevate privileges. This vulnerability affects multiple Windows 10 and Windows 11 versions, as well as Windows Server 2019, 2022, and 2025. The vulnerability arises from improper memory management, which can be exploited to gain SYSTEM privileges.

A remote code execution vulnerability has been identified in Windows Performance Monitor. This issue arises from an integer underflow, or wraparound, which allows an unauthorized attacker to execute code over a network. The vulnerability affects multiple Windows 11 versions, Windows Server 2022, and Windows Server 2025.

A vulnerability allowing local privilege escalation has been identified in the Windows NT OS Kernel. This issue arises from an integer underflow, which can be exploited by an authorized attacker to gain elevated privileges.

A race condition vulnerability has been identified in Windows Push Notifications, allowing an authorized attacker to locally elevate privileges. This issue arises from concurrent execution using shared resources without proper synchronization.

A race condition vulnerability has been identified in Windows Push Notifications, allowing an authorized attacker to locally elevate privileges. This issue arises from concurrent execution using shared resources without proper synchronization.

A race condition vulnerability has been identified in Windows Push Notifications, allowing an authorized attacker to locally elevate privileges. This issue arises from concurrent execution using shared resources without proper synchronization.

An integer underflow vulnerability has been identified in Windows Performance Monitor. This flaw allows an unauthorized attacker to execute code remotely over a network. The vulnerability arises from improper handling of integer values, which can be exploited to manipulate the execution flow and execute arbitrary code.

A vulnerability in Windows Push Notifications allows an authorized attacker to locally disclose information by exploiting the use of uninitialized resources. This issue affects multiple Windows products, including various versions of Windows 10, Windows 11, Windows Server 2016, 2019, 2022, and 2025, as well as Windows Server 2019 (Server Core installation) and Windows Server 2025 (Server Core installation).

A vulnerability in Windows Hyper-V allows an authorized attacker to locally disclose sensitive information. This issue arises from an unintentional read access to kernel memory by a user mode process, potentially exposing critical data to unauthorized individuals.

A vulnerability in Windows Push Notifications allows an authorized attacker to locally disclose information by exploiting the use of uninitialized resources. This issue affects multiple Windows versions, including various releases of Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, Windows Server 2022, and Windows Server 2025.

A vulnerability in Windows Push Notifications allows an authorized attacker to locally disclose information by exploiting the use of uninitialized resources. This issue affects multiple Windows products, including various versions of Windows Server, Windows 10, and Windows 11.

A vulnerability exists in Windows Push Notifications due to the use of uninitialized resources, allowing an authorized attacker to locally disclose information. This vulnerability affects multiple Windows versions, including various releases of Windows 10, Windows 11, and Windows Server. The disclosed information could include uninitialized memory, potentially leading to the exposure of sensitive data.

A vulnerability allowing out-of-bounds read has been identified in the Windows Telephony Service. This issue allows an authorized attacker to locally disclose information by accessing memory addresses that should not be available. The vulnerability affects multiple Windows versions, including various releases of Windows Server, Windows 10, and Windows 11.

A vulnerability allowing integer underflow in the Windows NT OS Kernel has been identified, which could enable an authorized attacker to locally elevate privileges. This vulnerability affects multiple Windows products, including various versions of Windows Server, Windows 10, and Windows 11.

A denial-of-service vulnerability has been identified in the TCP/IP stack of Microsoft Windows. This issue arises from an incorrect calculation of buffer sizes, which allows an authorized attacker to disrupt services over an adjacent network. The vulnerability affects multiple Windows products and versions, including various editions of Windows 10, Windows 11, Windows Server 2022, and Windows Server 2025.

A denial-of-service vulnerability has been identified in the Windows Kerberos implementation. This vulnerability can be exploited to disrupt the normal functioning of the Kerberos authentication process, potentially leading to service outages.

A heap-based buffer overflow vulnerability has been identified in the Remote Desktop Client for Windows Desktop, as well as in various Windows 11 and Windows Server 2022 versions. This vulnerability allows an unauthorized attacker to execute code remotely over a network. The issue arises from a race condition that can be exploited when a victim connects to an attacking server using the vulnerable Remote Desktop Client.

A race condition vulnerability has been identified in the Windows Telephony Service, allowing an authorized attacker to elevate privileges locally. This issue arises from concurrent execution using shared resources without proper synchronization.

A use-after-free vulnerability has been identified in the Windows Ancillary Function Driver for WinSock. This vulnerability allows an authorized attacker to locally elevate privileges. The issue arises from a use-after-free condition, which can be exploited to gain SYSTEM privileges.

A vulnerability allowing out-of-bounds write in the Windows Hotpatch Monitoring Service has been identified. This flaw enables an authorized attacker to locally elevate privileges. The vulnerability affects multiple Windows 11 versions, Windows Server 2025, and various build numbers.

A heap-based buffer overflow vulnerability has been identified in the Remote Desktop Client. This vulnerability allows an unauthorized attacker to execute code remotely over a network. It is present in multiple Windows versions, including various releases of Windows 10, Windows 11, Windows Server 2022, Windows Server 2019, and several other Windows Server versions. The vulnerability arises from a race condition that can be exploited when a victim connects to an attacking server using the Remote Desktop Client.

A vulnerability allowing out-of-bounds read has been identified in the Windows Remote Desktop Protocol (RDP). This issue allows an unauthorized attacker to disclose information over the network, specifically local memory addresses. The vulnerability affects multiple Windows versions, including various releases of Windows 10, Windows 11, Windows Server 2012, Windows Server 2016, Windows Server 2019, Windows Server 2022, and Windows Server 2025.

A vulnerability in Windows Shell allows an authorized attacker to locally disclose sensitive information. This issue arises from improper handling of information, which could lead to unauthorized access to local memory addresses.

A vulnerability in Windows Shell allows an authorized attacker to locally disclose sensitive information, such as local memory addresses, to an unauthorized actor. This issue affects multiple versions of Windows 10, Windows 11, and Windows Server 2022 and 2025.

A use-after-free vulnerability has been identified in the Windows Desktop Window Manager (DWM) Core Library. This vulnerability allows an authorized attacker to locally elevate privileges. The issue arises from improper memory management, which can be exploited to gain higher-level permissions on the affected system.

A heap-based buffer overflow vulnerability has been identified in the Windows TCP/IP stack. This vulnerability allows an unauthorized attacker to elevate privileges over an adjacent network. It affects multiple versions of Windows 10, Windows 11, and Windows Server 2022, 2025 and 2025 (Server Core installation).

A null pointer dereference vulnerability has been identified in Windows Kerberos, allowing an authorized attacker to cause a denial of service over the network. This vulnerability affects multiple Windows products, including various versions of Windows Server, Windows 10, and Windows 11. The issue arises from improper handling of null pointers, which can be exploited to disrupt service availability.

A vulnerability in Microsoft PowerToys has been identified, allowing an authorized attacker to improperly elevate privileges locally. This issue arises from inadequate authorization mechanisms within the application.

A buffer over-read vulnerability has been identified in the Windows Projected File System Filter Driver. This vulnerability allows an authorized attacker to locally elevate privileges. The issue arises from improper handling of memory, leading to out-of-bounds read conditions.

A race condition vulnerability has been identified in the Function Discovery Service (fdwsd.dll) on multiple Windows platforms. This vulnerability allows an authorized attacker to elevate privileges locally by exploiting improper synchronization in concurrent execution using shared resources.

A vulnerability in Microsoft Teams for Android has been identified, allowing authorized attackers to disclose information over a network. This issue arises from improper neutralization of special elements in output, leading to injection vulnerabilities.

A vulnerability has been identified in Windows Administrator Protection that allows an authorized attacker to locally bypass a security feature designed to prevent applications with standard user permissions from accessing administrator rights. This improper access control could enable the execution of code with elevated privileges, circumventing normal security protocols.

A buffer over-read vulnerability has been identified in the Windows Projected File System Filter Driver. This vulnerability allows an authorized attacker to locally elevate privileges. The issue arises from improper handling of memory, which could be exploited to read beyond the intended buffer limits, potentially leading to unauthorized access or manipulation of system resources.

A vulnerability exists in OpenSSL 4.0 that allows for an out-of-bounds read when the function X509_VERIFY_PARAM_set1_email is used to validate a crafted email address. This issue can occur during S/MIME message validation, potentially leading to a crash and causing a denial-of-service condition. The vulnerability arises because an internal helper function used in the email validation process applies an incorrect length, which can result in the 64-octet limit on the local part of the email address not being properly enforced. As a consequence, the validation process may either fail to restrict the length appropriately or cause an out-of-bounds read that could be exploited to crash the application.

A vulnerability exists in OpenSSL's handling of Diffie-Hellman key exchange with DHX (X9.42) peer keys. When the function EVP_PKEY_derive_set_peer() is called, the peer key's subgroup membership is not properly validated. This flaw allows a malicious peer to present a key that can be used to recover the victim's private key after a few key exchange attempts. The vulnerability affects OpenSSL versions 4.0, 3.6, 3.5, 3.4, and 3.0.

A vulnerability in OpenSSL's handling of Certificate Management Protocol (CMP) Root CA key update messages can lead to unauthorized escalation of credentials from the Registration Authority (RA) level to the root Certification Authority (CA) level. This issue arises from a typo in the certificate verification process, which allows an RA to replace the root CA certificate for CMP clients with an arbitrary root CA certificate. The vulnerability is present in OpenSSL versions 4.0, 3.6, 3.5, and 3.4.

A vulnerability exists in the OpenSSL library's CMS_decrypt and PKCS7_decrypt functions, allowing for a Bleichenbacher-style attack. This issue arises when an attacker can provide CMS or S/MIME messages and observe the resulting error codes or decryption outputs. The vulnerability is present in OpenSSL versions 4.0, 3.6, 3.5, and 3.4, but not in the FIPS modules of these versions. The attack exploits the RSA PKCS#1 v1.5 Key Transport mechanism, enabling an attacker to decrypt or sign messages using the victim's private RSA key.

A NULL pointer dereference vulnerability has been identified in OpenSSL's CMP client application. This issue arises when the client processes a response from an attacker-controlled CMP server that includes a CRMF CertRepMessage with an EncryptedValue structure. If the symmAlg field contains an algorithm OID without accompanying parameters, the CMP client will dereference a NULL pointer, leading to a crash and causing a denial-of-service condition. This vulnerability affects OpenSSL versions 4.0, 3.6, 3.5, 3.4, and 3.0, but not the FIPS modules in these versions, as the issue occurs outside the FIPS module boundary.

A NULL pointer dereference vulnerability has been identified in OpenSSL's handling of password-encrypted Cryptographic Message Syntax (CMS) messages. This issue arises during the decryption process, where the CMS PasswordRecipientInfo.keyDerivationAlgorithm field, defined as optional in the ASN.1 specification, may be absent in specially crafted inputs. The OpenSSL CMS implementation dereferences this field without prior validation, leading to a crash and causing a denial-of-service condition. This vulnerability affects OpenSSL versions 4.0, 3.6, 3.5, 3.4, 3.0, 1.1.1, and 1.0.2, except for the FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0, which are not affected as the issue lies outside the FIPS module boundary.

A NULL pointer dereference vulnerability has been identified in OpenSSL versions 4.0, 3.6, 3.5, 3.4, and 3.0. This vulnerability occurs when partial-chain certificate verification is enabled alongside OCSP response checking for the entire chain. If the verified chain lacks a self-signed trusted anchor, the absence of this anchor leads to a NULL dereference, causing a process crash. The issue arises because, during OCSP response checking, the code attempts to access the next certificate as the issuer. With partial chain verification enabled and no self-signed trusted anchor, the last certificate's issuer becomes NULL, resulting in a dereference error.

A NULL pointer dereference vulnerability has been identified in the OpenSSL QUIC server, specifically in versions 4.0, 3.6, and 3.5, when the address validation is disabled. This vulnerability allows an attacker to crash the server by sending an initial packet with an invalid or expired token. By default, the OpenSSL QUIC server has client address validation enabled, making the default configuration safe. However, if the SSL_LISTENER_FLAG_NO_VALIDATE is used, the vulnerability can be exploited, leading to an abnormal termination of the QUIC server process and a denial-of-service condition.

A cross-site scripting vulnerability has been identified in Svelte versions prior to 5.55.7. When spread syntax is used to render attributes from untrusted data, event handler properties can be inadvertently included in the HTML output. This allows attackers to inject malicious event handlers that execute in the context of the victim's browser. The issue arises only if JavaScript is enabled and Svelte's hydration process does not reach the affected element before the event is triggered.

A vulnerability in Svelte prior to version 5.55.7 allowed for DOM clobbering of the framework's internal state on elements. This issue could potentially lead to cross-site scripting (XSS) attacks. The vulnerability was present when attribute spreading was used on form elements, and when dynamic values were allowed for the 'name' attribute on input or button elements within the form, with both conditions being user-controllable.

A denial-of-service vulnerability has been identified in the Svelte devalue library, specifically in versions 5.6.3 prior to 5.8.1. The issue arises in the `devalue.parse` function, where certain JavaScript engine quirks can be exploited to cause excessive memory consumption. This happens when the parser deserializes sparse arrays, leading to arbitrary memory allocation. The vulnerability has been patched in version 5.8.1.

A denial-of-service vulnerability has been identified in the Svelte web framework, specifically in versions 5.51.5 prior to 5.55.7. The issue arises from an internal regular expression in the Svelte runtime that can cause exponential time complexity when processing tags of unconstrained length within the `<svelte:element>` tag. This vulnerability can lead to significant performance degradation. However, applications that restrict tag lengths or allow only a predetermined list of tags are not affected.

A heap-based buffer overflow vulnerability has been identified in Microsoft Windows DNS. This vulnerability allows an authorized attacker to locally elevate privileges. It affects multiple Windows versions, including various editions of Windows Server and Windows 10, as well as Windows 11.

A cross-site scripting vulnerability has been identified in Azure Stack Edge, specifically in the Local UI certificate management interface. This issue allows an authorized attacker to upload a malicious SSL/TLS certificate containing JavaScript into the X.509 Subject or Issuer fields. When an administrator views the certificate details, the embedded script executes in their browser, potentially leading to unauthorized administrative actions and access to sensitive configuration or cryptographic materials.

A vulnerability in Microsoft Kinect has been identified, allowing an authorized attacker to locally elevate privileges. This issue arises from improper access control, which could enable exploitation to gain higher-level permissions.

An elevation of privilege vulnerability has been identified in the Windows Universal Disk Format File System Driver (UDFS). This vulnerability allows an attacker to gain SYSTEM privileges. It affects multiple Windows versions, including Windows 10, Windows 11, Windows Server 2012, 2016, 2019, 2022, and 2025, as well as Windows Server 2012 R2 and various Windows 11 and Windows 10 versions.