CVE Catalog

A vulnerability allowing elevation of privilege has been identified in the Windows Universal Disk Format File System Driver (UDFS). This vulnerability could be exploited by an attacker to gain SYSTEM privileges. It affects multiple Windows versions, including various releases of Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, Windows Server 2022, and Windows Server 2012 and 2012 R2.

A vulnerability in Visual Studio Code has been identified, allowing an unauthorized attacker to elevate privileges over a network due to improper input validation. This issue affects Visual Studio Code version 1.119.1.

A vulnerability in Microsoft Dynamics 365 (on-premises) has been identified, allowing an authorized attacker to elevate privileges over a network. This issue arises from improper handling of permissions, enabling attackers to assign themselves the System Administrator role and gain full administrative control.

A denial-of-service vulnerability has been identified in NETGEAR Orbi routers, specifically the RBR860, RBRE950, RBRE960, and RBS860 models. This vulnerability allows unauthenticated users on the local network to disrupt the router's availability by sending specially crafted requests.

A command execution vulnerability has been identified in DedeCMS version 5.7.118, specifically within the file_manage_control.php file.

A double-free vulnerability has been identified in OpenSSL versions 4.0 and 3.6, when TLS clients verify OCSP stapled responses from malicious servers. This vulnerability occurs if OCSP stapling is enabled, which is not the default setting. The crafted response triggers a double-free in the client's certificate verification process, corrupting heap memory. While reliably executing code through this double-free is complex and highly dependent on the environment, the vulnerability straightforwardly causes a denial-of-service condition by crashing the application. Notably, this issue does not affect any OpenSSL FIPS modules, as the problematic code lies outside the FIPS module boundary.

A DOM-based Cross-Site Scripting (XSS) vulnerability has been identified in Adobe Experience Manager (AEM) versions 6.5.24, LTS SP1, 2026.04 and earlier. This vulnerability allows an attacker to manipulate the DOM environment and execute malicious JavaScript in the context of the victim's browser. Exploitation requires user interaction, as the victim must visit a crafted webpage.

A use-after-free vulnerability has been identified in the Windows Ancillary Function Driver for WinSock. This vulnerability allows an authorized attacker to locally elevate privileges. The issue arises from a use-after-free condition, which can be exploited to gain SYSTEM privileges.

A vulnerability exists in the OpenSSL QUIC implementation, specifically in versions 4.0, 3.6, 3.5, and 3.4. When a remote peer floods the application with PATH_CHALLENGE frames, it can exhaust heap memory. This unbounded memory allocation may lead to an abnormal termination of the application, causing a denial-of-service condition. The issue arises because the QUIC stack allocates a PATH_RESPONSE frame for each PATH_CHALLENGE received. The allocated frame is only freed when the remote peer acknowledges its receipt, which a malicious peer will not do.

A vulnerability exists in OpenSSL's Cryptographic Message Services (CMS) processing, specifically within AuthEnvelopedData containers. The issue arises from inadequate input validation on the cipher and tag length fields, potentially leading to various compromises. This vulnerability is present in OpenSSL versions 4.0, 3.6, 3.5, 3.4, and 3.0. When an attacker sends a CMS message with AuthEnvelopedData using a non-AEAD cipher, OpenSSL incorrectly allows this and attempts to decrypt and validate the message. This could enable an on-path attacker to manipulate the decryption process, bypassing integrity checks and gaining key-equivalent functionality for the content-encryption key (CEK) used in the transaction.

A vulnerability exists in OpenSSL's processing of PKCS#12 files that use the Password-Based Message Authentication Code 1 (PBMAC1) integrity mechanism. The issue arises because the input validation for these files is insufficient, allowing for the forgery of certificates and private keys. This vulnerability affects OpenSSL versions 4.0, 3.6, 3.5, and 3.4, while versions 3.0, 1.1.1, and 1.0.2 are not affected as they do not support PBMAC1 in PKCS#12.

A heap buffer over-read vulnerability has been identified in OpenSSL's ASN.1 decoder, specifically in versions 4.0, 3.6, 3.5, 3.4, 3.0, 1.1.1, and 1.0.2. This vulnerability occurs when parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes. The issue is present on 64-bit Unix and Unix-like platforms, while 32-bit platforms and 64-bit Windows are not affected. The root cause lies in an integer truncation that mishandles the length of ASN.1 elements exceeding 2 gigabytes, leading to a buffer over-read that can crash the application or cause it to read into memory beyond the allocated buffer. This vulnerability affects applications that use OpenSSL's d2i_X509(), d2i_PKCS7(), or other d2i_* decoding functions.

A trust boundary violation vulnerability has been identified in Windows Attestation. This vulnerability allows an authorized attacker to locally elevate privileges. It affects multiple Windows 10 versions, Windows 11, and various Windows Server releases.

A cross-site scripting vulnerability has been identified in Microsoft SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016. This vulnerability allows an authorized attacker to perform spoofing over the network by improperly neutralizing input during web page generation.

A path traversal vulnerability has been identified in Microsoft Azure Kubernetes Service (AKS), allowing an authorized attacker to execute code locally. This issue arises from improper restrictions on pathnames, enabling exploitation by breaking out of a container and gaining control of the AKS worker node.

A vulnerability exists in SolarWinds Observability Self-Hosted versions 2026.1.1 and prior, allowing attackers to provide a crafted external URL that could redirect users to an unintended website.

A remote code execution vulnerability has been identified in Nuance PowerScribe. This issue arises from the deserialization of untrusted data, allowing an unauthorized attacker to execute code over a network. The vulnerability affects multiple versions of Nuance PowerScribe One and Nuance PowerScribe 360.

A vulnerability exists in NVIDIA DALI versions 0.0 through 2.0, allowing attackers to exploit improper index validation. This vulnerability could result in code execution, data tampering, denial-of-service, and information disclosure.

A heap-based buffer overflow vulnerability has been identified in NVIDIA DALI, affecting all platforms and versions 0.0 through 2.0. This vulnerability could be exploited by an attacker to execute arbitrary code, tamper with data, cause a denial-of-service, and disclose sensitive information.

A local privilege escalation vulnerability has been identified in Omnissa Workspace ONE Assist for macOS. This vulnerability allows users to gain elevated privileges, potentially leading to unauthorized actions or access within the system.

A vulnerability in the NETGEAR ReadyCloud client application has been identified, stemming from improper implementation of TLS certificate validation. This flaw can enable attackers to conduct man-in-the-middle (MiTM) attacks, potentially compromising the confidentiality of the product. Affected NETGEAR models include the RAX120v2, RAX35, RAX38, and RAX40.

A command injection vulnerability has been identified in the NETGEAR JR6150 AC750 WiFi Router, 802.11ac Dual Band Gigabit, released in 2014. This vulnerability arises from insufficient input validation, allowing users connected to the local WiFi network to execute operating system commands. The router has reached its End-of-Support phase as of 2018, with no further security updates planned. This vulnerability was discovered through firmware emulation in a controlled research environment and has not been verified on production hardware.

A vulnerability exists in various Netgear devices due to inadequate configuration management. This issue enables authenticated administrators connected to the local network to manipulate the system. Affected products include the Orbi WiFi 6 Router AX4200 (CBR750), Orbi WiFi 6 Add-on Satellite (MS60), Nighthawk Mesh WiFi 6 Router (MR70), Nighthawk Tri-band Mesh WiFi 6 Router (MR80), Nighthawk AX4 4-Stream AX3000 WiFi 6 Router (RAX35v2), Nighthawk AX5 5-Stream AX4200 WiFi Router (RAX40v2), Nighthawk AX6 6-Stream AX4300 WiFi Router (RAX45), Nighthawk AX6 6-Stream AX5400 WiFi 6 Router (RAX50), Nighthawk AX6 6-Stream AX5400 WiFi 6 Router (RAX50S), Nighthawk AX8 8-Stream AX5700 WiFi 6 Router (RAX75), Nighthawk AX8 8-Stream AX6000 WiFi 6 Router (RAX80), Nighthawk AXE10000 Tri-Band WiFi 6E Router (RAXE450), Nighthawk AXE10000 Tri-Band WiFi 6E Router (RAXE500), Orbi Quad-band Mesh WiFi 6E Router (RBRE960), Orbi WiFi 6 Router AX6000 (RBR850), Orbi WiFi 6 System AX5700 (RBR840), Orbi WiFi 6 Add-on Satellite AX5700 (RBS840) and Orbi WiFi 6 Add-on Satellite AX4200 (RBS750).

A vulnerability exists in various NETGEAR devices due to inadequate input validation. This issue enables authenticated administrators on the local network to manipulate the integrity of the router.

A vulnerability exists in the Netgear RAXE450 and RAXE500 routers, allowing authenticated administrators on the local network to alter router functions beyond the intended capabilities of the standard management interface.

A vulnerability exists in various NETGEAR Orbi WiFi 6 and 6E models, including routers and satellites, due to inadequate input validation. This issue enables authenticated administrators on the local network to make unauthorized changes to the router's software and functionality.

A vulnerability exists in the NETGEAR Orbi RBE970 model due to inadequate input validation. This issue allows authenticated administrators on the local network to make unauthorized changes to the router's software and functionality.

A vulnerability exists in certain NETGEAR Orbi WiFi 6 and 6E systems, specifically in the RBE372, RBE770, RBR750, RBR840, RBR850, RBRE950, RBRE960, RBS750, RBS840, and RBS860 models. This vulnerability stems from inadequate input validation of buffers, which enables authenticated administrators on the local network to make unauthorized changes to the router's software and functionality.

A vulnerability due to insufficient input validation has been identified in the NETGEAR JR6150 AC750 WiFi Router, which was released in 2014 and reached its end-of-support status in 2018. This vulnerability allows administrators connected to the local network to make unauthorized changes to the router's software and functionality. The issue was discovered through firmware emulation in a controlled research environment and has not been tested on production hardware.

A vulnerability allowing information disclosure has been identified in NETGEAR Orbi satellite devices. This issue could enable a user connected to the same network to gain unauthorized administrator access to the Orbi router. The vulnerability affects specific NETGEAR Orbi models, while Orbi WiFi systems without satellite devices remain unaffected.

A vulnerability exists in several Netgear router models, including the R7000, RAX20, RAX35v2, RAX41, RAX42, RAX43, RAX45, RAX50, RAX50v2, RAXE450, and XR1000 series. This vulnerability allows authenticated administrators on the local network to gain elevated access to the router, enabling them to make unauthorized changes to the router's software and functionality.

A vulnerability in NETGEAR Orbi 370 series devices, prior to version 12.1.2.7, could allow an attacker to execute commands on the device. This issue arises when the device administrator performs certain management actions, and it requires the attacker to intercept and manipulate traffic between the router and the Internet.

A vulnerability allowing improper restriction of XML external entity references has been identified in Schneider Electric's EcoStruxure IT Data Center Expert, all versions through 9.1.1. This vulnerability could lead to unauthorized disclosure of server-side file contents. It arises when an attacker with a Data Center Expert user account sends crafted XML payloads to SOAP service endpoints.

A SQL injection vulnerability has been identified in the CBS Platform developed by MOSK Information Technologies Ltd. This vulnerability allows for improper neutralization of special elements used in SQL commands, potentially leading to unauthorized database access or manipulation. The issue affects CBS Platform versions through 09062026.

A missing authorization vulnerability has been identified in the self-hosted server component of Mem0, affecting versions through 0.2.8. The vulnerability exists in the POST /configure endpoint, which modifies global LLM provider and embedder configurations. The endpoint only verifies authentication through JWT or X-API-Key, without validating the caller's role. This allows any authenticated user with a distributed API key to redirect all LLM and embedder traffic to an attacker-controlled server. The malicious configuration is persisted in PostgreSQL, survives server restarts, and affects all users and API keys on the instance.

A vulnerability allowing improper access control has been identified in Fortinet FortiPortal versions 7.4.0 through 7.4.7, 7.2.0 through 7.2.8, and all versions of 7.0. This vulnerability may allow a remote privileged attacker with an organization user role to access sensitive network configuration data by sending crafted HTTP requests to certain API endpoints.

A vulnerability allowing OS command injection has been identified in Fortinet FortiSandbox versions 5.0.0 to 5.0.5, 4.4.0 to 4.4.8, all versions of 4.2, as well as FortiSandbox Cloud and FortiSandbox PaaS versions 5.0.4 to 5.0.5. This vulnerability allows an unauthenticated attacker to execute unauthorized commands by sending specially crafted HTTP requests.

A local privilege escalation vulnerability has been identified in Waves Central for macOS, affecting versions 13.0.9 prior to 16.5.5. The issue resides in the privileged helper service, which improperly validates connecting XPC clients by using the client process identifier (PID) for code-signing verification. This flaw creates a race condition that can be exploited by a local attacker, allowing them to manipulate the validation process and gain unauthorized access to privileged operations. As a result, the attacker could execute arbitrary code with root privileges.

A local privilege escalation vulnerability has been identified in Waves Central for macOS, affecting versions 13.0.9 prior to 16.5.5. The vulnerability arises from a trusted XPC client component that is signed with hardened runtime entitlements, allowing dynamic library injection. A local attacker can exploit this by setting the DYLD_INSERT_LIBRARIES environment variable to inject a malicious dynamic library into the trusted client process at launch. The injected code executes within the signed process and can interact with the product's privileged helper service to perform privileged operations, leading to arbitrary code execution as root.

A command injection vulnerability has been identified in Ivanti Endpoint Manager Mobile (EPMM) versions prior to 12.9.0.1, 12.8.0.3, and 12.7.0.2. This vulnerability allows remote authenticated attackers to execute arbitrary commands with root privileges.

A vulnerability allowing authentication bypass has been identified in Ivanti Sentry versions prior to R10.5.2, R10.6.2, and R10.7.1. This vulnerability allows remote unauthenticated attackers to create arbitrary administrative accounts, granting them full administrative access.

A command injection vulnerability has been identified in Ivanti Sentry versions prior to R10.5.2, R10.6.2, and R10.7.1. This vulnerability allows remote, unauthenticated users to execute code with root privileges on the affected system.

A vulnerability allowing execution of Lua scripts via crafted CLI commands has been identified in Fortinet FortiOS and FortiProxy. This issue affects multiple versions across FortiOS 7.6, 7.4, 7.2, 7.0, FortiOS 6.4, and various FortiProxy 7.0 versions. The vulnerability arises from an internal asset being exposed to an unsafe debug access level, which may allow an authenticated admin to exploit the CLI.

A vulnerability in Logseq versions through 0.10.15 allows for arbitrary shell command execution via an inter-process communication (IPC) handler. The renderer process can execute commands with the Logseq process's privileges, leading to remote code execution on the host. This issue arises because, although an allowlist restricts command names to certain utilities like git and grep, the argument strings can include shell metacharacters that bypass this restriction. An attacker with JavaScript execution capabilities in the renderer, such as through cross-site scripting (XSS) or a malicious plugin, can exploit this vulnerability.

A SQL injection vulnerability has been identified in Netcad Software Inc. E-İmar versions 2.10.1.0 prior to 3.0.2. This vulnerability allows for improper neutralization of special elements used in SQL commands, enabling attackers to manipulate database queries and potentially access or modify database information.

An off-by-one vulnerability has been fixed in the Linux kernel's Rockchip RKCIF media driver. The issue arose from improper comparison operators that allowed access to elements beyond the end of arrays. This vulnerability affects the stable version of the Linux kernel.

A vulnerability in the Linux kernel's 9P file system implementation can lead to improper handling of access mode flags, causing issues with user permissions. When the 9P2000.L protocol is used, the default access flag allows for certain operations to be performed by the root user. However, due to a flaw in how access flags are applied, both the default and user-specified access flags can end up set simultaneously. This conflict prevents access mode checks from functioning correctly, causing the system to revert to a default user ID that lacks the necessary privileges. As a result, the root user may be unable to perform critical operations such as changing file ownership or executing other privileged tasks.

A vulnerability in the Linux kernel's DAMON (Data Access Monitor) subsystem allows the specification of non-power of two minimum region sizes, which can lead to unaligned region address ranges. This issue arises in the DAMON sysfs interface when the 'damon_start()' function is called. The vulnerability has been addressed by adding a check to ensure that the minimum region size is a power of two before the DAMON context is started.

A memory leak vulnerability has been identified in the Linux kernel's Nouveau graphics driver. This issue arises when the function 'aperture_remove_conflicting_pci_devices()' fails during the probing of PCI devices. The failure causes the function to return immediately without properly releasing a newly allocated 'nvkm_device' object, which leads to a leak of the device wrapper and a reference to the PCI device that was enabled. The vulnerability was introduced by changing the order of operations during PCI device handling, and it can be exploited by causing a probe failure that interrupts the normal device initialization process.

A denial-of-service vulnerability has been identified in the Elixir standard library's Version module. This issue arises from unbounded integer parsing of version components, which allows an attacker to control a version string and cause CPU and memory exhaustion. The vulnerability affects Elixir versions 1.5.0 prior to 1.20.1.