| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
| Microsoft WordPad Information Disclosure Vulnerability |
| Windows Mark of the Web Security Feature Bypass Vulnerability |
| Windows Error Reporting Service Elevation of Privilege Vulnerability |
| Windows Search Remote Code Execution Vulnerability |
| .NET and Visual Studio Denial of Service Vulnerability |
| Skype for Business Elevation of Privilege Vulnerability |
| Microsoft SharePoint Server Remote Code Execution Vulnerability |
| Windows CNG Key Isolation Service Elevation of Privilege Vulnerability |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| Win32k Elevation of Privilege Vulnerability |
| Microsoft SharePoint Server Elevation of Privilege Vulnerability |
| Microsoft Streaming Service Elevation of Privilege Vulnerability |
| Windows MSHTML Platform Elevation of Privilege Vulnerability |
| Windows SmartScreen Security Feature Bypass Vulnerability |
| Microsoft Outlook Security Feature Bypass Vulnerability |
| Windows SmartScreen Security Feature Bypass Vulnerability |
| Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required. |
| Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack. |
| Oxford Nanopore Technologies' MinKNOW software at or prior to version 24.11 stores authentication tokens in a file located in the system's temporary directory (/tmp) on the host machine. This directory is typically world-readable, allowing any local user or application to access the token. If the token is leaked (e.g., via malware infection or other local exploit), and remote access is enabled, it can be used to establish unauthorized remote connections to the sequencer. Remote access must be enabled for remote exploitation to succeed. This may occur either because the user has enabled remote access for legitimate operational reasons or because malware with elevated privileges (e.g., sudo access) enables it without user consent. This vulnerability can be chained with remote access capabilities to generate a developer token from a remote device. Developer tokens can be created with arbitrary expiration dates, enabling persistent access to the sequencer and bypassing standard authentication mechanisms. |
