| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Out-of-bounds read in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally. |
| In Phpgurukul Online Course Registration v3.1, an arbitrary file upload vulnerability was discovered within the profile picture upload functionality on the /my-profile.php page. |
| Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to elevate privileges locally. |
| An issue in the Bluetooth RFCOMM service of Parani M10 Motorcycle Intercom v2.1.3 allows unauthorized attackers to cause a Denial of Service (DoS) via supplying crafted RFCOMM frames. |
| Use after free in RPC Runtime allows an authorized attacker to execute code over a network. |
| Vtiger CRM 8.4.0 contains a reflected cross-site scripting (XSS) vulnerability in the MailManager module. Improper handling of user-controlled input in the _folder parameter allows a specially crafted, double URL-encoded payload to be reflected and executed in the context of an authenticated user s session. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. |
| A HTML Injection vulnerability exists in the Dashboard module of Vtiger CRM 8.4.0. The application fails to properly neutralize user-supplied input in the tabid parameter of the DashBoardTab view (getTabContents action), allowing an attacker to inject arbitrary HTML content into the dashboard interface. The injected content is rendered in the victim's browser |
| Improper access control in Samsung DeX prior to SMR Apr-2026 Release 1 allows physical attackers to access to hidden notification contents. |
| Improper check for exceptional conditions in Device Care prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Knox Guard. |
| Use after free in Broadcast DVR allows an authorized attacker to elevate privileges locally. |
| Incorrect privilege assignment in Bluetooth in Maintenance mode prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Extend Unlock. |
| Improper restriction of communication channel to intended endpoints in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network. |
| External control of file name in AODManager prior to SMR Apr-2026 Release 1 allows privileged local attacker to create file with system privilege. |
| Improper access control in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally. |
| Exposure of sensitive information in S Share prior to SMR Apr-2026 Release 1 allows adjacent attacker to access sensitive information. |
| Improper input validation in Retail Mode prior to SMR Apr-2026 Release 1 allows local attackers to trigger privileged functions. |
| Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network. |
| The Form Maker by 10Web WordPress plugin before 1.15.38 does not properly prepare SQL queries when the "MySQL Mapping" feature is in use, which could make SQL Injection attacks possible in certain contexts. |
