| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Denial of service (DoS) vulnerability in the office service.
Impact: Successful exploitation of this vulnerability may affect availability. |
| Permission control vulnerability in the Notepad module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| DoS vulnerability in the video-related system service module.
Impact: Successful exploitation of this vulnerability may affect availability. |
| Permission control vulnerability in the Wi-Fi module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Vulnerability of accessing invalid memory in the component driver module.
Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. |
| Permission control vulnerability in the App Lock module.
Impact: Successful exploitation of this vulnerability may affect availability. |
| Permission control vulnerability in the distributed component.
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Permission control vulnerability in the startup recovery module.
Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. |
| UAF vulnerability in the screen recording framework module.
Impact: Successful exploitation of this vulnerability may affect availability. |
| UAF vulnerability in the screen recording framework module.
Impact: Successful exploitation of this vulnerability may affect availability. |
| Permission control vulnerability in the print module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| HackerOne community member Dang Hung Vi (vidang04) has reported an uncontrolled resource consumption vulnerability in the “userlog-index.php”. An attacker with access to the admin interface could request an arbitrarily large number of items per page, potentially leading to a denial of service. |
| CVE-2025-59595 is an internally discovered denial of service
vulnerability in versions of Secure Access prior to 14.12. An attacker
can send a specially crafted packet to a server in a non-default
configuration and cause the server to crash. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally. |
| Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
| The King Addons for Elementor – Free Elements, Widgets, Templates, and Features for Elementor plugin for WordPress is vulnerable to privilege escalation in versions 24.12.92 to 51.1.14 . This is due to the plugin not properly restricting the roles that users can register with. This makes it possible for unauthenticated attackers to register with administrator-level user accounts. |
| A vulnerability has been found in Tenda AC8 16.03.34.06. This impacts an unknown function of the file /goform/DatabaseIniSet. The manipulation of the argument Time leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. |
| Uncontrolled search path for some Intel(R) Graphics Software before version 25.22.1502.2 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. |
| Uncontrolled search path for the Intel(R) Processor Identification Utility before version 8.0.43 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. |
| Uncontrolled search path for some FPGA Support Package for the Intel oneAPI DPC++C++ Compiler software before version 2025.0.1 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. |
