| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability |
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability |
| Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
| Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability |
| Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability |
| Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability |
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability |
| Windows Remote Desktop Services Remote Code Execution Vulnerability |
| Windows Remote Desktop Services Remote Code Execution Vulnerability |
| Windows Remote Desktop Services Remote Code Execution Vulnerability |
| Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
| Windows Kernel Elevation of Privilege Vulnerability |
| Microsoft Office Elevation of Privilege Vulnerability |
| Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A may allow writes to resources owned by a higher exception level. |
| Race in Geolocation in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) |
| Race in Codecs in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) |
| Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) |
| A race condition in Grafana Live allows authenticated users with Viewer role to trigger a server crash by sending concurrent requests that cause a fatal map access error. This results in complete service unavailability requiring restart of the Grafana server. |
| IBM WebSphere Application Server - Liberty 22.0.0.11 through 26.0.0.5 IBM WebSphere Application Server Liberty could allow a remote attacker to bypass security under limited conditions by exploiting a specific timing window. |
| Sparx Pro Cloud Server is vulnerable to a Race Condition in the /data_api/dl_internal_artifact.php endpoint. The application downloads the properties of the object pointed by guid parameter and saves loaded content in current location (__DIR__) under the specified name. An attacker with repository access can control both the filename and file contents, allowing the creation of a malicious PHP file in a current directory. Although the file is deleted after processing, a race condition exists: if the response transmission is delayed (e.g., via a large file or slow client connection), the file remains accessible. During this window, the attacker can issue a second request to execute the malicious PHP file, resulting in remote code execution.
The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.1 (build 167) and below were tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable. |
