| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Windows Mark of the Web Security Feature Bypass Vulnerability |
| Windows MSHTML Platform Spoofing Vulnerability |
| Windows MSHTML Platform Spoofing Vulnerability |
| Microsoft Management Console Remote Code Execution Vulnerability |
| NTLM Hash Disclosure Spoofing Vulnerability |
| Windows Task Scheduler Elevation of Privilege Vulnerability |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| Windows Storage Elevation of Privilege Vulnerability |
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network. |
| Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally. |
| Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack. |
| Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally. |
| Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally. |
| Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally. |
| Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally. |
| Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High) |
| Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. |
| The Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files that represent install packages that, when expanded by the target server, are vulnerable to path traversal vulnerability that can result in Remote Code Execution via malicious JSP.
This issue affects Command Center Innovation Release: 11.38.0 to 11.38.20. The vulnerability is fixed in 11.38.20 with SP38-CU20-433 and SP38-CU20-436 and also fixed in 11.38.25 with SP38-CU25-434 and SP38-CU25-438. |
| Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms. This vulnerability was added to the CISA Known Exploited Vulnerabilities (KEV) Catalog on 2025-04-28. |
