| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges. |
| Windows Telephony Service Remote Code Execution Vulnerability |
| Dell Unity, version(s) 5.4 and prior, contain(s) an URL Redirection to Untrusted Site ('Open Redirect') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to a targeted application user being redirected to arbitrary web URLs. The vulnerability could be leveraged by attackers to conduct phishing attacks that cause users to divulge sensitive information. Exploitation may allow for session theft. |
| Windows Telephony Server Remote Code Execution Vulnerability |
| Improper authorization in Azure Playwright allows an unauthorized attacker to elevate privileges over a network. |
| 7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-25456. |
| Windows Kernel Security Feature Bypass Vulnerability |
| Avi Load Balancer contains an unauthenticated blind SQL Injection vulnerability which was privately reported to VMware. Patches are available to remediate this vulnerability in affected VMware products.
A malicious user with network access may be able to use specially crafted SQL queries to gain database access. |
| Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
| Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft Excel Remote Code Execution Vulnerability |
| Missing authorization in Microsoft Account allows an unauthorized attacker to elevate privileges over a network. |
| Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office Remote Code Execution Vulnerability |
| Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office Remote Code Execution Vulnerability |
| Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability |
| SMM Callout vulnerability within the AmdCpmDisplayFeatureSMM driver could allow locally authenticated attackers to overwrite SMRAM, potentially resulting in arbitrary code execution. |
| Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution. |
