CVE Database

A path traversal vulnerability in FastX3 thru 3.3.67 allows an unauthenticated attacker to read arbitrary files on the server. By leveraging this vulnerability, it is possible to access the application's configuration files, which contain the secret key used to sign JSON Web Tokens as well as existing JTIs. With this information, an attacker can forge valid JWTs, impersonate the root user, and achieve remote code execution in privileged context via authenticated endpoints.

A path traversal in StarNet Communications Corporation FastX v.4 through v4.1.51 allows unauthenticated attackers to read arbitrary files.

NVIDIA Isaac Lab contains a vulnerability in SB3 configuration parsing. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.

A flaw has been found in itsourcecode Online Examination System 1.0. Affected by this issue is some unknown functionality of the file /index.php. This manipulation of the argument Username causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Commands Connectors configuration modules) allows Stored XSS by users with elevated privileges. This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28.

A Cross-Site Request Forgery (CSRF) in the component /endpoints/currency/currency of Wallos v4.1.1 allows attackers to execute arbitrary operations via a crafted GET request.

Uncontrolled resource consumption in Windows Remote Procedure Call allows an unauthorized attacker to deny service over a network.

Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Linux allows an authorized attacker to deny service locally.

Improper access control in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.

Heap-based buffer overflow in Internet Explorer allows an unauthorized attacker to execute code over a network.

Exposure of sensitive information to an unauthorized actor in Windows Taskbar Live allows an unauthorized attacker to disclose information with a physical attack.

External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally.

External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally.

Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.

Double free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.

Improper verification of cryptographic signature in Github: Playwright allows an unauthorized attacker to perform spoofing over an adjacent network.

Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.

Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing locally.

Concurrent execution using shared resource with improper synchronization ('race condition') in Inbox COM Objects allows an unauthorized attacker to execute code locally.

Improper link resolution before file access ('link following') in XBox Gaming Services allows an authorized attacker to elevate privileges locally.

Improper authentication in Windows SMB Client allows an unauthorized attacker to perform tampering over a network.

Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.

Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.

Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.

Time-of-check time-of-use (toctou) race condition in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Exposure of sensitive information to an unauthorized actor in Microsoft Failover Cluster Virtual Driver allows an authorized attacker to disclose information locally.

Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.

Insertion of sensitive information into log file in Active Directory Federation Services allows an unauthorized attacker to disclose information locally.

Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.

Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Improper access control in Microsoft Windows Search Component allows an authorized attacker to deny service locally.

Improper input validation in JDBC Driver for SQL Server allows an unauthorized attacker to perform spoofing over a network.

Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.

Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network.

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Improper link resolution before file access ('link following') in Windows Health and Optimized Experiences Service allows an authorized attacker to elevate privileges locally.

Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.

Uncaught exception in Microsoft Office allows an unauthorized attacker to deny service locally.