Medium · CVSS 6.1
Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611 allows a remote attacker to execute arbitrary code via a crafted script to the title and comment fields.
Published Oct 7, 2024 · Updated Jul 5, 2026
High · CVSS 8
Scriptcase 9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_unzip function.
Published Oct 1, 2024 · Updated Jul 5, 2026
Medium · CVSS 4.7
A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.
Published Oct 23, 2024 · Updated Jun 29, 2026
High · CVSS 7.8
A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.
Published Oct 9, 2024 · Updated Jun 29, 2026
High · CVSS 7.8
A flaw was found in the libreswan client plugin for NetworkManager (NetkworkManager-libreswan), where it fails to properly sanitize the VPN configuration from the local unprivileged user. In this configuration, composed by a key-value format, the plugin fails to escape special characters, leading the application to interpret values as keys. One of the most critical parameters that could be abused by a malicious user is the `leftupdown`key. This key takes an executable command as a value and is used to specify what executes as a callback in NetworkManager-libreswan to retrieve configuration settings back to NetworkManager. As NetworkManager uses Polkit to allow an unprivileged user to control the system's network configuration, a malicious actor could achieve local privilege escalation and potential code execution as root in the targeted machine by creating a malicious configuration.
Published Oct 22, 2024 · Updated Jun 25, 2026
Medium · CVSS 6.5
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum. It is also possible to force a derived key to be all zeros instead of an unpredictable value. This may have follow-on implications for the Go TLS stack.
Published Oct 1, 2024 · Updated Jun 18, 2026
High · CVSS 8.1
Remote Desktop Protocol Server Remote Code Execution Vulnerability
Published Oct 8, 2024 · Updated Jun 9, 2026
High · CVSS 7
Windows Kernel Elevation of Privilege Vulnerability
Published Oct 8, 2024 · Updated Jun 9, 2026
High · CVSS 7.8
Windows Kernel Elevation of Privilege Vulnerability
Published Oct 8, 2024 · Updated Jun 9, 2026
High · CVSS 7.8
Windows Secure Kernel Mode Elevation of Privilege Vulnerability
Published Oct 8, 2024 · Updated Jun 9, 2026
High · CVSS 7.8
Windows Secure Kernel Mode Elevation of Privilege Vulnerability
Published Oct 8, 2024 · Updated Jun 9, 2026
Medium · CVSS 5.5
Relative path traversal in Microsoft Defender for Endpoint allows an authorized attacker to perform spoofing locally.
Published Oct 8, 2024 · Updated Jun 9, 2026
High · CVSS 8.8
Azure Stack Hyperconverged Infrastructure (HCI) Elevation of Privilege Vulnerability
Published Oct 8, 2024 · Updated Jun 9, 2026
Medium · CVSS 4.3
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Published Oct 18, 2024 · Updated Jun 9, 2026
High · CVSS 8.8
Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector.
Published Oct 8, 2024 · Updated Jun 9, 2026
High · CVSS 8.8
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Published Oct 8, 2024 · Updated Jun 9, 2026
High · CVSS 7.6
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Published Oct 17, 2024 · Updated Jun 9, 2026
Medium · CVSS 6.5
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Published Oct 17, 2024 · Updated Jun 9, 2026
High · CVSS 7.6
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Published Oct 17, 2024 · Updated Jun 9, 2026
Medium · CVSS 5.9
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Published Oct 17, 2024 · Updated Jun 9, 2026
High · CVSS 8.6
Missing authorization in Power Platform allows an unauthenticated attacker to view sensitive information through a network attack vector.
Published Oct 15, 2024 · Updated Jun 9, 2026
High · CVSS 7.5
Improper access control in Imagine Cup allows an authorized attacker to elevate privileges over a network.
Published Oct 15, 2024 · Updated Jun 9, 2026
High · CVSS 7.4
Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector
Published Oct 9, 2024 · Updated Jun 9, 2026
High · CVSS 7.8
Winlogon Elevation of Privilege Vulnerability
Published Oct 8, 2024 · Updated Jun 9, 2026
Medium · CVSS 5.5
Visual Studio Collector Service Denial of Service Vulnerability
Published Oct 8, 2024 · Updated Jun 9, 2026
High · CVSS 8.8
Remote Desktop Client Remote Code Execution Vulnerability
Published Oct 8, 2024 · Updated Jun 9, 2026
High · CVSS 8.8
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Published Oct 8, 2024 · Updated Jun 9, 2026
High · CVSS 8.8
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Published Oct 8, 2024 · Updated Jun 9, 2026
High · CVSS 8.7
Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability
Published Oct 8, 2024 · Updated Jun 9, 2026
High · CVSS 7.8
Visual C++ Redistributable Installer Elevation of Privilege Vulnerability
Published Oct 8, 2024 · Updated Jun 9, 2026
High · CVSS 8.8
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Published Oct 8, 2024 · Updated Jun 9, 2026
Medium · CVSS 5.5
Code Integrity Guard Security Feature Bypass Vulnerability
Published Oct 8, 2024 · Updated Jun 9, 2026
High · CVSS 7.7
Windows Scripting Engine Security Feature Bypass Vulnerability
Published Oct 8, 2024 · Updated Jun 9, 2026
High · CVSS 7.5
Windows Hyper-V Denial of Service Vulnerability
Published Oct 8, 2024 · Updated Jun 9, 2026
High · CVSS 8.3
Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability
Published Oct 8, 2024 · Updated Jun 9, 2026
High · CVSS 7.8 · CISA KEV
Microsoft Management Console Remote Code Execution Vulnerability
Published Oct 8, 2024 · Updated Jun 9, 2026
Medium · CVSS 5.6
Sudo for Windows Spoofing Vulnerability
Published Oct 8, 2024 · Updated Jun 9, 2026
Medium · CVSS 6.4
Windows Kernel Elevation of Privilege Vulnerability
Published Oct 8, 2024 · Updated Jun 9, 2026
High · CVSS 7.5
Windows Hyper-V Denial of Service Vulnerability
Published Oct 8, 2024 · Updated Jun 9, 2026
High · CVSS 7.5
Windows Network Address Translation (NAT) Denial of Service Vulnerability
Published Oct 8, 2024 · Updated Jun 9, 2026
High · CVSS 8.8
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Published Oct 8, 2024 · Updated Jun 9, 2026
High · CVSS 7.8
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published Oct 8, 2024 · Updated Jun 9, 2026
High · CVSS 7.5
Windows Network Address Translation (NAT) Denial of Service Vulnerability
Published Oct 8, 2024 · Updated Jun 9, 2026
Medium · CVSS 6.5
Windows Mobile Broadband Driver Denial of Service Vulnerability
Published Oct 8, 2024 · Updated Jun 9, 2026
High · CVSS 7.8
Microsoft Windows Storage Port Driver Elevation of Privilege Vulnerability
Published Oct 8, 2024 · Updated Jun 9, 2026
Medium · CVSS 6.5
Windows Mobile Broadband Driver Denial of Service Vulnerability
Published Oct 8, 2024 · Updated Jun 9, 2026
Medium · CVSS 6.5
Windows Mobile Broadband Driver Denial of Service Vulnerability
Published Oct 8, 2024 · Updated Jun 9, 2026
Medium · CVSS 6.5
Windows Mobile Broadband Driver Denial of Service Vulnerability
Published Oct 8, 2024 · Updated Jun 9, 2026
High · CVSS 7.8
Windows Graphics Component Elevation of Privilege Vulnerability
Published Oct 8, 2024 · Updated Jun 9, 2026
Medium · CVSS 6.5
Windows Mobile Broadband Driver Denial of Service Vulnerability
Published Oct 8, 2024 · Updated Jun 9, 2026