A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server.

FastGPT is an AI Agent building platform. From 4.14.0 to 4.14.5, attackers can directly access the plugin system through FastGPT/api/plugin/xxx without authentication, thereby threatening the plugin system. This may cause the plugin system to crash and the loss of plugin installation status, but it…

Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network.

Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network.

Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.

Improper certificate validation in Azure Local allows an unauthorized attacker to execute code over a network.

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.

Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.

Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.