8.1
CVE-2025-24035 - Windows Remote Desktop Services Remote Code Execution Vulnerability
Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
7.5
CVE-2025-26634 - Windows Core Messaging Elevation of Privileges Vulnerability
Heap-based buffer overflow in Windows Core Messaging allows an authorized attacker to elevate privileges over a network.
7.8
CVE-2024-9157 - Privilege Escalation Vulnerability in CxUIUSvc service
** UNSUPPORTED WHEN ASSIGNED **Β A privilege escalation vulnerability in CxUIUSvc64.exe and CxUIUSvc32.exe of Synaptics audio drivers allows a local authorized attacker to load a DLL in a privileged process. Out of an abundance of caution, this CVE ID is being assigned to better serve our customβ¦
4.8
CVE-2024-56338 - IBM Sterling B2B Integrator cross-site scripting
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credenβ¦
7.8
CVE-2025-21169 - Substance3D - Designer | Heap-based Buffer Overflow (CWE-122)
Substance3D - Designer versions 14.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
7.8
CVE-2025-27172 - Substance3D - Designer | Out-of-bounds Write (CWE-787)
Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
7.1
CVE-2025-22213 - [20250301] - Core - Malicious file uploads via Media Manager
Inadequate checks in the Media Manager allowed users with "edit" privileges to change file extension to arbitrary extension, including .php and other potentially executable extensions.
6.3
CVE-2025-27617 - Pimcore Vulnerable to SQL Injection in getRelationFilterCondition
Pimcore is an open source data and experience management platform. Prior to version 11.5.4, authenticated users can craft a filter string used to cause a SQL injection. Version 11.5.4 fixes the issue.
4.9
CVE-2025-27602 - Umbraco Allows a Restricted Editor User to Delete Media Item or Access Unauthorized Content
Umbraco is a free and open source .NET content management system. In versions of Umbraco's web backoffice program prior to versions 10.8.9 and 13.7.1, via manipulation of backoffice API URLs, it's possible for authenticated backoffice users to retrieve or delete content or media held within foldersβ¦
4.3
CVE-2025-27601 - Umbraco Allows Improper API Access Control to Low-Privilege Users to Data Type Functionality
Umbraco is a free and open source .NET content management system. An improper API access control issue has been identified Umbraco's API management package prior to versions 15.2.3 and 14.3.3, allowing low-privilege, authenticated users to create and update data type information that should be restβ¦