Common Vulnerabilities and Exposures (CVE)
CVE-2025-13661
Path traversal in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote authenticated attacker to write arbitrary files outside of the intended directory. User interaction is required.
CVE-2025-13659
Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attacker to write arbitrary files on the server, potentially leading to remote code execution. ...
CVE-2025-6218
RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerabili...
CVE-2025-42880
Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function module. This could provide the attacker with full control of the system hence leading to ...
CVE-2025-42928
Under certain conditions, a high privileged user could exploit a deserialization vulnerability in SAP jConnect to launch remote code execution. The system may be vulnerable when specially crafted input is used to exploit the vulnerability r...
CVE-2025-62572
Out-of-bounds read in Application Information Services allows an authorized attacker to elevate privileges locally.
CVE-2025-64673
Improper access control in Storvsp.sys Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-59517
Improper access control in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-59516
Missing authentication for critical function in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-62570
Improper access control in Windows Camera Frame Server Monitor allows an authorized attacker to disclose information locally.
CVE-2025-64680
Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2025-64671
Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to execute code locally.
CVE-2025-64658
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally.
CVE-2025-62458
Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2025-55233
Out-of-bounds read in Windows Projected File System allows an authorized attacker to elevate privileges locally.