An elevation of privilege vulnerability exists due to the Application Identity kernel module allowing untrusted pointer dereference. The vulnerability could allow an attacker to run code with elevated privileges.
CrushFTP, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025.
CVE-2025-7388 is an OS command injection vulnerability in Progress OpenEdge that allows authenticated remote attackers to execute system commands in the context of NT AUTHORITY/SYSTEM. This module can also use CVE-2024-1403, an authentication bypass vulnerability that allow access to the adminServer classes so can chain it with CVE-2025-7388 OS command injection.
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. A user would need to be tricked into opening a folder that contains a specially crafted file.
The Windows Disk Cleanup tool (cleanmgr.exe) has a DLL side-loading vulnerability. A crafted DLL could be loaded by the Disk Cleanup tool, hijacking its execution path. This could allow an attacker to gain system privileges on a vulnerable system.
Wing FTP Server version 7.4.3 and prior is prone to a remote code execution due to improper handling of null bytes in both the user and admin web interfaces. This flaw allows attackers to execute arbitrary Lua command into session files, which is executed by the server with the privileges of the FTP service.
This module exploits a privilege escalation vulnerability in the way sudo handles the chroot parameter.
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in FortiWeb may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
The vulnerability relates to the use of Windows .URL files to execute a remote binary via a UNC path. When the targeted user opens or previews the .URL file (for example, from an email), the system attempts to access the specified path (for example, a WebDAV or SMB share), resulting in the execution of arbitrary code. Depending on the email client used, the vulnerability could be exploited as zero-click by simply displaying the attachment in the preview window or by clicking on it, or it could be blocked based on the target system's policies.
A vulnerability in the Microsoft Management Console (MMC) allows remote code execution via social engineering. The attack uses malicious HTML content in .msc file via an embedded ActiveX, exploiting the rendering of Windows' internal Internet Explorer. This update removes the one-link tag