Windows Installer Elevation of Privilege Vulnerability
Secdo tries to execute a script at a hardcoded path if present, which allows a local authenticated user with 'create folders or append data' access to the root of the OS disk (C:\) to gain system privileges if the path does not already exist or is writable. This issue affects all versions of Secdo for Windows.
Zoom VDI client installer prior to 5.14.0 contains an improper access control vulnerability. A malicious user may potentially delete local files without proper permissions.
External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally.
Missing authentication for critical function in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.
External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network.
External control of file name or path in Windows Security App allows an authorized attacker to perform spoofing locally.
Microsoft OpenSSH for Windows Remote Code Execution Vulnerability
When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.<br>*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
Microsoft OpenSSH for Windows Remote Code Execution Vulnerability
The Windows version of Multipass before 1.7.0 allowed any local process to connect to the localhost TCP control socket to perform mounts from the operating system to a guest, allowing for privilege escalation.
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing locally.
Microsoft SharePoint Server Elevation of Privilege Vulnerability
Windows MSHTML Platform Security Feature Bypass Vulnerability
External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network.
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.This issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13.
Microsoft OpenSSH for Windows Remote Code Execution Vulnerability
External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally.
External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network.
Concurrent execution using shared resource with improper synchronization ('race condition') in Data Sharing Service Client allows an unauthorized attacker to perform spoofing locally.
External control of file name or path in Windows WLAN Service allows an authorized attacker to elevate privileges locally.
External control of file name or path in Azure Arc allows an authorized attacker to elevate privileges locally.
External control of file name or path in Windows Security App allows an authorized attacker to perform spoofing locally.
External control of file name or path in Windows Storage allows an authorized attacker to perform spoofing over a network.
NTLM Hash Disclosure Spoofing Vulnerability
Windows Distributed Transaction Coordinator Remote Code Execution Vulnerability
Microsoft Outlook Remote Code Execution Vulnerability
NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can access or modify system files or other files that are critical to the application, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.
Windows MSHTML Platform Security Feature Bypass Vulnerability
The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions 6.5 through 7.17.0 allow arbitrary file writes to locations outside the intended output directory when processing notebooks containing crafted cell attachment filenames. The `ExtractAttachmentsPreprocessor` passes attachment filenames directly to the filesystem without sanitization, enabling path traversal attacks. This vulnerability provides complete control over both the destination path and file extension. Version 7.17.1 contains a patch.
Mobile Next is an MCP server for mobile development and automation. Prior to version 0.0.49, the `@mobilenext/mobile-mcp` server contains a Path Traversal vulnerability in the `mobile_save_screenshot` and `mobile_start_screen_recording` tools. The `saveTo` and `output` parameters were passed directly to filesystem operations without validation, allowing an attacker to write files outside the intended workspace. Version 0.0.49 fixes the issue.
The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system.