Autor: Peter Leibling

Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Ivanti Endpoint Manager Mobile ausnutzen, um beliebigen Programmcode auszuführen.

Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an unauthorized attacker to bypass a security feature over a network.

[CVE-2025-46835](https://www.cve.org/CVERecord?id=CVE-2025-46835) is regarding a vulnerability in Git GUI where when a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite any writable file. MITRE created this CVE on their behalf. The documented Visual Studio updates incorporate…
Weiterlesen

Use after free in Universal Print Management Service allows an authorized attacker to elevate privileges locally.

Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.

Exposure of sensitive information to an unauthorized actor in Windows User-Mode Driver Framework Host allows an authorized attacker to disclose information locally.

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

[CVE-2025-27613](https://www.cve.org/CVERecord?id=CVE-2025-27613) is regarding a vulnerability in Gitk where when a user clones an untrusted repository and runs Gitk without additional command arguments, any writable file can be created and truncated. The option „Support per-file encoding“ must have been enabled. The operation „Show origin of this line“ is affected as well, regardless of the option being…
Weiterlesen

Ein lokaler Angreifer kann eine Schwachstelle in Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen.

Ein Angreifer aus einem angrenzenden Netzwerk kann mehrere Schwachstellen in Broadcom Fabric OS ausnutzen, um Informationen offenzulegen oder einen Dental of Service zu verursachen.