Chevereto version 3.17.1 suffers from a persistent cross site scripting vulnerability.

Backdoor.Win32.Delf.zho malware suffers from bypass and code execution vulnerabilities.

The Container Manager Service accepts an access token provided by the user without verification allowing an arbitrary process to be created with another user identity leading to privilege escalation.

The Container Manager Service does not impersonate the caller when granting access to virtual disk images leading to privilege escalation.

The Container Manager Service creates an AppContainer process without impersonating the access token leading to privilege escalation.

This Metasploit module exploits a Perl injection vulnerability in the DjVu ANT parsing code of ExifTool versions 7.44 through 12.23 inclusive. The injection is used to execute a shell command…

The Container Manager Service does not configure STORVSP correctly when opening mapped named pipes leading to privilege escalation.