Microsoft: Security Vulnerabilities
The System Console Utility for Windows is vulnerable to a DLL planting vulnerability
CVSS Score
6.7
EPSS Score
0.0
Published
2025-12-12
Uncontrolled Search Path Element vulnerability in Altera High Level Synthesis Compiler on Windows allows Search Order Hijacking.This issue affects High Level Synthesis Compiler: from 19.1 through 24.3.
CVSS Score
6.7
EPSS Score
0.0
Published
2025-12-12
The High Level Synthesis Compiler i++ command for Windows is vulnerable to a DLL planting vulnerability
CVSS Score
6.7
EPSS Score
0.0
Published
2025-12-12
A potential security vulnerability in Quartus® Prime Pro Edition Design Software may allow escalation of privilege.
CVSS Score
6.7
EPSS Score
0.0
Published
2025-12-11
Under certain circumstances, the Quartus Prime Pro Installer for Windows does not check the permissions of the Quartus target installation directory if the target installation directory already exists.
CVSS Score
6.7
EPSS Score
0.0
Published
2025-12-11
A potential security vulnerability in Quartus® Prime Standard Edition Design Software may allow escalation of privilege.
CVSS Score
6.7
EPSS Score
0.0
Published
2025-12-11
Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.001
Published
2025-12-11
Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via triggers. An attacker can embed triggers (e.g., JavaScript) in a PDF document that execute during the signing process. When a signer reviews the document, the content appears normal. However, once the signature is applied, the triggers modify content on other pages or optional content layers without explicit warning. This can cause the signed PDF to differ from what the signer saw, undermining the trustworthiness of the digital signature. The fixed versions are 2025.2.1, 14.0.1, and 13.2.1.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-12-11
Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via OCG. When Optional Content Groups (OCG) are supported, the state property of an OCG is runtime-only and not included in the digital signature computation buffer. An attacker can leverage JavaScript or PDF triggers to dynamically change the visibility of OCG content after signing (Post-Sign), allowing the visual content of a signed PDF to be modified without invalidating the signature. This may result in a mismatch between the signed content and what the signer or verifier sees, undermining the trustworthiness of the digital signature. The fixed versions are 2025.2.1, 14.0.1, and 13.2.1.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-12-11
An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. Opening a malicious PDF containing a crafted JavaScript call to search.query() with a crafted cDIPath parameter (e.g., "/") may cause an out-of-bounds read in internal path-parsing logic, potentially leading to information disclosure or memory corruption.
CVSS Score
3.3
EPSS Score
0.0
Published
2025-12-11