Security Vulnerabilities
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9 and below 7.0.13 & FortiManager Cloud version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5 and before 7.2.9 allows an authenticated remote attacker to overwrite arbitrary files via FGFM crafted requests.
CVSS Score
5.5
EPSS Score
0.002
Published
2025-08-12
Time-of-check time-of-use (toctou) race condition in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.
CVSS Score
7.0
EPSS Score
0.0
Published
2025-08-12
Missing authentication for critical function in Windows StateRepository API allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.001
Published
2025-08-12
Improper authentication in Azure Stack allows an unauthorized attacker to disclose information over a network.
CVSS Score
7.5
EPSS Score
0.002
Published
2025-08-12
Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-08-12
Relative path traversal in Windows Kerberos allows an authorized attacker to elevate privileges over a network.
CVSS Score
7.2
EPSS Score
0.002
Published
2025-08-12
Exposure of sensitive information to an unauthorized actor in Azure Virtual Machines allows an authorized attacker to disclose information over a network.
CVSS Score
7.7
EPSS Score
0.001
Published
2025-08-12
Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-08-12
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVSS Score
8.4
EPSS Score
0.001
Published
2025-08-12
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
CVSS Score
7.8
EPSS Score
0.001
Published
2025-08-12