Published threat advisories for May 13, 2025

A null pointer dereference in the Windows Ancillary Function Driver for WinSock allows an authorized local attacker to elevate privileges. This impacts affected systems by enabling unauthorized access and potential control, posing a business risk to data integrity and confidentiality.

NVD published: May 13, 2025 • CISA KEV

A vulnerability in the Windows Common Log File System Driver could allow an authorized local attacker to elevate privileges. This impacts affected Windows systems, potentially leading to unauthorized access to data and compromise of system integrity, posing a business risk.

NVD published: May 13, 2025 • CISA KEV

A vulnerability in the Windows Common Log File System Driver allows an authorized local attacker to elevate privileges. This could affect system integrity and confidentiality, leading to unauthorized control of local system resources and potential data compromise. Organizations should apply vendor updates to mitigate t

NVD published: May 13, 2025 • CISA KEV

A vulnerability in Windows DWM allows a local attacker to escalate privileges. This could grant an attacker greater control over an affected system. The business risk involves potential unauthorized access and system compromise.

NVD published: May 13, 2025 • CISA KEV

A type confusion vulnerability in the Microsoft Scripting Engine allows unauthorized remote code execution. This impacts organizations using affected Windows systems, posing a business risk through potential system and data compromise. The vulnerability is listed in the CISA Known Exploited Vulnerabilities catalog.

NVD published: May 13, 2025 • CISA KEV

An API component flaw in Ivanti Endpoint Manager Mobile enables authenticated attackers to execute arbitrary code. This impacts affected systems and data, presenting a business risk of unauthorized control and potential compromise.

NVD published: May 13, 2025 • CISA KEV

An authentication bypass in Ivanti Endpoint Manager Mobile's API allows unauthorized access to protected resources. This presents a business risk of data exposure and system compromise. Organizations should assess and mitigate this vulnerability.

NVD published: May 13, 2025 • CISA KEV

A vulnerability in multiple Fortinet products allows unauthenticated attackers to execute arbitrary code via crafted HTTP requests. This could impact business operations and data integrity by allowing unauthorized command execution. Organizations should assess their exposure and apply vendor updates.

NVD published: May 13, 2025 • CISA KEV

Samsung MagicINFO 9 Server is affected by a vulnerability allowing arbitrary file writes with system authority. This poses a significant business risk, potentially leading to system compromise and data breaches. Affected organizations should address this issue promptly.

NVD published: May 13, 2025 • CISA KEV

SAP NetWeaver Visual Composer Metadata Uploader has a vulnerability where a privileged user can upload malicious content. This can compromise the confidentiality, integrity, and availability of the host system, posing a business risk.

NVD published: May 13, 2025 • CISA KEV