Thor before 1.4.0 can construct an unsafe shell command from library input. NOTE: this is disputed by the Supplier because "the method that was fixed can only be used with arguments that are controlled by Thor, and there is no way an attacker can take control of those arguments."

Chromium: CVE-2025-5419 Out of bounds read and write in V8

GitHub CVE-2025-54132: Arbitrary Image Fetch in Mermaid Diagram Tool

WebAssembly Micro Runtime's `--addr-pool` option allows all IPv4 addresses when subnet mask is not specified

Windows MultiPoint Services Elevation of Privilege Vulnerability

Windows Hyper-V Elevation of Privilege Vulnerability

Windows Connected Devices Platform Service Elevation of Privilege Vulnerability

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability

Windows UI XAML Phone DatePickerFlyout Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Windows Defender Firewall Service Elevation of Privilege Vulnerability

Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability

MapUrlToZone Security Feature Bypass Vulnerability

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Microsoft Brokering File System Elevation of Privilege Vulnerability

Windows Defender Firewall Service Elevation of Privilege Vulnerability

Windows Management Service Elevation of Privilege Vulnerability

Windows Connected Devices Platform Service Elevation of Privilege Vulnerability

Windows SMB Client Remote Code Execution Vulnerability