#windows

Forcepoint (Stonesoft VPN Client) versions 6.2.0 and 6.8.0 suffer from a privilege escalation vulnerability.

CrowdStrike Falcon Agent version 6.44.15806 has an uninstall bypass flaw that works without an installation token.

Lavasoft version 4.1.0.409 suffers from an unquoted service path vulnerability.

Virtual Reception version 1.0 suffers from a directory traversal vulnerability.

Covenant version 0.5 suffers from a remote code execution vulnerability.

DSL-124 Wireless N300 ADSL2+ suffers from a backup disclosure vulnerability.

myBB forums version 1.8.26 suffers from a persistent cross site scripting vulnerability.

3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the Electron macOS application.

Dreamer CMS version 4.0.0 suffers from a remote SQL injection vulnerability.

Uniview NVR301-04S2-P4 suffers from a cross site scripting vulnerability.