Michal Bazyli

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows (affected versions not specified) **Description** The issue is related to errors in privilege management, allowing an attacker to potentially elevate their privileges to SYSTEM. This can be achieved by exploiting a certain DLL that is vulnerable to race conditions, enabling the planting of a customized DLL with Local Service privilege. The vulnerability can be exploited to affect the system, but specific details about the number of potentially affected devices or real-world incidents are not provided. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM Tivoli Netcool/Impact version 7.1.0 **Description** The issue allows for remote execution of commands by a low-privileged user, enabling remote code execution. This can lead to the execution of arbitrary code on the system, resulting in potential control over the system. **Recommendations** For IBM Tivoli Netcool/Impact version 7.1.0, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** CKEditor 5 versions prior to 10.0.1 status-board versions prior to 10.0.1 **Description** A cross-site scripting issue allows remote attackers to inject arbitrary web script through a crafted `href` attribute of a link element. The ` createPreviewButton()` function fails to sanitize the `href` attribute of a created `<a>` tag, which may allow attackers to execute arbitrary JavaScript in a victim's browser. **Recommendations** For CKEditor 5 versions prior to 10.0.1, upgrade to version 10.0.1 or later. For status-board versions prior to 10.0.1, upgrade to version 10.0.1 or later.