A potential security vulnerability has been identified in the HP One Agent for certain HP PC products, which might allow for escalation of privilege. HP is releasing software updates to mitigate this potential vulnerability.

Missing encryption of sensitive data vulnerability in login component in Synology Active Backup for Business Agent before 2.7.0-3221 allows adjacent man-in-the-middle attackers to obtain user credential via unspecified vectors.

Missing authentication for critical function vulnerability in proxy settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors.

Missing encryption of sensitive data vulnerability in settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors.

Missing authentication for critical function vulnerability in logout functionality in Synology Active Backup for Business Agent before 2.6.3-3101 allows local users to logout the client via unspecified vectors. The backup functionality will continue to operate and will not be affected by the logout.

Unquoted Search Path or Element vulnerability in Grafana Agent (Flow mode) on Windows allows Privilege Escalation from Local User to SYSTEM This issue affects Agent Flow: before 0.43.2

Local active protection service settings manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows, macOS) before build 38565.

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 38235, Acronis Cyber Protect 16 (Windows) before build 39169.

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 38235.

A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows administrator privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.