Page 10 of 19 — 1135 stories total
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
Use after free in Linux MANA Driver allows an authorized attacker to elevate privileges locally.
Improper limitation of a pathname to a restricted directory ('path traversal') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
Improper link resolution before file access ('link following') in Windows Collaborative Translation Framework allows an authorized attacker to elevate privileges locally.
Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network.
Integer overflow or wraparound in Windows Internet (wininet.dll) allows an authorized attacker to elevate privileges locally.
Updated an acknowledgement. This is an informational change only.
Exposure of sensitive information to an unauthorized actor in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally.
Out-of-bounds read in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally.
Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network.
Updated an acknowledgement. This is an informational change only.
Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Access of resource using incompatible type ('type confusion') in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.
No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network.
Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Live Share Canvas SDK allows an authorized attacker to elevate privileges over a network.
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
Exposure of sensitive information to an unauthorized actor in Visual Studio Code allows an unauthorized attacker to disclose information over a network.
Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
Out-of-bounds write in Windows Hotpatch Monitoring Service allows an authorized attacker to elevate privileges locally.
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network.
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.
Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
Untrusted search path in Windows Narrator Braille allows an authorized attacker to elevate privileges locally.
Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.
Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.
Information published.
Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network.
Updated an acknowledgement. This is an informational change only.
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.
Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.
Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.