Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.1, an authenticated Server-Side Request Forgery (SSRF) vulnerability in the Xibo CMS allows users with Library upload permissions to make arbitrary HTTP requests fro...

Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.

Improper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthorized attacker to execute code locally.

Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network.

External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.

Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally.

Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.

Use after free in Data Deduplication allows an authorized attacker to elevate privileges locally.

Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network.

External control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

Improper access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally.

Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.

Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.