Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of...

Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of...

Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of...

Reflected Cross-Site Scripting (XSS) Vulnerability in Radware Alteon 34.5.4.0 vADC load-balancer allows an attacker to inject malicious scripts into the website, potentially leading to unauthorized actions, data theft, or other malicious activities.

Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browse...

Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network.

Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

Improper access control in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to disclose information locally.

Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network.

Heap-based buffer overflow in Windows USB Print Driver allows an unauthorized attacker to elevate privileges with a physical attack.

Improper access control in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.

Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.

Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.

Null pointer dereference in Windows Redirected Drive Buffering allows an authorized attacker to deny service locally.

Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.

Improper access control in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.

Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.

Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network.

Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network.