| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network. |
| Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. |
| Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network. |
| Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally. |
| Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally. |
| Missing Authorization vulnerability in BlockArt Magazine Blocks magazine-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Magazine Blocks: from n/a through <= 1.8.3. |
| Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. |
| Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. |
| Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed. |
| A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system. |
| Use after free in Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) allows an authorized attacker to elevate privileges locally. |
| Time-of-check time-of-use (toctou) race condition in Windows LUAFV allows an authorized attacker to elevate privileges locally. |
| Use after free in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally. |
| Stack-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. |
| Null pointer dereference in Windows Redirected Drive Buffering allows an authorized attacker to deny service locally. |
| Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code locally. |
| Use after free in Windows Server Update Service allows an authorized attacker to elevate privileges locally. |
| Use after free in Windows Container Isolation FS Filter Driver allows an authorized attacker to elevate privileges locally. |
| Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally. |
