| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Use after free in Windows Shell allows an authorized attacker to elevate privileges locally. |
| Double free in Windows Shell allows an authorized attacker to elevate privileges locally. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. |
| Buffer over-read in Windows Kernel Memory allows an authorized attacker to disclose information locally. |
| Improper input validation in Microsoft PowerShell allows an authorized attacker to elevate privileges locally. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. |
| Use after free in DevTools in Google Chrome prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) |
| Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) |
| Race in GPU in Google Chrome on Windows prior to 147.0.7727.117 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: Medium) |
| Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network. |
| Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network. |
| Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network. |
| Uncontrolled search path element in Microsoft Power Apps allows an unauthorized attacker to execute code over a network. |
| Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network. |
| Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network. |
| Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network. |
| Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network. |
| Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to elevate privileges over a network. |
