| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Reflected Cross-site Scripting (XSS) in Alkacon's OpenCms v18.0, which allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL containing the ‘q’ parameter in ‘/search/index.html’. This vulnerability can be exploited to steal sensitive user information such as session cookies, or to perform actions while impersonating the user. |
| Stored Cross-Site Scripting (XSS) in Alkacon's OpenCms v18.0, which occurs when user input is not properly validated when sending a POST request to ‘/blog/new-article/org.opencms.ugc.CmsUgcEditService.gwt’ using the ‘text’ parameter. |
| No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| Improper input validation in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally. |
| Improper neutralization of input during web page generation ('cross-site scripting') in Nuance Digital Engagement Platform allows an unauthorized attacker to perform spoofing over a network. |
| Improper input validation in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally. |
| Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code over a network. |
| '.../...//' in Microsoft Office Outlook allows an authorized attacker to execute code locally. |
| Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| Improper input validation in Microsoft Office allows an unauthorized attacker to execute code locally. |
| Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
| Binding to an unrestricted ip address in GitHub allows an unauthorized attacker to execute code over a network. |
| Improper input validation in Microsoft Office Outlook allows an authorized attacker to execute code locally. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
| Azure Bot Service Elevation of Privilege Vulnerability |
