| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| This issue was addressed with improved access restrictions. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. Processing maliciously crafted web content may disclose sensitive user information. |
| A validation issue was addressed with improved logic. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. |
| Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.1, an authenticated Server-Side Request Forgery (SSRF) vulnerability in the Xibo CMS allows users with Library upload permissions to make arbitrary HTTP requests from the CMS server to internal or external network resources. This can be exploited to scan internal infrastructure, access local cloud metadata endpoints (e.g., AWS IMDS), interact with internal services that lack authentication, or exfiltrate data. This vulnerability is fixed in 4.4.1. |
| linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSO_URL + "/*", i.e. "https://login.microsoftonline.com/*". Chrome's urlFilter without a | or || anchor is substring-matched against the full request URL. The same applied rule action is modifyHeaders that attaches the Entra ID Primary Refresh Token cookie. The Firefox adapter in platform/firefox/js/platform-firefox.js:53 performs a belt-and-braces startsWith(Platform.SSO_URL) check before injecting the header; the Chrome adapter does not. When the extension holds broad host permissions through the optional_host_permissions: ["https://*/*"] declared in platform/chrome/manifest.json:34, a main-frame navigation to a URL whose path embeds https://login.microsoftonline.com/ causes Chrome to attach the PRT cookie to the request to the attacker-controlled host. This vulnerability is fixed in 1.8.1. |
| SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder with improper file access permission settings. A non-administrative user may manipulate and/or place arbitrary files within the installation folder of the product. As a result, arbitrary code may be executed with the administrative privilege. |
| The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability (CVE-2026-5061) is fixed in consul-template 0.42.0. |
| Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network. |
| Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to perform tampering over a network. |
| Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network. |
| User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. |
| Execution with unnecessary privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network. |
| Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. |
| Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally. |
| Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally. |
| Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network. |
| Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally. |
| Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally. |
| Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service locally. |
| Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally. |
| Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally. |
