| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Biometric Service allows an unauthorized attacker to bypass a security feature with a physical attack. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally. |
| Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally. |
| Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges locally. |
| Use after free in Windows WalletService allows an authorized attacker to elevate privileges locally. |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally. |
| Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. |
| Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally. |
| Improper neutralization of input during web page generation ('cross-site scripting') in Office Out-of-Box Experience allows an unauthorized attacker to perform spoofing over a network. |
| Improper neutralization of input during web page generation ('cross-site scripting') in Azure Cosmos DB allows an unauthorized attacker to perform spoofing over a network. |
| Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally. |
| '.../...//' in Microsoft Purview allows an authorized attacker to execute code over a network. |
| Out-of-bounds read in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally. |
| Improper control of generation of code ('code injection') in Azure Container Apps allows an unauthorized attacker to execute code over a network. |
| Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally. |
| OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Google Chat group policy enforcement that relies on mutable space display names. Attackers can rebind group policies by changing or colliding space display names to gain unauthorized access to protected resources. |
| Improper authorization in Microsoft Partner Center allows an unauthorized attacker to elevate privileges over a network. |
