| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| There is a stored Cross‑Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS Sites versions 11.1 and below that may allow a remote, authenticated attacker with high‑privileged access to create a crafted link that is persisted within the site configuration. When accessed by a victim, the stored payload may execute arbitrary JavaScript code in the victim’s browser. Successful exploitation could allow the attacker to access sensitive user data and session information, alter trusted site content and user actions, and disrupt normal site functionality, resulting in a high impact to confidentiality, integrity, and availability. |
| Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally. |
| Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network. |
| Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network. |
| Heap-based buffer overflow in Windows Core Messaging allows an authorized attacker to elevate privileges over a network. |
| Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network. |
| The UI performs the wrong action in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. |
| Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally. |
| Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally. |
| Use after free in Microsoft Office Access allows an unauthorized attacker to execute code locally. |
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. |
| Improper neutralization of special elements used in a command ('command injection') in Azure Arc allows an authorized attacker to elevate privileges locally. |
| Improper neutralization of special elements used in a command ('command injection') in Azure Command Line Integration (CLI) allows an unauthorized attacker to elevate privileges locally. |
| Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally. |
| Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally. |
| Buffer over-read in Windows NTFS allows an unauthorized attacker to disclose information locally. |
| Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally. |
| Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally. |
| Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack. |
| Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally. |
