| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. |
| Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. |
| Relative path traversal in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. |
| Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. |
| Relative path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally. |
| Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. |
| Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. |
| Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network. |
| Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. |
| Improper authorization in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. |
| Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. |
| Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. |
| Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. |
| Use after free in Microsoft Edge (Chromium-based) allows an authorized attacker to execute code over a network. |
| Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Entra ID allows an authorized attacker to perform spoofing over a network. |
| Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. |
| Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
| The OpenAPI.NET SDK contains a useful object model for OpenAPI documents in .NET along with common serializers to extract raw OpenAPI JSON and YAML documents from the model. From 2.0.0-preview11 until 2.7.5 and 3.5.4, a small OpenAPI document containing a circular schema reference can cause process termination through stack overflow in Microsoft.OpenApi. The issue affects OpenAPI document parsing through public OpenAPI.NET reader APIs and has been confirmed across both JSON and YAML reader paths. This vulnerability is fixed in 2.7.5 and 3.5.4. |
| Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally. |
| A flaw was found in GLib. A denial of service on Windows platforms may occur if an application attempts to spawn a program using long command lines. |