Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a netwo
Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.
Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally.
Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally.
Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally.
Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.
Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.
Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack.
Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network.
Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
Out-of-bounds read in Telnet Client allows an unauthorized attacker to disclose information over a network.
Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized attacker to bypass a security feature over a network.