Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters 1
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.
Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
Protection mechanism failure in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally.
Improper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthorized attacker to execute code locally.
Under specific conditions, a malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent. This could result in disclosure of sto
User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an authorized attacker to perform spoofing over a network.
Out-of-bounds read in Windows WLAN Auto Config Service allows an authorized attacker to disclose information locally.
External control of file name or path in Windows Storage allows an authorized attacker to perform spoofing over a network.
Use of a broken or risky cryptographic algorithm in Office Developer Platform allows an authorized attacker to bypass a security feature locally.
Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network.
Page 1+ Next →