| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Microsoft Digest Authentication Remote Code Execution Vulnerability |
| Microsoft Digest Authentication Remote Code Execution Vulnerability |
| Visual Studio Installer Elevation of Privilege Vulnerability |
| Azure Network Watcher VM Extension Elevation of Privilege Vulnerability |
| There is an improper access control issue in ArcGIS Server versions 11.3 and below on Windows and Linux which, under unique circumstances, could allow a remote, low‑privileged authenticated attacker to access secure services published to a standalone (unfederated) ArcGIS Server instance. Successful exploitation results in unauthorized access to protected services outside the attacker’s originally assigned authorization boundary, constituting a scope change. If exploited, this issue would have a high impact on confidentiality, a low impact on integrity, and no impact on the availability of the software. |
| The UI performs the wrong action in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. |
| Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally. |
| Improper authorization in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network. |
| Improper input validation in Microsoft Dynamics allows an unauthorized attacker to disclose information over a network. |
| Improper input validation in Azure Local allows an authorized attacker to elevate privileges locally. |
| Improper access control in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally. |
| Improper input validation in Windows Hyper-V allows an unauthorized attacker to deny service locally. |
| Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. |
| Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally. |
| Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally. |
| Improper input validation in Active Directory Certificate Services (AD CS) allows an authorized attacker to deny service over a network. |
| Improper input validation in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally. |
| A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5. Restoring a maliciously crafted backup file may lead to modification of protected system files. |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. An app may be able to monitor keystrokes without user permission. |
| The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3, macOS Sonoma 14.8.4. An app may be able to cause a denial-of-service. |
