| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Windows Network File System Remote Code Execution Vulnerability |
| An improper access control vulnerability in the Azure Managed Instance for Apache Cassandra allows an authenticated attacker to elevate privileges over a network. |
| An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network. |
| Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability |
| Windows TCP/IP Remote Code Execution Vulnerability |
| Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability |
| Windows Network Virtualization Remote Code Execution Vulnerability |
| Windows Network Virtualization Remote Code Execution Vulnerability |
| Azure Stack Hub Spoofing Vulnerability |
| Arc before 1.26.1 on Windows has a bypass issue in the site settings that allows websites (with previously granted permissions) to add new permissions when the user clicks anywhere on the website. |
| Windows KDC Proxy Remote Code Execution Vulnerability |
| .NET and Visual Studio Remote Code Execution Vulnerability |
| Improper neutralization of input during web page generation ('Cross-site Scripting') in Copilot Studio by an unauthorized attacker leads to elevation of privilege over a network. |
| Azure CycleCloud Remote Code Execution Vulnerability |
| Microsoft Configuration Manager Remote Code Execution Vulnerability |
| Windows Netlogon Elevation of Privilege Vulnerability |
| Improper authorization in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Linux and Microsoft Windows Octopus Server on Windows, Linux allows SQL Injection.This issue affects Octopus Server: from 2024.1.0 before 2024.1.13038, from 2024.2.0 before 2024.2.9482, from 2024.3.0 before 2024.3.12766. |
| A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied. |
| CWE-502 Deserialization of Untrusted Data at the rabbitmq-connector plugin module in Apache EventMesh (incubating) V1.7.0\V1.8.0 on windows\linux\mac os e.g. platforms allows attackers to send controlled message and
remote code execute via rabbitmq messages. Users can use the code under the master branch in project repo to fix this issue, we will release the new version as soon as possible. |
