| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Svelte is a performance oriented web framework. Prior to version 5.55.7, Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks. This issue has been patched in version 5.55.7. |
| Svelte is a performance oriented web framework. From version 5.51.5 to before version 5.55.7, an internal regex in the Svelte runtime can take exponential time to test in <svelte:element this={tag}></svelte:element>. This issue has been patched in version 5.55.7. |
| Svelte is a performance oriented web framework. Prior to version 5.55.7, when using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an application spreads user-controlled or external data as element attributes, an attacker can inject malicious event handlers that execute in victims' browsers. Note that this vulnerability only triggers if the user's browser has JavaScript enabled but Svelte's hydration mechanism does not reach the vulnerable element before the event fires. This issue has been patched in version 5.55.7. |
| Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally. |
| Null pointer dereference in Windows Kerberos allows an authorized attacker to deny service over a network. |
| Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally. |
| Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally. |
| Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. |
| Incorrect calculation of buffer size in Windows TCP/IP allows an authorized attacker to deny service over an adjacent network. |
| Out-of-bounds read in Windows Telephony Service allows an authorized attacker to disclose information locally. |
| Exposure of sensitive information to an unauthorized actor in Windows Hyper-V allows an authorized attacker to disclose information locally. |
| Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally. |
| Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally. |
| Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally. |
| Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally. |
| Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network. |
| Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network. |
| Use after free in Windows Network Controller (NC) Host Agent allows an authorized attacker to deny service locally. |
| Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. |
