| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
| Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. |
| Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. |
| Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. |
| Insertion of sensitive information into log file in Active Directory Federation Services allows an unauthorized attacker to disclose information locally. |
| Exposure of sensitive information to an unauthorized actor in Microsoft Failover Cluster Virtual Driver allows an authorized attacker to disclose information locally. |
| Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. |
| Uncontrolled resource consumption in Windows Remote Procedure Call allows an unauthorized attacker to deny service over a network. |
| A Cross-Site Request Forgery (CSRF) in the component /endpoints/currency/currency of Wallos v4.1.1 allows attackers to execute arbitrary operations via a crafted GET request. |
| An issue in the Configure New Cluster interface of kafka-ui v0.6.0 to v0.7.2 allows attackers to cause a Denial of Service (DoS) via uploading a crafted configuration file. |
| Improper input validation in the component /kafka/ui/serdes/CustomSerdeLoader.java of kafka-ui v0.6.0 to v0.7.2 allows attackers to execute arbitrary code via supplying crafted data. |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Monitoring recurrent downtime scheduler modules) allows Stored XSS.This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28. |
| A vulnerability in the web-based management interface of network access point configuration services could allow an authenticated remote attacker to perform remote command execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. |
| An incorrect OIDC authentication flow in Claroty Secure Access 3.3.0 through 4.0.2 can result in unauthorized user creation or impersonation of existing OIDC users. |
| Out-of-bounds read in Windows WLAN Auto Config Service allows an authorized attacker to disclose information locally. |
| Null pointer dereference in Windows DirectX allows an authorized attacker to deny service over a network. |
| Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally. |
| Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. |
| Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. |
