| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Microsoft Defender for Endpoint on Android Spoofing Vulnerability |
| Microsoft System Center Elevation of Privilege Vulnerability |
| An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiNAC-F 7.6.3 through 7.6.5, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.12, FortiProxy 7.2.0 through 7.2.15, FortiProxy 7.0.0 through 7.0.22, FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices. |
| Authenticated administrators connected to the local network can gain
elevated access to the router and make unauthorized changes to router
software and functionality. |
| An OS command injection vulnerability in Ivanti EPMM before 12.9.0.1, 12.8.0.3 and 12.7.0.2 versions allows a remote authenticated attacker to execute arbitrary commands as root |
| Remote Desktop Protocol Server Remote Code Execution Vulnerability |
| Windows Kernel Elevation of Privilege Vulnerability |
| Windows Kernel Elevation of Privilege Vulnerability |
| Windows Secure Kernel Mode Elevation of Privilege Vulnerability |
| Windows Secure Kernel Mode Elevation of Privilege Vulnerability |
| Relative path traversal in Microsoft Defender for Endpoint allows an authorized attacker to perform spoofing locally. |
| Azure Stack Hyperconverged Infrastructure (HCI) Elevation of Privilege Vulnerability |
| Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector. |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| Missing authorization in Power Platform allows an unauthenticated attacker to view sensitive information through a network attack vector. |
| Improper access control in Imagine Cup allows an authorized attacker to elevate privileges over a network. |
| Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector |
| Winlogon Elevation of Privilege Vulnerability |
| Visual Studio Collector Service Denial of Service Vulnerability |
| Remote Desktop Client Remote Code Execution Vulnerability |
