| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability (CVE-2026-5061) is fixed in consul-template 0.42.0. |
| Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network. |
| Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to perform tampering over a network. |
| Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network. |
| User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. |
| Execution with unnecessary privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network. |
| Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. |
| Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally. |
| Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally. |
| Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network. |
| Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally. |
| Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally. |
| Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service locally. |
| Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally. |
| Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally. |
| Integer underflow (wrap or wraparound) in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. |
| Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally. |
| Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally. |
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. |
| Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
