| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper validation of consistency within input in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally. |
| Improper access control in Windows Remote Help Defense allows an authorized attacker to elevate privileges locally. |
| Integer overflow or wraparound in Windows Storage Spaces Direct allows an unauthorized attacker to execute code with a physical attack. |
| Improper limitation of a pathname to a restricted directory ('path traversal') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally. |
| Insufficiently protected credentials in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information over a network. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Windows App Store allows an authorized attacker to elevate privileges locally. |
| Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code locally. |
| Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network. |
| Untrusted search path in Microsoft XML allows an unauthorized attacker to bypass a security feature with a physical attack. |
| Improper authentication in Windows Admin Center allows an authorized attacker to disclose information over a network. |
| Allocation of resources without limits or throttling in Windows HTTP.sys allows an unauthorized attacker to deny service over a network. |
| Improperly implemented security check for standard in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. |
| Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally. |
| Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally. |
| Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally. |
| External control of file name or path in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. |
| A vulnerability was detected in SourceCodester Simple and Nice Shopping Cart Script 1.0. This vulnerability affects unknown code of the file /admin/userproductdeletequery.php. Performing a manipulation of the argument user_id results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. |
| DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. |
| Nexus Repository 3 did not apply its existing Server-Side Request Forgery (SSRF) protections to HTTP redirect targets returned by proxy repository upstream servers. Any user with read access to a proxy repository backed by an attacker-controlled or compromised upstream server — including an anonymous user, if anonymous access is enabled — could receive a response from an internal network address or cloud metadata endpoint as repository content, potentially exposing sensitive information such as cloud IAM credentials. |
| A security vulnerability has been detected in tamagui up to 2.3.0. This affects the function updateConfig of the file code/core/web/src/config.ts. Such manipulation leads to improperly controlled modification of object prototype attributes. The attack may be performed from remote. Upgrading to version 2.3.1 is able to mitigate this issue. The name of the patch is e46af9879b7627934ea4d6d6e46e65cea53abb3d. The affected component should be upgraded. |