Stack-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows UI XAML Maps MapControlSettings allows an authorized attacker to elevate privileges locally.
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
Heap-based buffer overflow in Microsoft Office Visio allows an unauthorized attacker to execute code locally.
Free of memory not on the heap in Microsoft Office allows an unauthorized attacker to execute code locally.
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Free of memory not on the heap in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Integer overflow or wraparound in Windows SPNEGO Extended Negotiation allows an authorized attacker to elevate privileges locally.
Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
Use after free in Windows UI XAML Phone DatePickerFlyout allows an authorized attacker to elevate privileges locally.
Integer overflow or wraparound in Windows Kernel allows an authorized attacker to elevate privileges locally.
Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.
Use after free in Windows SMBv3 Client allows an authorized attacker to execute code over a network.
Stack-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
Improper restriction of communication channel to intended endpoints in Windows PowerShell allows an authorized attacker to elevate privileges locally.
ColdFusion versions 2025.3, 2023.15, 2021.21 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary code execution by an attacker. The victim must have optional configurations enabled. Scope is changed.
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access.
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access.
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access.
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Scope is changed
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an XML Injection vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to manipulate XML queries and gain limited unauthorized write access.
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. This could result in bypassing security features within the application. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field.
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to manipulate server-side requests and bypass security controls allowing unauthorized read access.
Cross-Site Request Forgery (CSRF) vulnerability in Helmut Wandl Advanced Settings allows Cross Site Request Forgery. This issue affects Advanced Settings: from n/a through 3.1.1.
Missing Authorization vulnerability in Equalize Digital Accessibility Checker by Equalize Digital allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Accessibility Checker by Equalize Digital: from n/a through 1.31.0.
Server-Side Request Forgery (SSRF) vulnerability in Rhys Wynne WP eBay Product Feeds allows Server Side Request Forgery. This issue affects WP eBay Product Feeds: from n/a through 3.4.8.
Missing Authorization vulnerability in WP Swings PDF Generator for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF Generator for WordPress: from n/a through 1.5.4.
Missing Authorization vulnerability in BerqWP BerqWP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BerqWP: from n/a through 2.2.53.
Missing Authorization vulnerability in recorp Export WP Page to Static HTML/CSS allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Export WP Page to Static HTML/CSS: from n/a through 4.1.0.
Missing Authorization vulnerability in Equalize Digital Accessibility Checker by Equalize Digital allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Accessibility Checker by Equalize Digital: from n/a through 1.31.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pixeline Pixeline's Email Protector allows Stored XSS. This issue affects Pixeline's Email Protector: from n/a through 1.3.8.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stefano Lissa Include Me allows Stored XSS. This issue affects Include Me: from n/a through 1.3.2.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nanbu Welcart e-Commerce allows Stored XSS. This issue affects Welcart e-Commerce: from n/a through 2.11.20.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Additional Custom Product Tabs for WooCommerce allows Stored XSS. This issue affects Additional Custom Product Tabs for WooCommerce: from n/a through 1.7.3.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AntoineH Football Pool allows Stored XSS. This issue affects Football Pool: from n/a through 2.12.6.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joe Dolson My Tickets allows Stored XSS. This issue affects My Tickets: from n/a through 2.0.22.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in silverplugins217 Dynamic Text Field For Contact Form 7 allows Stored XSS. This issue affects Dynamic Text Field For Contact Form 7: from n/a through 1.0.
Cross-Site Request Forgery (CSRF) vulnerability in Cristiano Zanca WooCommerce Booking Bundle Hours allows Stored XSS. This issue affects WooCommerce Booking Bundle Hours: from n/a through 0.7.4.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasTech ShopLentor allows Stored XSS. This issue affects ShopLentor: from n/a through 3.2.0.