Exposure of private personal information to an unauthorized actor in Windows RDP allows an unauthorized attacker to disclose information over a network.
Authentication bypass using an alternate path or channel in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform tampering over a network.
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Backup Engine allows an authorized attacker to elevate privileges locally.
Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network.
Integer overflow or wraparound in Windows Terminal allows an unauthorized attacker to execute code over a network.
Improper encoding or escaping of output in .NET allows an authorized attacker to perform spoofing over a network.
Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network.
Improper control of generation of code ('code injection') in .NET Framework allows an unauthorized attacker to elevate privileges locally.
Deserialization of untrusted data in .NET allows an unauthorized attacker to execute code locally.
Allocation of resources without limits or throttling in .NET Framework allows an unauthorized attacker to deny service over a network.
Protection mechanism failure in .NET Framework allows an unauthorized attacker to execute code locally.
Incorrect authorization in .NET allows an unauthorized attacker to bypass a security feature over a network.
Stack-based buffer overflow in .NET Framework allows an unauthorized attacker to deny service over a network.
Improper link resolution before file access ('link following') in .NET allows an authorized attacker to perform tampering locally.
Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network.
Improper validation of specified type of input in .NET Framework allows an unauthorized attacker to deny service over a network.
Protection mechanism failure in Visual Studio allows an unauthorized attacker to execute code locally.
Improper verification of cryptographic signature in .NET allows an unauthorized attacker to bypass a security feature over a network.
Authentication bypass by assumed-immutable data in ASP.NET Core allows an authorized attacker to elevate privileges over a network.
Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network.
Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges over a network.
Incorrect implementation of authentication algorithm in ASP.NET Core allows an authorized attacker to elevate privileges over a network.
Out-of-bounds read in Active Directory Federation Services (AD FS) allows an authorized attacker to disclose information over a network.
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
Origin validation error in Windows Network Address Translation (NAT) allows an unauthorized attacker to perform spoofing over an adjacent network.
Missing cryptographic step in Windows Boot Loader allows an authorized attacker to bypass a security feature locally.
Use after free in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally.
Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Wireless Networking allows an authorized attacker to elevate privileges locally.
Uncontrolled resource consumption in Windows DHCP Server allows an unauthorized attacker to deny service over a network.
Use after free in Windows Remote Desktop Services allows an authorized attacker to execute code over a network.
Use after free in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally.
Improper access control in Microsoft 365 Copilot for iOS allows an unauthorized attacker to elevate privileges over a network.
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
Integer overflow or wraparound in Windows RDP allows an unauthorized attacker to execute code over a network.
Access of resource using incompatible type ('type confusion') in Windows DWM allows an authorized attacker to elevate privileges locally.
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges with a physical attack.
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.
Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.
Improper access control in Windows Kernel allows an authorized attacker to bypass a security feature locally.
Heap-based buffer overflow in Universal Plug and Play (upnp.dll) allows an authorized attacker to elevate privileges locally.
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally.
Use after free in Microsoft NAT Helper Components (ipnathlp.dll) allows an authorized attacker to elevate privileges locally.
Integer overflow or wraparound in Windows Kernel allows an authorized attacker to elevate privileges locally.
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB allows an authorized attacker to elevate privileges over a network.