Latest CVE Feed
Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network.
Stack-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an authorized attacker to elevate privileges locally.
Improper neutralization of special elements used in a command ('command injection') in Windows Snipping Tool allows an unauthorized attacker to execute code locally.
Improper privilege management in Microsoft Windows allows an authorized attacker to deny service locally.
Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.
Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.
Improper input validation in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.
Use after free in Windows User Interface Core allows an authorized attacker to elevate privileges locally.
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.