Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileges locally.

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.

Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized attacker to disclose information locally.

In Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0, a low-privilege user can replace an executable file during the installation process, which may result in unintended elevation of privil...

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 3.0.0 to before 3.1.0, if Himmelblau is deployed without a configured tenant domain in himmelblau.conf, authentica...

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Prior to 3.1.0 and 2.3.8, the himmelblaud-tasks daemon, running as root, writes Kerberos cache files under /tmp/krb5cc_...

Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability

The Post SMTP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `handle_office365_oauth_redirect()` function in all versions up to, and i...

Microsoft Dynamics 365 Customer Engagement (on-premises) 1612 (9.0.2.3034) allows the generation of customized reports via raw SQL queries in an upload of a .rdl (Report Definition Language) file; thi...

ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrec...

Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to perform tampering over a network.

Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to disclose information over a network.

Server-side request forgery (ssrf) in Microsoft Exchange allows an authorized attacker to elevate privileges over a network.