Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Improper access control in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to disclose information locally.

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.

Certain HP DeskJet All in One devices may be vulnerable to remote code execution caused by a buffer overflow when specially crafted Web Services for Devices (WSD) scan requests are improperly validate...

Dell Storage Manager - Replay Manager for Microsoft Servers, version(s) 8.0, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially ex...

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 6.0.0 and prior to version 10.2.2, in the friends feature, a user coul...

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. All new installations of DNN 10.x.x - 10.2.1 have the same Host GUID. This does not affect...

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could inclu...

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Microsoft Active Directory). The supported version that is affected is 12.2.1.4.0. Difficult to...

Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.

Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.

Uncontrolled search path element in Microsoft Power Apps allows an unauthorized attacker to execute code over a network.

Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network.

Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network.

Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network.

Jenkins Microsoft Entra ID (previously Azure AD) Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks.

A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privilege user can replace files during the installation process, which may resu...