Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
Missing authentication for critical function in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges over a network.
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an authorized attacker to execute code over a network.
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.
Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.
Use after free in Windows Deployment Services allows an unauthorized attacker to execute code over a network.
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.