Improper neutralization of special elements used in a command ('command injection') in Visual Studio Code allows an unauthorized attacker to execute code locally.
Missing cryptographic step in Windows CryptoAPI allows an authorized attacker to perform tampering locally.
External control of file name or path in SQL Server allows an authorized attacker to elevate privileges locally.
Deserialization of untrusted data in SQL Server allows an authorized attacker to execute code over a network.
Deserialization of untrusted data in SQL Server allows an authorized attacker to execute code over a network.
Improper validation of specified type of input in .NET Framework allows an unauthorized attacker to deny service over a network.
Integer overflow or wraparound in Microsoft Defender allows an unauthorized attacker to execute code locally.
Integer underflow (wrap or wraparound) in Microsoft Defender allows an unauthorized attacker to execute code locally.
Improper authentication in Azure Spring Apps allows an authorized attacker to elevate privileges over a network.
Deserialization of untrusted data in Microsoft Exchange Server allows an authorized attacker to elevate privileges locally.
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
Insufficient granularity of access control in Microsoft Exchange Server allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Microsoft Exchange Server allows an authorized attacker to execute code over a network.
Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code locally.
Use after free in Reliable Multicast Transport Driver (RMCAST) allows an unauthorized attacker to execute code over a network.