Common Vulnerabilities and Exposures (CVE)
CVE-2022-43551
A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provide...
CVE-2023-28322
An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has bee...
CVE-2026-20646
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.3. A malicious app may be able to read sensitive location information.
CVE-2026-20667
A logic issue was addressed with improved checks. This issue is fixed in watchOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 26.3 and iPadOS 26.3. An app may be able to break out of its sandbox.
CVE-2025-29795
Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally.
CVE-2025-24053
Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.
CVE-2025-30392
Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-26634
Heap-based buffer overflow in Windows Core Messaging allows an authorized attacker to elevate privileges over a network.
CVE-2025-26645
Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2025-26643
The UI performs the wrong action in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-26633
Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.
CVE-2025-26631
Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally.
CVE-2025-26630
Use after free in Microsoft Office Access allows an unauthorized attacker to execute code locally.
CVE-2025-26629
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-26627
Improper neutralization of special elements used in a command ('command injection') in Azure Arc allows an authorized attacker to elevate privileges locally.