| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| GDI+ Remote Code Execution Vulnerability |
| Microsoft Outlook Remote Code Execution Vulnerability |
| Microsoft Office OneNote Remote Code Execution Vulnerability |
| Microsoft Excel Security Feature Bypass Vulnerability |
| Microsoft Office Graphics Remote Code Execution Vulnerability |
| Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11. |
| A vulnerability was identified in h2oai h2o-3 up to 7402. Affected by this issue is the function importFiles of the file h2o-core/src/main/java/water/persist/PersistNFS.java of the component ImportFile API. Such manipulation leads to information disclosure. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. |
| Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally. |
| Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally. |
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
| Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
| Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally. |
| Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. |
| Improper access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally. |
| Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to validate the Host header when constructing response URLs for custom slash commands which allows an authenticated attacker to redirect slash command responses to an attacker-controlled server via a spoofed Host header.. Mattermost Advisory ID: MMSA-2026-00582 |
