| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Sensitive data storage in improperly locked memory in Windows Update Stack allows an authorized attacker to elevate privileges locally. |
| Sensitive data storage in improperly locked memory in Microsoft Streaming Service allows an unauthorized attacker to deny service over a network. |
| Sensitive data storage in improperly locked memory in Windows TCP/IP allows an unauthorized attacker to execute code over a network. |
| Sensitive data storage in improperly locked memory in Windows upnphost.dll allows an authorized attacker to elevate privileges locally. |
| Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to disclose information locally. |
| Files or directories accessible to external parties in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally. |
| Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network. |
| Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally. |
| Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally. |
| Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally. |
| Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally. |
| Improper link resolution before file access ('link following') in Windows Performance Recorder allows an authorized attacker to deny service locally. |
| Improper link resolution before file access ('link following') in Windows AppX Deployment Service allows an authorized attacker to elevate privileges locally. |
| Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network. |
| Improper link resolution before file access ('link following') in Windows Update Service allows an authorized attacker to elevate privileges locally. |
| Deserialization of untrusted data in Microsoft Office allows an unauthorized attacker to elevate privileges locally. |
| Improper link resolution before file access ('link following') in Service Fabric allows an authorized attacker to elevate privileges locally. |
| Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
| Coder allows organizations to provision remote development environments via Terraform. Prior to 2.26.5, 2.27.7, and 2.28.4, Workspace Agent manifests containing sensitive values were logged in plaintext unsanitized. An attacker with limited local access to the Coder Workspace (VM, K8s Pod etc.) or a third-party system (SIEM, logging stack) could access those logs. This vulnerability is fixed in 2.26.5, 2.27.7, and 2.28.4. |
| Multiple denial of service vulnerabilities exist in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack.
The vulnerabilities are triggered by sending specially crafted HTTP requests to Server Function endpoints, and could lead to server crashes, out-of-memory exceptions or excessive CPU usage; depending on the vulnerable code path being exercised, the application configuration and application code.
Strongly consider upgrading to the latest package versions to reduce risk and prevent availability issues in applications using React Server Components. |
