Export limit exceeded: 25560 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (25560 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-59862 1 Microsoft 1 Kiota 2026-07-16 7.5 High
Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.0, Kiota's Python generator let attacker-controlled enum value descriptions from x-ms-enum.values[].description flow through KiotaBuilder.SetEnumOptions into Documentation.DescriptionTemplate and PythonConventionService.RemoveInvalidDescriptionCharacters without newline sanitization, allowing generated inline comments to split and execute attacker-controlled Python code at module scope when generated modules were imported. This issue is fixed in version 1.32.0.
CVE-2026-54568 1 Microsoft 1 Ufo 2026-07-16 4.3 Medium
Microsoft UFO open-source framework for intelligent automation across devices and platforms. From 3.0.0 until 3.0.6, a client connected to the UFO WebSocket server as a DEVICE could call DEVICE_INFO_REQUEST with another device's target_id and receive that device's server-side system_info through ufo/server/ws/handler.py, because handle_device_info_request and get_device_info did not enforce the constellation-only role or object-level authorization boundary. This issue is fixed in version 3.0.6.
CVE-2026-58644 1 Microsoft 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 2026-07-16 9.8 Critical
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network.
CVE-2026-55440 1 Microsoft 1 Ufo 2026-07-16 6.5 Medium
Microsoft UFO open-source framework for intelligent automation across devices and platforms. Prior to 3.0.7, the COMMAND_RESULTS handler in ufo/server/ws/handler.py called get_or_create_session in ufo/server/services/session_manager.py without owner_client_id, allowing an authenticated client to create an unowned attacker-chosen session_id such as constellation_task_id = f"{task_name}@{task_id}" and deny the legitimate owner or exhaust memory with phantom sessions. This issue is fixed in version 3.0.7.
CVE-2026-59865 1 Microsoft 1 Kiota 2026-07-16 N/A
Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, `kiota info` read x-ms-kiota-info.languagesInformation.<language>.dependencyInstallCommand plus dependency name and version values from an OpenAPI description and presented the spec-supplied command as Kiota's recommended install command, allowing an attacker-controlled or compromised description to cause command injection when the suggested command was run manually or through the Kiota VS Code extension's kiota info --json dependency-install flow. This issue is fixed in version 1.32.5.
CVE-2026-59864 1 Microsoft 1 Kiota 2026-07-16 N/A
Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, `kiota plugin add` and `kiota plugin generate` (with `-t APIPlugin`) emitted attacker-controlled static_template.file values from x-ai-adaptive-card and x-ai-capabilities into generated Microsoft 365 Copilot and Teams plugin manifests without path validation, allowing ../, absolute, rooted, UNC, Windows drive, or URI paths in response_semantics.static_template.file to cause path traversal or out-of-package file inclusion when the generated plugin was deployed. This issue is fixed in version 1.32.5.
CVE-2026-59866 1 Microsoft 1 Kiota 2026-07-16 N/A
Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, Kiota emitted x-ms-kiota-info clientClassName and clientNamespaceName values without identifier or path sanitization as both generated client class or namespace names and generated output path components when `kiota generate` ran without -c/--class-name, allowing an attacker-controlled or compromised OpenAPI description to write generated source outside the -o output directory and inject arbitrary text into generated class or namespace declarations. This issue is fixed in version 1.32.5 by GenerationConfiguration.SanitizeClientClassName and SanitizeClientNamespaceName.
CVE-2026-59867 1 Microsoft 1 Kiota 2026-07-16 7.1 High
Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, Kiota resolved OpenAPI $ref values by fetching remote http(s) URLs and reading local absolute or out-of-tree file paths, allowing `kiota generate` on an attacker-controlled or attacker-influenced description to perform build-time SSRF, remote file inclusion, and local file inclusion by inlining external schemas such as REMOTE_KIOTA_PROP or Leaked into generated clients. This issue is fixed in version 1.32.5 by AllowedExternalOriginsStreamLoader and the --allowed-external-origins option.
CVE-2026-58614 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-16 5.5 Medium
Out-of-bounds read in Windows Kernel allows an authorized attacker to bypass a security feature locally.
CVE-2026-42900 1 Microsoft 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more 2026-07-16 8.1 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows App Store allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-49165 1 Microsoft 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more 2026-07-16 7.1 High
Use of uninitialized resource in Microsoft Windows App Store allows an authorized attacker to disclose information locally.
CVE-2026-49177 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-16 5.5 Medium
Out-of-bounds read in Windows TCP/IP allows an authorized attacker to disclose information locally.
CVE-2026-54997 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-16 5.5 Medium
Use of uninitialized resource in Windows SMB allows an authorized attacker to disclose information locally.
CVE-2026-58595 1 Microsoft 1 Bing Search 2026-07-16 8.1 High
Improper restriction of rendered ui layers or frames in Microsoft Bing App for IOS allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-49784 1 Microsoft 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more 2026-07-16 7 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Windows App Store allows an authorized attacker to elevate privileges locally.
CVE-2026-59863 1 Microsoft 1 Kiota 2026-07-16 N/A
Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, Kiota honored a poisoned .kiota/workspace.json workspace configuration without validating per-client or per-plugin outputPath values during kiota client generate and kiota plugin generate, allowing a malicious repository or pull request to use absolute paths, rooted POSIX / paths, UNC \\ or // paths, Windows drive X:\ paths, or .. traversal segments to write generated client files outside the workspace root on a developer or CI host. This issue is fixed in version 1.32.5.
CVE-2026-59860 1 Microsoft 1 Kiota 2026-07-16 N/A
Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.3, Kiota is affected by a code-generation injection vulnerability in the C# XML documentation-comment sink (the description, externalDocs label, and externalDocs link fields emitted as /// … comments). When text from an OpenAPI description is written into single-line XML doc comments without stripping newline and Unicode line-terminator characters, an attacker can break out of the /// comment line and inject additional code into generated C# clients. This issue is fixed in version 1.32.3.
CVE-2026-59861 1 Microsoft 1 Kiota 2026-07-16 7.5 High
Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.0, Kiota's Ruby generator embedded OpenAPI default fields, property names, and other schema-derived strings through CodeMethodWriter.cs and SanitizeForQuotedLiteral() in Writers/StringExtensions.cs into Ruby double-quoted literals without escaping #, allowing attacker-controlled #{expr}, #$var, or #@var interpolation markers to inject arbitrary Ruby code into generated model classes. This issue is fixed in version 1.32.0.
CVE-2026-59859 1 Microsoft 1 Kiota 2026-07-16 N/A
Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.4, Kiota's PHP generator embedded OpenAPI description, default fields, property names, and other schema-derived strings into PHP double-quoted literals through SanitizeDoubleQuote() in Writers/StringExtensions.cs without escaping $, allowing attacker-controlled ${...}, $var, or {$obj->prop} interpolation constructs to inject arbitrary PHP code into generated model and request-builder classes. This issue is fixed in version 1.32.4.
CVE-2026-45496 1 Microsoft 1 Visual Studio Code 2026-07-16 5.5 Medium
Improper limitation of a pathname to a restricted directory ('path traversal') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.