A vulnerability has been identified in Altair Grid Engine (All versions < V2026.0.0). Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 11). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
When using the Grafana Snowflake Datasource Plugin, if Oauth passthrough is enabled on the datasource, and multiple users are using the same datasource at the same time on a single Grafana instance,. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). Rated medium severity (CVSS 5.6), this vulnerability is no authentication required. No vendor patch available.
A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.
Format Plugins versions 1.1.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Format Plugins versions 1.1.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Format Plugins versions 1.1.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Format Plugins versions 1.1.1 and earlier are affected by a Use After Free vulnerability that could lead to memory exposure. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Format Plugins versions 1.1.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Format Plugins versions 1.1.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Format Plugins versions 1.1.1 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Format Plugins versions 1.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Format Plugins versions 1.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature locally. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper limitation of a pathname to a restricted directory ('path traversal') in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to bypass a security feature locally. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.
Improper neutralization of special elements used in a command ('command injection') in Visual Studio Code CoPilot Chat Extension allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Heap-based buffer overflow in Windows Subsystem for Linux GUI allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Double free in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges. Rated high severity (CVSS 7.0). No vendor patch available.
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code locally. Rated medium severity (CVSS 6.7). No vendor patch available.
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.
Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Illustrator on iPad versions 3.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Illustrator versions 28.7.10, 29.8.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Illustrator on iPad versions 3.0.9 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Illustrator on iPad versions 3.0.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Illustrator on iPad versions 3.0.9 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Illustrator on iPad versions 3.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Illustrator versions 28.7.10, 29.8.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Photoshop Desktop versions 26.8.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.