| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper neutralization of special elements used in a command ('command injection') in Azure Command Line Integration (CLI) allows an unauthorized attacker to elevate privileges locally. |
| Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network. |
| Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally. |
| Uncontrolled resource consumption in Windows Deployment Services allows an unauthorized attacker to deny service locally. |
| Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network. |
| Uncontrolled resource consumption in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network. |
| Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code over a network. |
| Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network. |
| This issue was addressed through improved state management. This issue is fixed in macOS Tahoe 26.3, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3, Safari 26.3. Processing maliciously crafted web content may lead to an unexpected process crash. |
| AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, handling of chunked messages can result in excessive blocking CPU usage when receiving a large number of chunks. If an application makes use of the request.read() method in an endpoint, it may be possible for an attacker to cause the server to spend a moderate amount of blocking CPU time (e.g. 1 second) while processing the request. This could potentially lead to DoS as the server would be unable to handle other requests during that time. This issue is fixed in version 3.13.3. |
| Microsoft 365 Copilot BizChat Information Disclosure Vulnerability |
| Microsoft 365 Copilot BizChat Information Disclosure Vulnerability |
| Allocation of resources without limits or throttling in Windows DirectX allows an authorized attacker to deny service over a network. |
| Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code locally. |
| A vulnerability has been found in UTT HiPER 810 1.7.4-141218. This issue affects the function setSysAdm of the file /goform/formUser. The manipulation of the argument passwd1 leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
| A vulnerability was determined in UTT HiPER 810 1.7.4-141218. The impacted element is the function sub_4407D4 of the file /goform/formReleaseConnect of the component rehttpd. Executing a manipulation of the argument Isp_Name can lead to command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. |
| Improper neutralization of special elements used in a command ('command injection') in SQL Server allows an authorized attacker to elevate privileges over a network. |
| Ai command injection in Agentic AI and Visual Studio Code allows an unauthorized attacker to execute code over a network. |
| A vulnerability was detected in UTT HiPER 810 1.7.4-141218. The impacted element is the function sub_43F020 of the file /goform/formPdbUpConfig. Performing a manipulation of the argument policyNames results in command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. |
| Improper neutralization of special elements used in a command ('command injection') in Windows PowerShell allows an unauthorized attacker to execute code locally. |
