A vulnerability classified as critical has been found in code-projects Chat System 1.0. Affected is an unknown function of the file /user/fetch_member.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the…

Improper control of generation of code ('code injection') in Azure Monitor Agent allows an unauthorized attacker to execute code over an adjacent network.

Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to execute code locally.

Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network.

Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network.

Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Teams allows an authorized attacker to elevate privileges locally.

Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network.

Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.