Improper authentication in Windows Storage allows an authorized attacker to elevate privileges locally.

Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.

Improper neutralization of special elements used in a command ('command injection') in Github Copilot allows an unauthorized attacker to execute code over a network.

Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally.

Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.

Improper neutralization of input during web page generation ('cross-site scripting') in Azure HDInsights allows an authorized attacker to perform spoofing over a network.

Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network.

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over a network.

Binding to an unrestricted ip address in Azure IoT SDK allows an unauthorized attacker to disclose information over a network.