Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network.

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.

Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.

Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate privileges locally.

Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.

Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.