Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over a network.

Binding to an unrestricted ip address in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.

User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

Improper neutralization of special elements used in a command ('command injection') in Azure Compute Gallery allows an authorized attacker to elevate privileges locally.

Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.

Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

Improper input validation in Power BI allows an authorized attacker to execute code over a network.

Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network.

Cleartext storage of sensitive information in Azure Compute Gallery allows an authorized attacker to disclose information over a network.

Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network.