User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

Improper neutralization of special elements used in a command ('command injection') in Azure Compute Gallery allows an authorized attacker to elevate privileges locally.

Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.

Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

Improper input validation in Power BI allows an authorized attacker to execute code over a network.

Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network.

Cleartext storage of sensitive information in Azure Compute Gallery allows an authorized attacker to disclose information over a network.

Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network.

Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.