tgstation-server is a production scale tool for BYOND server management. Prior to 6.12.3, roles used to authorize API methods were incorrectly OR'd instead of AND'ed with the role used to determine if...

The WordPress Review Plugin: The Ultimate Solution for Building a Review Website plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.3.5 via the Post cus...

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerabili...

Windows Telephony Service Remote Code Execution Vulnerability

Missing authorization in Azure Virtual Desktop allows an authorized attacker to elevate privileges over a network.

Authentication bypass by spoofing in Azure AI Face Service allows an authorized attacker to elevate privileges over a network.

Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability

Out of bounds read in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)

Microsoft Digest Authentication Remote Code Execution Vulnerability

Microsoft Digest Authentication Remote Code Execution Vulnerability

Use after free in Inspector in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

MapUrlToZone Security Feature Bypass Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability