Microsoft: Security Vulnerabilities
A vulnerability was found in MTSoftware C-Lodop 6.6.1.1 on Windows. It has been rated as critical. This issue affects some unknown processing of the component CLodopPrintService. The manipulation leads to unquoted search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 6.6.13 is able to address this issue. It is recommended to upgrade the affected component.
CVSS Score
7.0
EPSS Score
0.0
Published
2025-05-11
A vulnerability, which was classified as critical, has been found in Discord 1.0.9188 on Windows. Affected by this issue is some unknown functionality in the library WINSTA.dll. The manipulation leads to uncontrolled search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
7.0
EPSS Score
0.0
Published
2025-05-10
Server-Side Request Forgery (SSRF) in Microsoft Power Apps allows an unauthorized attacker to disclose information over a network
CVSS Score
9.1
EPSS Score
0.003
Published
2025-05-08
[Spoofable identity claims] Authentication Bypass by Assumed-Immutable Data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
10.0
EPSS Score
0.003
Published
2025-05-08
Improper Authorization in Azure Automation allows an authorized attacker to elevate privileges over a network.
CVSS Score
9.9
EPSS Score
0.002
Published
2025-05-08
Server-Side Request Forgery (SSRF) in Azure allows an authorized attacker to perform spoofing over a network.
CVSS Score
9.9
EPSS Score
0.024
Published
2025-05-08
Improper access control in Azure allows an unauthorized attacker to disclose information over a network.
CVSS Score
8.1
EPSS Score
0.002
Published
2025-05-08
Microsoft Dataverse Remote Code Execution Vulnerability
CVSS Score
8.7
EPSS Score
0.004
Published
2025-05-08
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user in federation environment, to cause a denial of service due to insufficient release of allocated memory after usage.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-05-05
User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVSS Score
6.5
EPSS Score
0.008
Published
2025-05-02