Security Vulnerabilities
Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network.
CVSS Score
9.6
EPSS Score
0.001
Published
2026-06-09
Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.001
Published
2026-06-09
Svelte is a performance oriented web framework. From version 5.51.5 to before version 5.55.7, an internal regex in the Svelte runtime can take exponential time to test in <svelte:element this={tag}></svelte:element>. This issue has been patched in version 5.55.7.
CVSS Score
5.9
EPSS Score
0.0
Published
2026-06-09
Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From version 5.6.3 to before version 5.8.1, devalue.parse could, due to quirks in some JavaScript engines, be convinced to allocate much more memory than was needed when deserializing sparse arrays, leading to excessive memory consumption. This issue has been patched in version 5.8.1.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-06-09
Svelte is a performance oriented web framework. Prior to version 5.55.7, Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks. This issue has been patched in version 5.55.7.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-06-09
Svelte is a performance oriented web framework. Prior to version 5.55.7, when using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an application spreads user-controlled or external data as element attributes, an attacker can inject malicious event handlers that execute in victims' browsers. Note that this vulnerability only triggers if the user's browser has JavaScript enabled but Svelte's hydration mechanism does not reach the vulnerable element before the event fires. This issue has been patched in version 5.55.7.
CVSS Score
5.1
EPSS Score
0.0
Published
2026-06-09
Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
7.5
EPSS Score
0.001
Published
2026-06-09
Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
CVSS Score
7.8
EPSS Score
0.001
Published
2026-06-09
Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
CVSS Score
7.8
EPSS Score
0.001
Published
2026-06-09
Improper access control in Microsoft Kinect allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.001
Published
2026-06-09