Security Vulnerabilities
Svelte is a performance oriented web framework. Prior to version 5.55.7, when using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an application spreads user-controlled or external data as element attributes, an attacker can inject malicious event handlers that execute in victims' browsers. Note that this vulnerability only triggers if the user's browser has JavaScript enabled but Svelte's hydration mechanism does not reach the vulnerable element before the event fires. This issue has been patched in version 5.55.7.
CVSS Score
5.1
EPSS Score
0.002
Published
2026-06-09
Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
7.5
EPSS Score
0.006
Published
2026-06-09
Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
CVSS Score
7.8
EPSS Score
0.003
Published
2026-06-09
Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
CVSS Score
7.8
EPSS Score
0.002
Published
2026-06-09
Improper access control in Microsoft Kinect allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.003
Published
2026-06-09
Heap-based buffer overflow in Microsoft Windows DNS allows an authorized attacker to elevate privileges locally.
CVSS Score
7.0
EPSS Score
0.002
Published
2026-06-09
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVSS Score
7.0
EPSS Score
0.002
Published
2026-06-09
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.
CVSS Score
5.4
EPSS Score
0.002
Published
2026-06-09
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVSS Score
5.4
EPSS Score
0.003
Published
2026-06-09
Trust boundary violation in Windows Attestation allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.003
Published
2026-06-09