Microsoft Office SharePoint Operating System Command Injection Vulnerability

Microsoft Office SharePoint is an enterprise content collaboration and document management platform developed by Microsoft Corporation. Microsoft Office SharePoint has a vulnerability related to operating system command injection. This vulnerability stems from deserialized untrusted data, which...

CVE-2026-40411

Improper input validation in Azure Virtual Network Gateway allows an authorized attacker to execute code over a network...

EUVD-2026-29718

Improper control of generation of code 'code injection' in Microsoft Dynamics 365 on-premises allows an authorized attacker to execute code over a network...

EUVD-2026-29652

External control of file name or path in SQL Server allows an authorized attacker to execute code over a network...

Microsoft SharePoint Server Remote Code Execution Vulnerability

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...

Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability

Improper control of generation of code 'code injection' in Microsoft Dynamics 365 on-premises allows an authorized attacker to execute code over a network...

CVE-2026-33109

Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network...

Microsoft Bing 代码问题漏洞

Microsoft Bing is a web search engine developed by Microsoft Corporation in the United States. There are code vulnerabilities in Microsoft Bing, which stem from deserializing unreliable data. These vulnerabilities could allow unauthorized attackers to execute code through the network...

CVE-2026-32191

Improper neutralization of special elements used in an os command 'os command injection' in Microsoft Bing Images allows an unauthorized attacker to execute code over a network...

CVE-2026-21229

Improper input validation in Power BI allows an authorized attacker to execute code over a network...

CVE-2026-21523

Time-of-check time-of-use toctou race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network...

PowerApps Desktop Client Remote Code Execution Vulnerability

Improper authorization in Microsoft Power Apps allows an authorized attacker to execute code over a network...

CVE-2025-62452

Heap-based buffer overflow in Windows Routing and Remote Access Service RRAS allows an authorized attacker to execute code over a network...

EUVD-2025-93415

Heap-based buffer overflow in Windows Routing and Remote Access Service RRAS allows an authorized attacker to execute code over a network...

EUVD-2023-51673

Malicious code in bioql PyPI...

CVE-2025-50164

Heap-based buffer overflow in Windows Routing and Remote Access Service RRAS allows an authorized attacker to execute code over a network...

CVE-2025-53145

Access of resource using incompatible type 'type confusion' in Windows Message Queuing allows an authorized attacker to execute code over a network...

Microsoft SharePoint Code Injection Vulnerability

Microsoft SharePoint contains a code injection vulnerability that could allow an authorized attacker to execute code over a network. This vulnerability could be chained with CVE-2025-49706. CVE-2025-53770 is a patch bypass for CVE-2025-49704, and the updates for CVE-2025-53770 include more robust...

CVE-2025-49663

Heap-based buffer overflow in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network...

CVE-2025-49704

CVE-2025-49704 (SharePoint on‑premises) is part of the ToolShell chain that combines CVE-2025-49706 (authentication bypass) with a deserialization/RCE flaw. Public docs describe unauthenticated or spoofed-access POSTs to ToolPane.aspx, enabling remote code execution and post‑exploitation activity...