| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST. |
| An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in watchOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to access sensitive user data. |
| Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability |
| Windows Cryptographic Information Disclosure Vulnerability |
| Windows Themes Spoofing Vulnerability |
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| Microsoft SharePoint Server Remote Code Execution Vulnerability |
| Windows Virtual Trusted Platform Module Denial of Service Vulnerability |
| Windows Virtual Trusted Platform Module Denial of Service Vulnerability |
| Windows Kerberos Information Disclosure Vulnerability |
| Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
| Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
| Windows BitLocker Information Disclosure Vulnerability |
| A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3. An app may be able to access sensitive user data. |
| A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26.3. An app may be able to access protected user data. |
| Windows Kerberos Denial of Service Vulnerability |
| Microsoft Surface Security Feature Bypass Vulnerability |
| Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability |
| Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. |
| Improper authorization in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network. |
