CVE-2026-45599 Windows UPnP Device Host Remote Code Execution Vulnerability

...

EUVD-2026-35556

Use after free in Universal Plug and Play upnp.dll allows an unauthorized attacker to execute code over a network...

CVE-2026-45599

The CVE-2026-45599 entry describes a use-after-free in Windows’ Universal Plug and Play component (upnp.dll) that enables a remote attacker to execute code over the network via the UPnP Device Host. The vulnerability is rated CVSSv3.1: 8.1 (HIGH) with Network attack vector, no privileges required...

CVE-2026-45482

CVE-2026-45482 affects GitHub Copilot and Visual Studio Code (Copilot Chat extension): improper limitation of a pathname to a restricted directory enables a local attacker to bypass a security feature. Root cause is a path traversal issue in handling file paths. Impact is described as high for co...

CVE-2026-45482 Microsoft Visual Studio Code CoPilot Chat Security Feature Bypass Vulnerability

...

CVE-2026-45482 Microsoft Visual Studio Code CoPilot Chat Security Feature Bypass Vulnerability

...

EUVD-2026-35547

Improper limitation of a pathname to a restricted directory 'path traversal' in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...

CVE-2026-45463 Microsoft Office Remote Code Execution Vulnerability

...

EUVD-2026-35543

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally...

CVE-2026-45463

CVE-2026-45463 describes a heap-based buffer overflow in Microsoft Office that allows an attacker with local access to execute code on the affected system. The sources identify Microsoft Office and classify the flaw as a heap-based overflow with high impact (CVSSv3.1: 8.4, LOCAL access, no user i...

CVE-2026-45463 Microsoft Office Remote Code Execution Vulnerability

...

CVE-2026-45457

CVE-2026-45457 affects Microsoft Word (Office). The vulnerability is a pointer dereference in Word that can allow a local attacker to execute code on the affected system after user interaction. Root cause is an untrusted pointer dereference in Word’s handling of certain content. The CVSS base met...

CVE-2026-45457 Microsoft Word Remote Code Execution Vulnerability

...

CVE-2026-45454 Microsoft SharePoint Remote Code Execution Vulnerability

...

CVE-2026-45454

The CVE-2026-45454 entry documents a path traversal flaw in Microsoft SharePoint that enables remote code execution when an authorized user accesses a restricted path over a network. The issue affects Microsoft Office SharePoint and is described consistently across multiple sources (NVD, RH, EU E...

CVE-2026-45454 Microsoft SharePoint Remote Code Execution Vulnerability

...

CVE-2026-40376 Visual Studio Code Elevation of Privilege Vulnerability

...

CVE-2026-40376

CVE-2026-40376 affects Visual Studio Code. The root cause is improper input validation, enabling an unauthorized network-based user to elevate privileges. The CVSS v3.1 base score is 7.5 (HIGH) with NETWORK attack vector, high impact on confidentiality, integrity, and availability; user interacti...

CVE-2026-40376 Visual Studio Code Elevation of Privilege Vulnerability

...

CVE-2026-26142 Nuance PowerScribe Remote Code Execution Vulnerability

...