EUVD-2026-35580

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

CVE-2026-47640

CVE-2026-47640 – Details : Affects Microsoft Office SharePoint (SharePoint Server). The vulnerability is an improper neutralization of input during web page generation (XSS), enabling an authorized attacker to perform spoofing over a network. The connected documents do not specify affected versio...

CVE-2026-45658

CVE-2026-45658 affects Windows BitLocker. Description: protection mechanism failure allows bypass via physical access. Documented impact: confidentiality, integrity, and availability at HIGH; attack vector LOCAL, complexity LOW, privileges required LOW, no user interaction. CVSS v3.1 base score 7...

EUVD-2026-35572

Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack...

EUVD-2026-35569

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally...

CVE-2026-45637

CVE-2026-45637 is a use-after-free vulnerability in Windows DWM Core Library that permits a locally authenticated attacker to achieve elevation of privileges. The underlying flaw is a use-after-free condition in the DWM Core Library, enabling an attacker with low privileges and no user interactio...

EUVD-2026-35561

Access of resource using incompatible type 'type confusion' in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally...

CVE-2026-45591

CVE-2026-45591 is an ASP.NET Core Denial of Service vulnerability caused by uncontrolled resource consumption, enabling network-based DoS by an unauthorized attacker. The NVD entries describe the impact as availability loss with a CVSS v3.1 base score of 7.5 (NETWORK, HIGH) and no confidentiality...

EUVD-2026-35547

Improper limitation of a pathname to a restricted directory 'path traversal' in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...

CVE-2026-40371

Technical details (affected product/component, root cause, and fix) are not publicly available in the provided documents. Monitor for updates.

CVE-2026-47654

CVE-2026-47654 is described as a heap-based buffer overflow in Remote Desktop Client enabling remote code execution over a network. The CVSS v3.1 metrics indicate NETWORK attack vector, HIGH impact on confidentiality, integrity, and availability, with NO privileges and UI interaction required. No...

CVE-2026-47653

CVE-2026-47653 describes a heap-based buffer overflow in the Remote Desktop Client that enables code execution over a network. Affected component is the Remote Desktop Client; the issue is caused by a memory-unsafe condition leading to potential arbitrary code execution. CVSS v3.1 metrics assign ...

CVE-2026-47648

CVE-2026-47648 — Windows Storage contains an untrusted search path vulnerability that enables a locally authenticated attacker to perform privilege escalation. The issue arises from a trusted component loading an untrusted search path, potentially elevating privileges with high impact (C/H/I/H/A/...

CVE-2026-47641 Microsoft SharePoint Server Spoofing Vulnerability

...

CVE-2026-47639

CVE-2026-47639 affects Microsoft Office SharePoint Server. The description identifies an Improper neutralization of input during web page generation (XSS) that enables an authorized attacker to perform spoofing over a network. Connected sources corroborate an XSS payload risk in SharePoint, leadi...

CVE-2026-47637

CVE-2026-47637 describes an XSS issue in Microsoft Office SharePoint Server. The vulnerability arises from improper neutralization of input during web page generation, enabling an authorized attacker to perform spoofing over a network. {}Affected product/component: Microsoft Office SharePoint Ser...

CVE-2026-41098

Azure Stack Edge is affected by CVE-2026-41098 due to improper neutralization of input during web page generation, enabling cross-site scripting. The vulnerability is exploitable by an authorized attacker over the network to perform spoofing. The CVSS 3.1 metrics indicate a high-impact, network-e...

CVE-2026-41092

CVE-2026-41092 describes an improper access control in Microsoft Kinect that enables a locally authenticated attacker to elevate privileges. The CVSS 3.1 vector is AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H with a base score of 7.8 (HIGH). Affected component: Kinect functionality; root cause is insuffic...

CVE-2026-45650

CVE-2026-45650 describes a UI misrepresentation vulnerability in Microsoft Bing Search that could enable an attacker to spoof information over a network. The exact root cause and affected UI components are not detailed in the provided documents. CVSSv3.1 base score is 4.3 (Medium): Network attack...

CVE-2026-45642

Microsoft Azure Attestation service and Device Health Attestation Service are affected by improper input validation, allowing an authorized attacker to perform spoofing with a physical attack. CVSS 3.1, base score 3.9 (LOW); attack vector Physical, privileges required High, integrity impact High,...