CVE-2026-42904

CVE-2026-42904 is a Windows TCP/IP heap-based buffer overflow vulnerability that allows an unauthenticated attacker on an adjacent network to elevate privileges. The issue affects the Windows TCP/IP stack and is identified as a 9.6 (CRITICAL) CVSSv3.1 Base Score with attacker-friendly characteris...

CVE-2026-49160

The CVE-2026-49160 entry concerns HTTP.sys with an HTTP/2 resource consumption flaw leading to unauthenticated denial of service over the network. Exploitation details, affected versions or specific component paths aren’t provided in the connected documents. The NVD/MSRC entries confirm an uncont...

EUVD-2026-35580

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

CVE-2026-47640

CVE-2026-47640 – Details : Affects Microsoft Office SharePoint (SharePoint Server). The vulnerability is an improper neutralization of input during web page generation (XSS), enabling an authorized attacker to perform spoofing over a network. The connected documents do not specify affected versio...

CVE-2026-45591

Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network...

CVE-2026-45591

CVE-2026-45591 is an ASP.NET Core Denial of Service vulnerability caused by uncontrolled resource consumption, enabling network-based DoS by an unauthorized attacker. The NVD entries describe the impact as availability loss with a CVSS v3.1 base score of 7.5 (NETWORK, HIGH) and no confidentiality...

CVE-2026-40371

Technical details (affected product/component, root cause, and fix) are not publicly available in the provided documents. Monitor for updates.

CVE-2026-47654

CVE-2026-47654 is described as a heap-based buffer overflow in Remote Desktop Client enabling remote code execution over a network. The CVSS v3.1 metrics indicate NETWORK attack vector, HIGH impact on confidentiality, integrity, and availability, with NO privileges and UI interaction required. No...

CVE-2026-47653

CVE-2026-47653 describes a heap-based buffer overflow in the Remote Desktop Client that enables code execution over a network. Affected component is the Remote Desktop Client; the issue is caused by a memory-unsafe condition leading to potential arbitrary code execution. CVSS v3.1 metrics assign ...

CVE-2026-41098

Azure Stack Edge is affected by CVE-2026-41098 due to improper neutralization of input during web page generation, enabling cross-site scripting. The vulnerability is exploitable by an authorized attacker over the network to perform spoofing. The CVSS 3.1 metrics indicate a high-impact, network-e...

CVE-2026-45639

The CVE-2026-45639 entry relates to an out-of-bounds read in Windows Remote Desktop Protocol (RDP). The underlying issue enables an unauthenticated, network-based attacker to disclose information over the network without user interaction. The CVSS 3.1 vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:...

CVE-2026-45453

CVE-2026-45453 affects Microsoft Office SharePoint Server and stems from improper neutralization of input during web page generation, enabling an authorized attacker to perform spoofing over a network via a cross-site scripting (XSS) flaw. The vulnerability involves the web-page generation compon...

CVE-2026-45468

CVE-2026-45468 involves an improper neutralization of input during web page generation (XSS) in Microsoft Office SharePoint / SharePoint Server . An authorized attacker can perform spoofing over a network by targeting affected SharePoint web pages. The CVSS 3.1 base score is 4.6 (Medium); attack ...

Remote Desktop Client Remote Code Execution Vulnerability

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...

Microsoft SharePoint Server Spoofing Vulnerability

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

Microsoft SharePoint Server Spoofing Vulnerability

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

Windows Kerberos Key Distribution Center (KDC) Remote Code Execution

Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network...

Microsoft Exchange Server Remote Code Execution Vulnerability

Improper control of generation of code 'code injection' in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network...

Windows Mark of the Web Security Feature Bypass Vulnerability

Protection mechanism failure in Windows Mark of the Web MOTW allows an unauthorized attacker to bypass a security feature over a network...

ASP.NET Core Denial of Service Vulnerability

Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network...