CVE-2026-42836

CVE-2026-42836: A race condition due to improper synchronization in the Windows Function Discovery Service (fdwsd.dll) enables a locally authenticated attacker to escalate privileges. The issue is described as a concurrency problem with a shared resource. Affected component: Function Discovery Se...

CVE-2026-50507

CVE-2026-50507 concerns a Protection mechanism failure in Windows BitLocker that allows an unauthorized attacker to bypass a security feature via a physical attack . The connected documents corroborate a vulnerability affecting Windows BitLocker, with a CVSS v3.1 base score of 6.8 (Medium). The a...

CVE-2026-48574

CVE-2026-48574 is a Windows Media vulnerability described as a heap-based buffer overflow that allows an unauthorized attacker to execute code locally. The cited CVSS 3.1 vector (LOCAL, HIGH impact on confidentiality, integrity, and availability; user interaction required; no privileges required)...

CVE-2026-49160

The CVE-2026-49160 entry concerns HTTP.sys with an HTTP/2 resource consumption flaw leading to unauthenticated denial of service over the network. Exploitation details, affected versions or specific component paths aren’t provided in the connected documents. The NVD/MSRC entries confirm an uncont...

CVE-2026-48565

Windows Narrator Braille contains an untrusted search path vulnerability that can elevate privileges locally for an authorized user. Root cause is an untrusted search path in the Narrator Braille component, with an attacker able to exploit it without user interaction. CVSSv3.1 metrics indicate AV...

CVE-2026-48569

CVE-2026-48569 affects Visual Studio Code. It is caused by improper input validation in the editor, enabling a local attacker to bypass a security feature. CVSSv3.1: LOCAL attack vector, HIGH impact on confidentiality, LOW on integrity, NONE on availability; user interaction required. Details in ...

CVE-2026-48562

Summary: CVE-2026-48562 affects Microsoft Office SharePoint Server. It describes improper neutralization of input during web page generation, causing cross-site scripting that could enable an authorized attacker to perform spoofing over a network. The associated metrics assign a CVSS v3.1 base sc...

CVE-2026-47656

CVE-2026-47656 involves a vulnerability in Windows Boot Manager described as a protection mechanism failure that allows an authorized attacker to locally bypass a security feature. The associated CVSS 3.1 metrics indicate: Local attack vector, Low attack complexity, High privileges required, No u...

CVE-2026-48560

CVE-2026-48560 is documented as a cross-site scripting vulnerability in Microsoft Office SharePoint/SharePoint Server. The underlying issue is improper neutralization of input during web page generation, enabling an authorized attacker to spoof over a network. Affected product portions are ShareP...

CVE-2026-45484

This CVE involves deserialization of untrusted data in Microsoft Office SharePoint, enabling an authorized attacker to elevate privileges over a network. Affected component: SharePoint (deserialization vulnerability cited in multiple sources). Root cause: improper handling of deserialized input l...

CVE-2026-45481

CVE-2026-45481 is a cross-site scripting vulnerability in Microsoft Office SharePoint arising from improper input neutralization during web page generation. The issue can allow an authorized attacker to perform spoofing over a network. According to the available records, the affected component is...

CVE-2026-47643

CVE-2026-47643 affects Azure Stack Edge, where external control of a file name or path can let an unauthenticated attacker execute code over the network. The NVD/CVE records describe the impact as remote code execution with high severity (CVSS v3.1: 9.8, NETWORK attack vector, no user interaction...

CVE-2026-47640

CVE-2026-47640 – Details : Affects Microsoft Office SharePoint (SharePoint Server). The vulnerability is an improper neutralization of input during web page generation (XSS), enabling an authorized attacker to perform spoofing over a network. The connected documents do not specify affected versio...

CVE-2026-47634

Microsoft Office SharePoint is affected by CVE-2026-47634, a cross-site scripting (XSS) vulnerability due to improper neutralization of input during web page generation. The vulnerability allows an authorized attacker to spoof users over a network. According to the sources, the issue impacts Shar...

CVE-2026-47293

CVE-2026-47293 describes a use-after-free vulnerability in Microsoft Office Click-To-Run that could allow an authorized, local attacker to elevate privileges. Affected component is Microsoft Office Click-To-Run; root cause is use-after-free. The published metrics indicate a high-severity impact (...

CVE-2026-42910

CVE-2026-42910 describes an out-of-bounds write in Windows Hotpatch Monitoring Service that enables a locally authenticated attacker to elevate privileges. According to the records, the impact is local with high severity (CVSS v3.1: AVLOCAL, ACLOW, PRLOW, UI NONE, S U, C I A H). The exploitation ...

CVE-2026-47284

Technical details about CVE-2026-47284 are not publicly available in the provided documents. No affected product versions, root cause, or remediation are specified. Monitor for updates.

CVE-2026-45658

CVE-2026-45658 affects Windows BitLocker. Description: protection mechanism failure allows bypass via physical access. Documented impact: confidentiality, integrity, and availability at HIGH; attack vector LOCAL, complexity LOW, privileges required LOW, no user interaction. CVSS v3.1 base score 7...

CVE-2026-47281

CVE-2026-47281 affects Visual Studio Code and is due to improper input validation in the application. The vulnerability allegedly allows an unauthenticated attacker to elevate privileges over a network, with the impact described as high confidentiality, integrity, and availability. The CVSS 3.1 v...

CVE-2026-45647

CVE-2026-45647 describes a time-of-check time-of-use (TOCTOU) race condition in Microsoft Defender for Endpoint (Mac) that can allow an authorized locally logged-in attacker to elevate privileges. The Red Hat, NVD, MSRC and CVE records consistently frame the issue as a local elevation of privileg...

CVE-2026-45654

Technical details about CVE-2026-45654 are not publicly available in the provided documents. Monitor for updates from the NVD/CVE records for affected products, root cause specifics, impact, and remediation.

CVE-2026-45653

CVE-2026-45653: A Windows Kernel use-after-free vulnerability that enables local privilege escalation by an authorized attacker. The issue affects kernel code paths susceptible to use-after-free, with an attack vector that is LOCAL, requiring LOW privileges and NO user interaction; the impact per...

CVE-2026-45644

CVE-2026-45644 affects Microsoft Live Share Canvas SDK. The issue is improper neutralization of input during web page generation (XSS) that can be exploited by an authorized attacker over a network to elevate privileges. CVSS 3.1: 8.0 (HIGH) with Network attack vector, Low privileges required, Us...

CVE-2026-45637

CVE-2026-45637 is a use-after-free vulnerability in Windows DWM Core Library that permits a locally authenticated attacker to achieve elevation of privileges. The underlying flaw is a use-after-free condition in the DWM Core Library, enabling an attacker with low privileges and no user interactio...

CVE-2026-45608

CVE-2026-45608: Out-of-bounds read in Windows DHCP Server enables an authorized, local attacker to disclose information. Documents confirm the affected component as Windows DHCP Server and a local attack vector with low complexity and no privileges required (CVSSv3.1: AV:L/AC:L/PR:N/UI:N/S:U). Ba...

CVE-2026-45603

The vulnerability CVE-2026-45603 affects Windows’ Ancillary Function Driver for WinSock (AFD). The issue is a use-after-free in the WinSock-related driver, leading to local privilege escalation for an authorized attacker. The CVSS3.1 assessment shows HIGH impact with LOCAL access, HIGH confidenti...

CVE-2026-45638

CVE-2026-45638 relates to Windows’ Ancillary Function Driver for WinSock and is due to a use-after-free in that driver. This vulnerability allows an authorized attacker to escalate privileges locally. The available documents specify the affected component and the local-privilege-escalation impact...

CVE-2026-45635

CVE-2026-45635 affects Windows UPnP Device Host through a use-after-free in upnp.dll, enabling remote code execution over the network. The issue is tied to the Universal Plug and Play component, with impact described as remote, unauthenticated code execution; CVSSv3.1 base score 8.1 (HIGH). Affec...

CVE-2026-45602

Technical details (affected product versions, root cause, exploit specifics, and remediation) are not publicly available in the provided documents. Monitor for updates from NVD and CVE List for CVE-2026-45602.

CVE-2026-45600

CVE-2026-45600 describes a type confusion in Windows kernel-mode drivers that allows an authorized, local attacker with low privileges and no user interaction to elevate privileges. The CVSS v3.1 score is 7.8 (High) with local attack vector, low attack complexity, and impacts to confidentiality, ...

CVE-2026-45596

The CVE-2026-45596 entry concerns a use-after-free in the Windows Ancillary Function Driver for WinSock, leading to local privilege elevation. Affected component/function is the Windows AFD for WinSock; root cause is a use-after-free condition that can be exploited by an authorized local attacker...

CVE-2026-45636

The CVE-2026-45636 entries describe a heap-based buffer overflow in Windows NTFS that can allow an unauthenticated attacker to achieve local code execution. Affected software is Windows NTFS (filesystem driver). The underlying cause is a heap-based overflow; impact is high (CVE metrics show Local...

CVE-2026-45598

CVE-2026-45598 is a Windows vulnerability in the Windows Ancillary Function Driver for WinSock described as a use-after-free that enables a local, authorized attacker to achieve privilege elevation . The description is consistent across the NVD entry and the CVE record, noting a LOCAL attack vect...

CVE-2026-45601

CVE-2026-45601 concerns a use-after-free in the Windows Ancillary Function Driver for WinSock, leading to local privilege elevation. The vulnerability is triggered by an authorized attacker and enables local elevation of privileges; the CVSS v3.1 metrics indicate an overall HIGH severity (CVSS:3....

CVE-2026-45599

The CVE-2026-45599 entry describes a use-after-free in Windows’ Universal Plug and Play component (upnp.dll) that enables a remote attacker to execute code over the network via the UPnP Device Host. The vulnerability is rated CVSSv3.1: 8.1 (HIGH) with Network attack vector, no privileges required...

CVE-2026-45597

The CVE-2026-45597 issue affects Windows UI Automation Manager (uiamanager.dll). A race condition arises from concurrent execution with improper synchronization on a shared resource, enabling a local, authorized attacker to elevate privileges. Documents confirm the vulnerability type and impact (...

CVE-2026-45595

Technical details about CVE-2026-45595 are not publicly available in the provided documents. Monitor for updates about affected components, root cause, and remediation.

CVE-2026-45594

CVE-2026-45594 : This vulnerability concerns the Windows Application Identity (AppID) Subsystem , where an exposure of sensitive information to an unauthorized actor enables a local attacker to disclose information. The NVD entry reiterates the issue as a local confidentiality breach (impact: Hig...

CVE-2026-45604

CVE-2026-45604 is an out-of-bounds read vulnerability in the Windows AppID (Windows Application Identity) Subsystem that can allow an authorized local attacker to disclose information. The affected component is described as the AppID Subsystem; the root cause is an out-of-bounds read leading to i...

CVE-2026-45593

CVE-2026-45593 is a use-after-free vulnerability in the Windows SDK that allows an authorized attacker to elevate privileges locally. The NVD/CVE entries describe that the underlying issue is a use-after-free in Windows SDK code leading to local privilege escalation with a CVSS v3.1 base score of...

CVE-2026-45592

CVE-2026-45592 describes an integer overflow/wraparound in Windows Internet (wininet.dll) that enables local privilege escalation for an authorized attacker. The CVSS 3.1 metrics indicate a HIGH impact across confidentiality, integrity, and availability, with a LOCAL attack vector, LOW privileges...

CVE-2026-45591

CVE-2026-45591 is an ASP.NET Core Denial of Service vulnerability caused by uncontrolled resource consumption, enabling network-based DoS by an unauthorized attacker. The NVD entries describe the impact as availability loss with a CVSS v3.1 base score of 7.5 (NETWORK, HIGH) and no confidentiality...

CVE-2026-45586

Technical details (affected product/component, root cause, impact, versions, or exploit information) are not publicly available in the provided documents. Monitor for updates.

CVE-2026-45482

CVE-2026-45482 affects GitHub Copilot and Visual Studio Code (Copilot Chat extension): improper limitation of a pathname to a restricted directory enables a local attacker to bypass a security feature. Root cause is a path traversal issue in handling file paths. Impact is described as high for co...

CVE-2026-45476

CVE-2026-45476 concerns the Microsoft Azure Network Adapter (CVEList entry) with a use-after-free in the Linux MANA Driver that allows an authorized local attacker to escalate privileges. The root cause is disclosed as a use-after-free in the Linux MANA Driver, leading to local privilege elevatio...

CVE-2026-45465

CVE-2026-45465 : The vulnerability affects Microsoft Office SharePoint Server and is due to improper neutralization of input during web page generation, resulting in a cross-site scripting (XSS) issue. An authorized attacker can perform network-based spoofing. According to the provided descriptio...

CVE-2026-45464

CVE-2026-45464 relates to a vulnerability in Microsoft Office SharePoint where improper neutralization of input during web page generation enables cross-site scripting. According to NVD/Microsoft, the issue could allow an authorized attacker to spoof content over a network, with a CVSS 3.1 base s...

CVE-2026-45462

The CVE-2026-45462 entry describes an XSS vulnerability in Microsoft Office SharePoint where improper neutralization of input during web page generation can enable spoofing over a network. According to the connected records, impact is limited to spoofing with Confidentiality/Integrity/Availabilit...

CVE-2026-45463

CVE-2026-45463 describes a heap-based buffer overflow in Microsoft Office that allows an attacker with local access to execute code on the affected system. The sources identify Microsoft Office and classify the flaw as a heap-based overflow with high impact (CVSSv3.1: 8.4, LOCAL access, no user i...

CVE-2026-45459

The CVE-2026-45459 entry concerns Microsoft Excel. A protection-mechanism failure in Excel is described as allowing a local attacker to bypass a security feature. According to the available data, the vulnerability has a low base score (CVSS 3.1: 3.3), with LOCAL attack vector, LOW attack complexi...