CVE-2026-45457

CVE-2026-45457 affects Microsoft Word (Office). The vulnerability is a pointer dereference in Word that can allow a local attacker to execute code on the affected system after user interaction. Root cause is an untrusted pointer dereference in Word’s handling of certain content. The CVSS base met...

CVE-2026-45455

CVE-2026-45455 is an Excel information-disclosure vulnerability (out-of-bounds read) in Microsoft Office Excel. The issue allows an unauthorized attacker to disclose information over a network. Multiple connected documents confirm the affected component as Microsoft Excel (Office) and attribute t...

CVE-2026-45454

The CVE-2026-45454 entry documents a path traversal flaw in Microsoft SharePoint that enables remote code execution when an authorized user accesses a restricted path over a network. The issue affects Microsoft Office SharePoint and is described consistently across multiple sources (NVD, RH, EU E...

CVE-2026-44822

CVE-2026-44822 describes an out-of-bounds read in Microsoft Office Excel that can allow an unauthenticated attacker to disclose information over the network. Affected product: Microsoft Excel within Office. Underlying cause is an out-of-bounds read; the CVSS 3.1 base score is 8.2 (High) with netw...

CVE-2026-40376

CVE-2026-40376 affects Visual Studio Code. The root cause is improper input validation, enabling an unauthorized network-based user to elevate privileges. The CVSS v3.1 base score is 7.5 (HIGH) with NETWORK attack vector, high impact on confidentiality, integrity, and availability; user interacti...

CVE-2026-42829

CVE-2026-42829 describes an improper access control in Windows Administrator Protection that allows an authorized attacker with LOCAL access and LOW privileges to bypass a security feature with NO user interaction. The impact is HIGH on confidentiality, integrity, and availability, per CVSS 3.1. ...

CVE-2026-42835

Microsoft Teams for Android contains a vulnerability described as improper neutralization of special elements in output used by a downstream component ('injection'), enabling an authorized attacker to disclose information over a network. Affected software: Microsoft Teams for Android. Root cause:...

CVE-2026-40371

Technical details (affected product/component, root cause, and fix) are not publicly available in the provided documents. Monitor for updates.

CVE-2026-42828

CVE-2026-42828 describes a buffer over-read in the Windows Projected File System Filter Driver that allows an authorized attacker to elevate privileges locally . The vulnerability is documented with a CVSS v3.1 base score of 7.8 (High) and is assessed as a Local attack vector with Low attack comp...

CVE-2026-33113

CVE-2026-33113 describes an issue in Microsoft Office SharePoint where improper neutralization of input during web page generation enables an authorized attacker to perform spoofing over a network. Affected component: SharePoint Server. Root cause: cross-site scripting due to inadequate input han...

CVE-2026-50508

CVE-2026-50508 describes an exposure of sensitive information in Windows NTLM that enables an unauthenticated network-based spoofing capability. The vulnerability affects the Windows NTLM authentication path and is documented with a network attack vector and a high confidentiality impact. Public ...

CVE-2026-26142

CVE-2026-26142 affects Nuance PowerScribe. The issue is a deserialization of untrusted data in PowerScribe that allows an unauthenticated attacker to execute code over a network (remote code execution). The vulnerability’s CVSSv3.1 metrics indicate NETWORK access, low attack complexity, and no pr...

CVE-2026-48583

CVE-2026-48583 is a Windows kernel use-after-free vulnerability that enables a local privilege escalation by an authorized attacker. Sources confirm the issue and report CVSS v3.1 base score 7.8 (High) with LOCAL attack vector, LOW privileges required, no user interaction. The documents do not sp...

CVE-2026-49161

Technical details (affected product, component, root cause, impact, fixes) are not publicly available in the provided documents. Monitor for updates.

CVE-2026-48578

CVE-2026-48578 describes a protection mechanism failure in Windows Secure Boot that can allow an authorized attacker to bypass a security feature locally. The available data indicate a local attack vector with high impact on confidentiality and integrity (CVSS 3.1: AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H...

CVE-2026-48575

CVE-2026-48575 describes a protection mechanism failure in Windows Secure Boot that allows an authorized, local attacker to bypass a security feature. The vulnerability enables a local escalation path with high impact on confidentiality and integrity (base score 7.9; AV:L/AC:L/PR:H/UI:N/S:C/C:H/I...

CVE-2026-48576

CVE-2026-48576 is a Windows Secure Boot vulnerability described as a protection mechanism failure enabling a local attacker with high privileges to bypass a security feature. The available documents specify a local attack vector with low complexity and no user interaction, and a base CVSS 3.1 sco...

CVE-2026-48573

CVE-2026-48573 describes a protection mechanism failure in Windows Secure Boot allowing an authorized attacker to bypass a security feature locally. The NVD entry notes a local attack vector with high impact on confidentiality and integrity (C:H/I:H) and a CVSS v3.1 base score of 7.9. Connected d...

CVE-2026-48570

CVE-2026-48570 concerns a protection mechanism failure in Windows Secure Boot that could allow an authorized attacker with HIGH privileges to bypass a security feature locally (local attack, no user interaction). The CVSS 3.1 vector is AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N with a base score of 7.9 ...

CVE-2026-48568

CVE-2026-48568 concerns a protection mechanism failure in Windows Secure Boot that allows a local attacker to bypass a security feature. The connected sources indicate an in-scope vulnerability where an attacker with HIGH privileges and local access can bypass integrity and confidentiality protec...

CVE-2026-48566

CVE-2026-48566 is an information-disclosure vulnerability in the Windows DWM Core Library characterized by an out-of-bounds read. It can be exploited by an authorized attacker with local access to disclose information on the system. The CVSS 3.1 vector indicates Local attack, Low complexity, Priv...

CVE-2026-48563

CVE-2026-48563 describes a heap-based buffer overflow in the Remote Desktop Client that enables an unauthenticated attacker to execute code over the network. The accompanying metrics indicate a high-severity impact (CVSS 3.1 base score 7.5) with attacker control over network access, requiring use...

CVE-2026-47654

CVE-2026-47654 is described as a heap-based buffer overflow in Remote Desktop Client enabling remote code execution over a network. The CVSS v3.1 metrics indicate NETWORK attack vector, HIGH impact on confidentiality, integrity, and availability, with NO privileges and UI interaction required. No...

CVE-2026-47652

The CVE-2026-47652 entry concerns a Windows Hyper-V component vulnerability described as an out-of-bounds read that can yield local code execution by an unauthorized attacker. Public sources indicate the flaw affects Windows Hyper-V, with an attack vector that is Local and requires High privilege...

CVE-2026-47648

CVE-2026-47648 — Windows Storage contains an untrusted search path vulnerability that enables a locally authenticated attacker to perform privilege escalation. The issue arises from a trusted component loading an untrusted search path, potentially elevating privileges with high impact (C/H/I/H/A/...

CVE-2026-47653

CVE-2026-47653 describes a heap-based buffer overflow in the Remote Desktop Client that enables code execution over a network. Affected component is the Remote Desktop Client; the issue is caused by a memory-unsafe condition leading to potential arbitrary code execution. CVSS v3.1 metrics assign ...

CVE-2026-45588

CVE-2026-45588 concerns a protection mechanism failure in Windows Secure Boot that allows an authorized attacker to bypass a security feature locally. The NVD/CVE entry describes a local attack with high impact on confidentiality and integrity and no availability impact, requiring high privileges...

CVE-2026-47641

CVE-2026-47641 concerns Microsoft Office SharePoint where improper neutralization of input during web page generation enables cross-site scripting. The underlying flaw is input not being properly sanitized, potentially allowing an authorized attacker to spoof content over a network. According to ...

CVE-2026-47639

CVE-2026-47639 affects Microsoft Office SharePoint Server. The description identifies an Improper neutralization of input during web page generation (XSS) that enables an authorized attacker to perform spoofing over a network. Connected sources corroborate an XSS payload risk in SharePoint, leadi...

CVE-2026-47638

Microsoft SharePoint (Office SharePoint) is affected by CVE-2026-47638 due to improper neutralization of input during web page generation, enabling an authorized attacker to spoof users over the network (XSS). The NVD entries describe this as a cross-site scripting vulnerability with network acce...

CVE-2026-47637

CVE-2026-47637 describes an XSS issue in Microsoft Office SharePoint Server. The vulnerability arises from improper neutralization of input during web page generation, enabling an authorized attacker to perform spoofing over a network. {}Affected product/component: Microsoft Office SharePoint Ser...

CVE-2026-47636

CVE-2026-47636: Improper neutralization of input during web page generation (XSS) in Microsoft Office SharePoint. Descriptions indicate an authorised attacker could perform spoofing over the network by exploiting input handling during page rendering. Affected product: Microsoft SharePoint Server;...

CVE-2026-47635

CVE-2026-47635 concerns a type-confusion vulnerability in Microsoft Office components (notably Outlook and Word) that allows an unauthenticated/user-local attacker to execute code locally. The underlying issue is a resource access type mismatch that can lead to remote attack surfaces when process...

CVE-2026-41098

Azure Stack Edge is affected by CVE-2026-41098 due to improper neutralization of input during web page generation, enabling cross-site scripting. The vulnerability is exploitable by an authorized attacker over the network to perform spoofing. The CVSS 3.1 metrics indicate a high-impact, network-e...

CVE-2026-47631

The CVE-2026-47631 entry concerns Microsoft Exchange Server with a vulnerability in the rendering of web pages, described as improper neutralization of input during web page generation (cross-site scripting). The underlying issue allows an unauthorized attacker to spoof users over the network. Th...

CVE-2026-47298

CVE-2026-47298 constrains Microsoft Office SharePoint, where improper authorization allows an attacker with network access to execute code on vulnerable systems. The vulnerability is described as a remote code execution issue with a high impact on confidentiality, integrity, and availability (CVE...

CVE-2026-32193

CVE-2026-32193 targets Microsoft Azure Kubernetes Service with a path-traversal flaw that permits an authorized attacker to run code locally. The NVD entry describes it as a restricted-pathname limitation issue with CVSS v3.1 base score 8.8 (HIGH), attack vector LOCAL, required privileges LOW, no...

CVE-2026-41092

CVE-2026-41092 describes an improper access control in Microsoft Kinect that enables a locally authenticated attacker to elevate privileges. The CVSS 3.1 vector is AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H with a base score of 7.8 (HIGH). Affected component: Kinect functionality; root cause is insuffic...

CVE-2026-47292

CVE-2026-47292 concerns a vulnerability in the Visual Studio Code MSSQL Extension where inclusion of functionality from an untrusted control sphere allows an attacker to escalate privileges locally. The connected documents confirm the affected product (Visual Studio Code MSSQL Extension) and the ...

CVE-2026-47291

The CVE-2026-47291 entry describes an integer overflow/ wraparound in Windows HTTP.sys that enables a remote attacker to execute code over the network. Affected software component: Windows HTTP.sys. Root cause: integer overflow/wraparound in the HTTP.sys processing path. Impact: unauthenticated n...

CVE-2026-47289

CVE-2026-47289 is a heap-based buffer overflow in the Remote Desktop Client that enables remote code execution over a network. The vulnerability is exploitable remotely (attack vector: NETWORK) with low complexity and requires user interaction, yielding a high impact on confidentiality, integrity...

CVE-2026-47288

CVE-2026-47288 affects Windows Kerberos Key Distribution Center (KDC). The vulnerability is an integer overflow/wraparound in the Kerberos code, enabling an authorized attacker on an adjacent network to execute code. The CVE has a CVSSv3.1 score of 7.1 ( HIGH ) with attack vector Adjacent, high i...

CVE-2026-47287

CVE-2026-47287 affects Visual Studio Code. The provided documents describe a relative path traversal vulnerability that could allow tampering over a network. Per CVSS data, the attack vector is NETWORK with no privileges required but user interaction is required, and the impact includes high inte...

CVE-2026-45656

CVE-2026-45656 involves a protection mechanism failure in Windows UEFI that allows an authorized attacker to bypass a security feature locally. The CVSSv3.1 vector is AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H with a base score of 7.8 (HIGH). The attack is local with low complexity and requires low priv...

CVE-2026-45657

CVE-2026-45657 is a use-after-free in the Windows Kernel that enables a remote attacker to execute code over a network without user interaction. The formal CVSSv3.1 base score is 9.8 (CRITICAL), with network attack vector, low attack complexity, no privileges required, and high impact to confiden...

CVE-2026-45650

CVE-2026-45650 describes a UI misrepresentation vulnerability in Microsoft Bing Search that could enable an attacker to spoof information over a network. The exact root cause and affected UI components are not detailed in the provided documents. CVSSv3.1 base score is 4.3 (Medium): Network attack...

CVE-2026-45655

CVE-2026-45655 affects Windows BitLocker. The description indicates a protection mechanism failure that could allow an unauthorized attacker to bypass a security feature via a physical attack. The connected documents provide the following details: CVSSv3.1 base score 5.3 (Medium), attack vector P...

CVE-2026-45649

CVE-2026-45649 : Improper access control in Office for Android allows an unauthorized attacker to perform local spoofing. This is a local attack with user interaction required; impact on confidentiality and integrity is high, availability not affected. Connected documents confirm an Office for An...

CVE-2026-45648

The CVE-2026-45648 entry pertains to a stack-based buffer overflow in Windows Active Directory Domain Services that allows an authorized network attacker to execute code. Affected component is Active Directory Domain Services; root cause is a buffer overflow vulnerability. Impact is remote code e...

CVE-2026-45645

The provided data identify CVE-2026-45645 as a heap-based buffer overflow affecting Microsoft Office, enabling local code execution. Details show an exploit would require user interaction and has a local attack surface (attackVector: LOCAL, userInteraction: REQUIRED) with high impacts on confiden...