366532 matches found
CVE-2026-47631
The CVE-2026-47631 entry concerns Microsoft Exchange Server with a vulnerability in the rendering of web pages, described as improper neutralization of input during web page generation (cross-site scripting). The underlying issue allows an unauthorized attacker to spoof users over the network. Th...
CVE-2026-47298
CVE-2026-47298 constrains Microsoft Office SharePoint, where improper authorization allows an attacker with network access to execute code on vulnerable systems. The vulnerability is described as a remote code execution issue with a high impact on confidentiality, integrity, and availability (CVE...
CVE-2026-32193
CVE-2026-32193 targets Microsoft Azure Kubernetes Service with a path-traversal flaw that permits an authorized attacker to run code locally. The NVD entry describes it as a restricted-pathname limitation issue with CVSS v3.1 base score 8.8 (HIGH), attack vector LOCAL, required privileges LOW, no...
CVE-2026-41092
CVE-2026-41092 describes an improper access control in Microsoft Kinect that enables a locally authenticated attacker to elevate privileges. The CVSS 3.1 vector is AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H with a base score of 7.8 (HIGH). Affected component: Kinect functionality; root cause is insuffic...
CVE-2026-47292
CVE-2026-47292 concerns a vulnerability in the Visual Studio Code MSSQL Extension where inclusion of functionality from an untrusted control sphere allows an attacker to escalate privileges locally. The connected documents confirm the affected product (Visual Studio Code MSSQL Extension) and the ...
CVE-2026-47291
The CVE-2026-47291 entry describes an integer overflow/ wraparound in Windows HTTP.sys that enables a remote attacker to execute code over the network. Affected software component: Windows HTTP.sys. Root cause: integer overflow/wraparound in the HTTP.sys processing path. Impact: unauthenticated n...
CVE-2026-47289
CVE-2026-47289 is a heap-based buffer overflow in the Remote Desktop Client that enables remote code execution over a network. The vulnerability is exploitable remotely (attack vector: NETWORK) with low complexity and requires user interaction, yielding a high impact on confidentiality, integrity...
CVE-2026-47288
CVE-2026-47288 affects Windows Kerberos Key Distribution Center (KDC). The vulnerability is an integer overflow/wraparound in the Kerberos code, enabling an authorized attacker on an adjacent network to execute code. The CVE has a CVSSv3.1 score of 7.1 ( HIGH ) with attack vector Adjacent, high i...
CVE-2026-47287
CVE-2026-47287 affects Visual Studio Code. The provided documents describe a relative path traversal vulnerability that could allow tampering over a network. Per CVSS data, the attack vector is NETWORK with no privileges required but user interaction is required, and the impact includes high inte...
CVE-2026-45656
CVE-2026-45656 involves a protection mechanism failure in Windows UEFI that allows an authorized attacker to bypass a security feature locally. The CVSSv3.1 vector is AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H with a base score of 7.8 (HIGH). The attack is local with low complexity and requires low priv...
CVE-2026-45657
CVE-2026-45657 is a use-after-free in the Windows Kernel that enables a remote attacker to execute code over a network without user interaction. The formal CVSSv3.1 base score is 9.8 (CRITICAL), with network attack vector, low attack complexity, no privileges required, and high impact to confiden...
CVE-2026-45650
CVE-2026-45650 describes a UI misrepresentation vulnerability in Microsoft Bing Search that could enable an attacker to spoof information over a network. The exact root cause and affected UI components are not detailed in the provided documents. CVSSv3.1 base score is 4.3 (Medium): Network attack...
CVE-2026-45655
CVE-2026-45655 affects Windows BitLocker. The description indicates a protection mechanism failure that could allow an unauthorized attacker to bypass a security feature via a physical attack. The connected documents provide the following details: CVSSv3.1 base score 5.3 (Medium), attack vector P...
CVE-2026-45649
CVE-2026-45649 : Improper access control in Office for Android allows an unauthorized attacker to perform local spoofing. This is a local attack with user interaction required; impact on confidentiality and integrity is high, availability not affected. Connected documents confirm an Office for An...
CVE-2026-45648
The CVE-2026-45648 entry pertains to a stack-based buffer overflow in Windows Active Directory Domain Services that allows an authorized network attacker to execute code. Affected component is Active Directory Domain Services; root cause is a buffer overflow vulnerability. Impact is remote code e...
CVE-2026-45645
The provided data identify CVE-2026-45645 as a heap-based buffer overflow affecting Microsoft Office, enabling local code execution. Details show an exploit would require user interaction and has a local attack surface (attackVector: LOCAL, userInteraction: REQUIRED) with high impacts on confiden...
CVE-2026-45642
Microsoft Azure Attestation service and Device Health Attestation Service are affected by improper input validation, allowing an authorized attacker to perform spoofing with a physical attack. CVSS 3.1, base score 3.9 (LOW); attack vector Physical, privileges required High, integrity impact High,...
CVE-2026-45643
Summary of CVE-2026-45643 : Affected product is Microsoft Word (Office). The vulnerability is an untrusted pointer dereference in Word that allows an attacker to achieve local code execution on a vulnerable system with high impact (confidentiality, integrity, and availability). The CVSS-3.1 vecto...
CVE-2026-45641
CVE-2026-45641 affects Windows Hyper-V. The vulnerability is an out-of-bounds read in Hyper-V that enables a local attacker to execute code. Exploitation would be local with no user interaction and requires no privileges beyond those of the attacker, with a high impact on confidentiality, integri...
CVE-2026-45634
The CVE describes an out-of-bounds read in the Windows DHCP Server that enables an authorized local attacker to disclose information. The affected component is Windows DHCP Server; the root cause is a memory read violation leading to information disclosure. The CVSS metrics indicate a local attac...
CVE-2026-45607
CVE-2026-45607 affects Windows Hyper-V with an out-of-bounds read vulnerability that allows an attacker to execute code locally. Documents indicate LOCAL attack vector, no user interaction required, and high impact on confidentiality, integrity, and availability. No specific remediation steps or ...
CVE-2026-45606
CVE-2026-45606 concerns an out-of-bounds read in the Microsoft UxTheme Library (uxtheme.dll) that allows an authorized, low-privilege user to cause a local denial of service. The NVD/NIST and CVE records concur on the impact as a local DoS; attack vector is LOCAL, with LOW prerequisites and NONE ...
CVE-2026-45640
CVE-2026-45640 : Use-after-free in the Windows Bluetooth Port Driver enables a locally authenticated attacker to achieve privilege escalation. Affected: Windows Bluetooth Port Driver component. Root cause: use-after-free vulnerability as described. Impact: local privilege escalation with high imp...
CVE-2026-45639
The CVE-2026-45639 entry relates to an out-of-bounds read in Windows Remote Desktop Protocol (RDP). The underlying issue enables an unauthenticated, network-based attacker to disclose information over the network without user interaction. The CVSS 3.1 vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:...
CVE-2026-45605
CVE-2026-45605 is a Windows Bluetooth Service use-after-free vulnerability that allows an authorized, locally located attacker to escalate privileges. The CVSS 3.1 base score is 7.8 (High) with local attack vector, low attack complexity, and no user interaction; impact includes confidentiality, i...
CVE-2026-45504
CVE-2026-45504 is an SSRF-based elevation of privilege in Microsoft Exchange Server . The entry notes an attacker who is authorized can elevate privileges over the network. CVSS v3.1 base score is 8.8 (HIGH) with NETWORK attack vector, LOW attack complexity, and LOW privileges required, with NONE...
CVE-2026-45583
CVE-2026-45583 involves Microsoft Exchange Server and is described as an improper control of generation of code (code injection) that enables an unauthenticated attacker to execute code over the network. The CVSS 3.1 base score is 7.5 (HIGH) with NETWORK attack vector, HIGH impact on confidential...
CVE-2026-45502
CVE-2026-45502 is a server-side request forgery in Microsoft Exchange Server. An authenticated attacker can disclose information over the network (confidentiality impact partial) without user interaction, with network access and low attack complexity, under a changed scope. The entry provides a C...
CVE-2026-45503
CVE-2026-45503 is an SSRF vulnerability in Microsoft Exchange Server that could allow an authorized attacker to disclose information over a network. The provided documents cite CVSSv3.1 base metrics: 8.1 (High), with NETWORK attack vector, LOW attack complexity, Privileges Required: LOW, no user ...
CVE-2026-45501
CVE-2026-45501 concerns Microsoft Exchange Server. The issue is improper neutralization of input during web page generation, i.e., a cross-site scripting vulnerability that can allow an unauthorized attacker to perform spoofing over a network. CVSS 3.1 base score 6.5 (Medium): attack vector Netwo...
CVE-2026-45491
CVE-2026-45491 concerns an improper link resolution before file access ('link following') in .NET, enabling a local attacker to tamper with files. The description from NVD/CVE records specifies local attack vector with low attack complexity and no user interaction, resulting in potential integrit...
CVE-2026-45500
CVE-2026-45500: A cross-site scripting issue in Microsoft Exchange Server arises from improper neutralization of input during web page generation. This vulnerability could enable an unauthorized attacker to perform spoofing over the network. Documents identify Microsoft Exchange Server as affecte...
CVE-2026-45490
CVE-2026-45490 : In .NET, improper authorization could allow an authorized local attacker to elevate privileges. Documents indicate a local attack with low privileges required and high impact on confidentiality, integrity, and availability. Exploitation details, affected versions, and a concrete ...
CVE-2026-45487
CVE-2026-45487 is a Windows vulnerability in the Program Compatibility Assistant Service where a TOCTOU race condition enables a local, authorized user to elevate privileges. Affected component: Program Compatibility Assistant Service on Windows. Root cause: TOCTOU race condition allowing privile...
CVE-2026-45466
CVE-2026-45466 : Heap-based buffer overflow in Microsoft Word can allow a local attacker to disclose information. Affected product: Microsoft Word (Office). Vulnerability type: heap-based overflow in Word’s handling of content. Impact: confidentiality leakage (low), local access required with use...
CVE-2026-45461
CVE-2026-45461 describes a heap-based buffer overflow in Microsoft Office that allows an unauthorized attacker to execute code locally. Documents confirm the vulnerability exists in Microsoft Office and indicate a local attack vector with high impact (C: HIGH, I: HIGH, A: HIGH) and a base score o...
CVE-2026-45460
CVE-2026-45460 is an information-disclosure vulnerability in Microsoft Office caused by an out-of-bounds read in a Microsoft Office component. It allows a local, unauthenticated attacker to disclose information (confidentiality impact). The CVSSv3.1 metrics indicate a Local attack vector, High ex...
CVE-2026-45458
Microsoft Office (including Outlook and Word) is affected by CVE-2026-45458 due to a type-confusion in resource access, enabling local code execution. The vulnerability arises when an incompatible type is accessed, with a local attack vector, no user interaction, and no privileges required. The C...
CVE-2026-45453
CVE-2026-45453 affects Microsoft Office SharePoint Server and stems from improper neutralization of input during web page generation, enabling an authorized attacker to perform spoofing over a network via a cross-site scripting (XSS) flaw. The vulnerability involves the web-page generation compon...
CVE-2026-45456
CVE-2026-45456 affects Microsoft Office apps (notably Outlook and Word) and is caused by a resource access type confusion that can lead to local code execution. The vulnerability allows an authenticated, local attacker to run arbitrary code without user interaction, with high impact on confidenti...
CVE-2026-44824
CVE-2026-44824 affects Microsoft Office and is a heap-based buffer overflow that enables local code execution. The issue requires user interaction and has a CVSS v3.1 base score of 7.8 (HIGH) with LOCAL attack vector, no privileges required, and high impact on confidentiality, integrity, and avai...
CVE-2026-44823
The CVE-2026-44823 entry concerns an integer underflow (wrap or wraparound) in Microsoft Office Excel that could allow an attacker to execute code locally. Affected product: Microsoft Excel within Microsoft Office. The vulnerability is described as enabling local code execution with attack vector...
CVE-2026-44821
The CVE-2026-44821 entry concerns an out-of-bounds read in Microsoft Office that could allow a local attacker to disclose information. Affected software is Microsoft Office; the vulnerability is a read boundary issue in a component/file used by Office, enabling local information disclosure. The p...
CVE-2026-44820
CVE-2026-44820 affects Microsoft Excel in Office. An integer underflow (wrap/wraparound) in Excel can allow a local attacker to execute code on the affected host. Exploitation requires local access and user interaction; no remote vector is indicated. The CVSS 3.1 base score is 7.8 (HIGH) with imp...
CVE-2026-44819
CVE-2026-44819 affects Microsoft Office and is described as a heap-based buffer overflow that allows a local attacker to execute code. The vulnerability is characterized by a LOCAL attack vector, LOW attack complexity, and requires user interaction, with a high impact on confidentiality, integrit...
CVE-2026-44818
CVE-2026-44818 affects Microsoft Excel. A integer underflow (wrap/wraparound) in Excel is described as allowing an unauthorized attacker to execute code locally. The associated CVSS 3.1 vector indicates Local attack vector, high impact on confidentiality, integrity, and availability, with High pr...
CVE-2026-44817
CVE-2026-44817 is an Excel vulnerability: an integer underflow (wrap/wraparound) in Microsoft Excel could allow a local attacker to execute code. Exploitation details in the public metrics show local access with user interaction required and high impact on confidentiality, integrity, and availabi...
CVE-2026-34335
Use-after-free in the Windows Ancillary Function Driver for WinSock is the root cause of CVE-2026-34335. The vulnerability can allow an authenticated, local attacker to elevate privileges. The CVSSv3.1 score is 7.0 (High) with local attack vector, high complexity, and requires low privileges and ...
CVE-2026-42902
CVE-2026-42902 (Microsoft PowerToys) : The set of connected documents identifies an elevation-of-privilege issue due to improper authorization in PowerToys. A local, low-privilege attacker with no user interaction could exploit this to gain high-impact privileges (CVE-2026-42902). CVSSv3.1 base s...
CVE-2026-40404
CVE-2026-40404 concerns a Windows Universal Disk Format (UDFS) File System Driver Elevation of Privilege. The vulnerability affects the UDFS component, with a local attack vector, requiring low privileges and no user interaction, and yields high impact to confidentiality, integrity, and availabil...