CVE-2026-44820

CVE-2026-44820 affects Microsoft Excel in Office. An integer underflow (wrap/wraparound) in Excel can allow a local attacker to execute code on the affected host. Exploitation requires local access and user interaction; no remote vector is indicated. The CVSS 3.1 base score is 7.8 (HIGH) with imp...

CVE-2026-44819

CVE-2026-44819 affects Microsoft Office and is described as a heap-based buffer overflow that allows a local attacker to execute code. The vulnerability is characterized by a LOCAL attack vector, LOW attack complexity, and requires user interaction, with a high impact on confidentiality, integrit...

CVE-2026-44818

CVE-2026-44818 affects Microsoft Excel. A integer underflow (wrap/wraparound) in Excel is described as allowing an unauthorized attacker to execute code locally. The associated CVSS 3.1 vector indicates Local attack vector, high impact on confidentiality, integrity, and availability, with High pr...

CVE-2026-44817

CVE-2026-44817 is an Excel vulnerability: an integer underflow (wrap/wraparound) in Microsoft Excel could allow a local attacker to execute code. Exploitation details in the public metrics show local access with user interaction required and high impact on confidentiality, integrity, and availabi...

CVE-2026-34335

Use-after-free in the Windows Ancillary Function Driver for WinSock is the root cause of CVE-2026-34335. The vulnerability can allow an authenticated, local attacker to elevate privileges. The CVSSv3.1 score is 7.0 (High) with local attack vector, high complexity, and requires low privileges and ...

CVE-2026-42902

CVE-2026-42902 (Microsoft PowerToys) : The set of connected documents identifies an elevation-of-privilege issue due to improper authorization in PowerToys. A local, low-privilege attacker with no user interaction could exploit this to gain high-impact privileges (CVE-2026-42902). CVSSv3.1 base s...

CVE-2026-40404

CVE-2026-40404 concerns a Windows Universal Disk Format (UDFS) File System Driver Elevation of Privilege. The vulnerability affects the UDFS component, with a local attack vector, requiring low privileges and no user interaction, and yields high impact to confidentiality, integrity, and availabil...

CVE-2026-33828

CVE-2026-33828 affects Windows Device Health Attestation (DHA). The vulnerability is a trust boundary violation in Windows Attestation that allows an authorized local attacker to elevate privileges. CVSS v3.1 base metrics indicate high impact to confidentiality, integrity, and availability with l...

CVE-2026-40409

Technical details for CVE-2026-40409 are not publicly available in the provided documents. Monitor for updates from Microsoft/NVD for affected products, root cause, impact, and remediation.

CVE-2026-45483

CVE-2026-45483 affects Microsoft Office Project Server and involves improper neutralization of input during web page generation, enabling cross-site scripting. The vulnerability is described as allowing an authorized attacker to perform spoofing over a network. The CVSS 3.1 vector (AV:N/AC:L/PR:L...

CVE-2026-45485

CVE-2026-45485: In Microsoft Office, an out-of-bounds read leads to local information disclosure. Documents confirm the vulnerability and its impact (local disclosure) with low severity (CVSS 3.1:3.3). Exploitation details and affected component/version specifics are not provided in the supplied ...

CVE-2026-45479

The CVE-2026-45479 entries describe an XSS vulnerability in Microsoft Office SharePoint where improper neutralization of input during web page generation can enable an authorized attacker to perform spoofing over the network. Affected product is SharePoint/SharePoint Server; the root cause is lac...

CVE-2026-45486

CVE-2026-45486 concerns an untrusted pointer dereference in Microsoft Word that can allow a local attacker to execute code. The CVSS metrics indicate a HIGH base score (7.8) with LOCAL attack vector, LOW attack complexity, and user interaction required, privileges NONE, reflecting a local impact ...

CVE-2026-45474

The documents confirm CVE-2026-45474 is a Microsoft Office vulnerability described as a heap-based buffer overflow that allows an unauthenticated/unauthorized attacker to execute code locally on affected systems. Affected product is Microsoft Office, with the root cause identified as a heap-based...

CVE-2026-45471

CVE-2026-45471 affects Microsoft Word and stems from an untrusted pointer dereference in Word’s runtime that can lead to local code execution. The CVSSv3.1 vector (L/Low complexity, no privileges required, user interaction required, local scope) yields a base score of 7.8 (HIGH). Documented impac...

CVE-2026-45475

This CVE (CVE-2026-45475) concerns a heap-based buffer overflow in Microsoft Office. The description indicates an unauthorized attacker could achieve local code execution, with user interaction required and high impact on confidentiality, integrity, and availability. The provided documents do not...

CVE-2026-45472

CVE-2026-45472 is a heap-based buffer overflow in Microsoft Office that allows an unauthorized attacker to execute code locally. The connected sources (NVD, CVE listing) corroborate a local-execution impact due to a heap overflow in Office components. No explicit root-cause details beyond the hea...

CVE-2026-45469

CVE-2026-45469 affects Microsoft Excel (Office) and is caused by an integer underflow/wraparound in Excel. The vulnerability can allow a local attacker to execute code on the affected system; the CVSS indicates LOCAL access, required user interaction, and high impact to confidentiality, integrity...

CVE-2026-45468

CVE-2026-45468 involves an improper neutralization of input during web page generation (XSS) in Microsoft Office SharePoint / SharePoint Server . An authorized attacker can perform spoofing over a network by targeting affected SharePoint web pages. The CVSS 3.1 base score is 4.6 (Medium); attack ...

CVE-2026-45467

CVE-2026-45467 describes an XSS vulnerability in Microsoft Office SharePoint Server caused by improper neutralization of input during web page generation. The issue can allow a network-based, authenticated attacker with low privileges to spoof content presented to users, requiring user interactio...

CVE-2026-41108

CVE-2026-41108 is a heap-based buffer overflow in the Microsoft Windows DNS Client that allows an authorized, local attacker to perform privilege escalation. Affected component: Windows DNS client functionality (DNS resolution path); root cause: heap-based overflow leading to elevation of privile...

CVE-2026-47980

Adobe Experience Manager (AEM) versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored XSS vulnerability. The issue allows a low-privileged attacker to inject malicious scripts into vulnerable form fields, with execution of JavaScript when a user visits the page containing the vuln...

CVE-2026-47945

Adobe Experience Manager (AEM) 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored XSS vulnerability. The issue occurs in vulnerable form fields where user-supplied input is stored and later rendered, enabling a low-privileged attacker to inject malicious JavaScript that executes in a v...

CVE-2026-48280

Adobe Experience Manager (AEM) is affected by a DOM-based Cross-Site Scripting (XSS) vulnerability in versions 6.5.24, LTS SP1, 2026.04 and earlier. The issue allows an attacker to cause malicious JavaScript to run in a victim’s browser by manipulating the DOM; exploitation requires user interact...

CVE-2026-47985

Adobe Experience Manager (AEM) versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. Exploitation requires user interaction: a victim must visit a crafted webpage, allowing malicious JavaScript to execute in the browser context. Scope ...

CVE-2026-47935

Adobe Experience Manager version range affected: 6.5.24, LTS SP1, 2026.04 and earlier. The issue is a DOM-based Cross-Site Scripting (XSS) vulnerability that an attacker can exploit by manipulating the DOM to execute malicious JavaScript in a victim’s browser. Exploitation requires user interacti...

CVE-2026-47941

CVE-2026-47941 : Adobe Experience Manager (AEM) versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored XSS vulnerability in vulnerable form fields. A low-privilege attacker can inject malicious scripts, which may execute in a victim’s browser when visiting the affected page. The v...

CVE-2026-48251

Adobe Experience Manager v6.5.24, LTS SP1, 2026.04 and earlier is affected by a DOM-based XSS vulnerability. The issue arises from manipulating the DOM to run malicious JavaScript in the victim’s browser; exploitation requires user interaction (the user visiting a crafted page). Affected componen...

CVE-2026-48289

CVE-2026-48289 affects Adobe Experience Manager (AEM) versions 6.5.24, LTS SP1, 2026.04 and earlier. The issue is an Improper Input Validation vulnerability that can bypass security features and allow unauthorized write access. Exploitation requires user interaction, with the attacker needing a v...

CVE-2026-48297

Adobe Experience Manager (AEM) 6.5.24, LTS SP1, and 2026.04 and earlier are affected by a stored XSS vulnerability (CVE-2026-48297). A low-privileged attacker can inject malicious scripts into vulnerable form fields, with JavaScript executed in the victim’s browser when visiting the page containi...

CVE-2026-48256

Adobe Experience Manager (AEM) 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. The issue can be exploited by manipulating the DOM to execute malicious JavaScript in the victim’s browser, with exploitation requiring user interaction (victi...

CVE-2026-48268

Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting (XSS) vulnerability affecting versions 6.5.24, LTS SP1, 2026.04 and earlier. The issue allows an attacker to manipulate the DOM to execute malicious JavaScript in the victim’s browser, requiring user interaction (victim visi...

CVE-2026-47993

Adobe Experience Manager is affected by a DOM-based XSS in versions 6.5.24, LTS SP1, 2026.04 and earlier. The issue arises from manipulating the DOM to execute malicious JavaScript in the victim’s browser, with exploitation requiring user interaction on a crafted webpage. The CVSS vector indicate...

CVE-2026-47936

CVE-2026-47936 affects Adobe Experience Manager (AEM) versions 6.5.24, LTS SP1, and 2026.04 and earlier. The issue is a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields, which could be abused by a low-privileged attacker to inject malicious scripts. When victims visit a p...

CVE-2026-47956

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored XSS vulnerability that lets a low-privilege attacker inject malicious scripts into vulnerable form fields. Malicious JavaScript can execute in a victim’s browser when visiting the page containing the v...

CVE-2026-47939

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability. A low-privileged attacker can inject malicious scripts into vulnerable form fields, causing the victim’s browser to execute JavaScript when visiting the page c...

CVE-2026-47982

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based XSS vulnerability. An attacker could cause malicious JavaScript execution in a victim’s browser by manipulating the DOM; exploitation requires the victim to visit a crafted page. The issue has chang...

CVE-2026-47989

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based XSS vulnerability. An attacker could leverage DOM manipulation to run malicious JavaScript in a victim’s browser, requiring user interaction (visiting a crafted page). CVSS3.1 shows a base score of ...

CVE-2026-47977

Adobe Experience Manager versions 6.5.24, LTS SP1, and 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability. A low-privileged attacker can inject malicious scripts into vulnerable form fields, with malicious JavaScript potentially executed in a victim’s browser wh...

CVE-2026-47991

Adobe Experience Manager (AEM) 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Open Redirect vulnerability (CWE-601). An attacker can induce a user to click a malicious URL that redirects to a site under the attacker’s control, potentially enabling account takeover. Exploitation requires ...

CVE-2026-47947

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based XSS vulnerability. An attacker could manipulate the DOM to run malicious JavaScript in the victim’s browser; exploitation requires user interaction (victim visits a crafted page). Affected component...

CVE-2026-47972

Adobe Experience Manager (AEM) up to version 6.5.24, LTS SP1, 2026.04 and earlier is affected by a stored XSS vulnerability. A low-privilege attacker can inject malicious scripts into vulnerable form fields, with malicious JavaScript executed in the victim’s browser when visiting the affected pag...

CVE-2026-47954

CVE-2026-47954 affects Adobe Experience Manager (AEM) versions 6.5.24, LTS SP1, 2026.04 and earlier. A stored Cross-Site Scripting (XSS) vulnerability could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable form fields, resulting in malicious JavaScript executi...

CVE-2026-47951

Adobe Experience Manager (AEM) on versions 6.5.24, LTS SP1, 2026.04 and earlier is affected by a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields. A low-privileged attacker can inject malicious scripts that are executed in the victim’s browser when visiting a page contain...

CVE-2026-47943

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields. A low-privilege attacker could inject malicious scripts, with the malicious JavaScript potentially executing in a victim’s browser wh...

CVE-2026-47974

Adobe Experience Manager (AEM) 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored XSS vulnerability. A low-privileged attacker can inject malicious scripts into vulnerable form fields, leading to JavaScript execution in the victim’s browser when visiting the page containing the field. ...

CVE-2026-47942

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored XSS vulnerability in vulnerable form fields. A low-privileged attacker can inject malicious scripts, with JavaScript potentially executing in a victim’s browser when visiting the affected page. The iss...

CVE-2026-48258

CVE-2026-48258 affects Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier. The issue is a DOM-based XSS vulnerability where an attacker can leverage DOM manipulation to execute malicious JavaScript in the victim’s browser. Exploitation requires user interaction (the victim mus...

CVE-2026-47975

Adobe Experience Manager (AEM) affects CVE-2026-47975: stored cross-site scripting (XSS) in vulnerable form fields for AEM versions 6.5.24, LTS SP1, 2026.04 and earlier. The vulnerability could be abused by a low-privileged attacker to inject malicious scripts, with malicious JavaScript executed ...

CVE-2026-47962

Adobe Experience Manager (AEM) versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored XSS vulnerability. A low-privileged attacker can inject malicious scripts into vulnerable form fields, leading to malicious JavaScript execution in a victim’s browser when visiting a page with th...