364821 matches found
CVE-2026-47648
Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally...
CVE-2026-47640
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
CVE-2026-47641
Improper input validation in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
CVE-2026-47652
Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally...
CVE-2026-47654
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network...
CVE-2026-47653
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network...
CVE-2026-47637
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
CVE-2026-47631
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-47298
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...
CVE-2026-47638
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
CVE-2026-47636
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-47635
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally...
CVE-2026-47634
Improper neutralization of special elements in output used by a downstream component 'injection' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
CVE-2026-47639
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-47291
Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network...
CVE-2026-47293
Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally...
CVE-2026-47287
Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform tampering over a network...
CVE-2026-47284
Exposure of sensitive information to an unauthorized actor in Visual Studio Code allows an unauthorized attacker to disclose information over a network...
CVE-2026-47289
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...
CVE-2026-47288
Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network...
CVE-2026-47292
Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally...
CVE-2026-46492
md-fileserver allows for local viewing of markdown files in a browser. Prior to version 1.10.3, a cross-site scripting XSS vulnerability exists in the application’s Markdown rendering logic. When user-supplied Markdown content is rendered, embedded raw HTML—including tags—is processed and injecte...
CVE-2026-45657
Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network...
CVE-2026-45771
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH's bundled XML parser expands nested declarations without a depth or count boun...
CVE-2026-45658
Improper access control in Windows BitLocker allows an authorized attacker to bypass a security feature locally...
CVE-2026-47281
Missing authorization in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network...
CVE-2026-45649
Improper access control in Office for Android allows an unauthorized attacker to perform spoofing locally...
CVE-2026-45650
User interface ui misrepresentation of critical information in Microsoft Bing allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-45656
Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally...
CVE-2026-45655
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack...
CVE-2026-45654
Improper access control in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...
CVE-2026-45653
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally...
CVE-2026-45643
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally...
CVE-2026-45647
Time-of-check time-of-use toctou race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally...
CVE-2026-45642
Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack...
CVE-2026-45644
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Live Share Canvas SDK allows an authorized attacker to elevate privileges over a network...
CVE-2026-45648
Stack-based buffer overflow in Active Directory Domain Services allows an authorized attacker to execute code over a network...
CVE-2026-45641
Access of resource using incompatible type 'type confusion' in Windows Hyper-V allows an unauthorized attacker to execute code locally...
CVE-2026-45645
Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally...
CVE-2026-45639
Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network...
CVE-2026-45640
Use after free in Windows Bluetooth Port Driver allows an authorized attacker to elevate privileges locally...
CVE-2026-45638
Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...
CVE-2026-45636
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally...
CVE-2026-45637
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally...
CVE-2026-45635
Access of resource using incompatible type 'type confusion' in Universal Plug and Play upnp.dll allows an unauthorized attacker to execute code over a network...
CVE-2026-45634
Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally...
CVE-2026-45607
Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally...
CVE-2026-45606
Out-of-bounds read in Microsoft UxTheme Library uxtheme.dll allows an authorized attacker to deny service locally...
CVE-2026-45604
Out-of-bounds read in Windows Application Identity AppID Subsystem allows an authorized attacker to disclose information locally...
CVE-2026-45605
Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally...