364821 matches found
CVE-2026-45608
Out-of-bounds read in Windows DHCP Client allows an unauthorized attacker to disclose information locally...
CVE-2026-45600
Access of resource using incompatible type 'type confusion' in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally...
CVE-2026-45602
No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network...
CVE-2026-45599
Use after free in Universal Plug and Play upnp.dll allows an unauthorized attacker to execute code over a network...
CVE-2026-45598
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...
CVE-2026-45603
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...
CVE-2026-45601
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...
CVE-2026-45595
Protection mechanism failure in Windows Mark of the Web MOTW allows an unauthorized attacker to bypass a security feature over a network...
CVE-2026-45594
Exposure of sensitive information to an unauthorized actor in Windows Application Identity AppID Subsystem allows an authorized attacker to disclose information locally...
CVE-2026-45596
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...
CVE-2026-45592
Integer overflow or wraparound in Windows Internet wininet.dll allows an authorized attacker to elevate privileges locally...
CVE-2026-45597
Concurrent execution using shared resource with improper synchronization 'race condition' in UI Automation Manager uiamanager.dll allows an authorized attacker to elevate privileges locally...
CVE-2026-45593
Use after free in Windows SDK allows an authorized attacker to elevate privileges locally...
CVE-2026-45504
Server-side request forgery ssrf in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network...
CVE-2026-45588
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...
CVE-2026-45586
Improper link resolution before file access 'link following' in Windows Collaborative Translation Framework allows an authorized attacker to elevate privileges locally...
CVE-2026-45502
Server-side request forgery ssrf in Microsoft Exchange Server allows an authorized attacker to disclose information over a network...
CVE-2026-45591
Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network...
CVE-2026-45583
Improper control of generation of code 'code injection' in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network...
CVE-2026-45503
Improper authorization in Microsoft Exchange Server allows an authorized attacker to disclose information over a network...
CVE-2026-45491
Improper link resolution before file access 'link following' in .NET allows an unauthorized attacker to perform tampering locally...
CVE-2026-45500
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-45490
Improper authorization in .NET allows an authorized attacker to elevate privileges locally...
CVE-2026-45501
Server-side request forgery ssrf in Microsoft Exchange Server allows an authorized attacker to perform spoofing over a network...
CVE-2026-45487
Time-of-check time-of-use TOCTOU race condition in Program Compatibility Assistant Service allows an authorized attacker to elevate privileges locally...
CVE-2026-45485
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally...
CVE-2026-45486
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally...
CVE-2026-45479
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
CVE-2026-45484
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network...
CVE-2026-45481
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
CVE-2026-45475
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally...
CVE-2026-45483
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office Project Server allows an authorized attacker to perform spoofing over a network...
CVE-2026-45476
Use after free in Linux MANA Driver allows an authorized attacker to elevate privileges locally...
CVE-2026-45482
Improper limitation of a pathname to a restricted directory 'path traversal' in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...
CVE-2026-45467
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
CVE-2026-45466
Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to disclose information locally...
CVE-2026-45469
Integer underflow wrap or wraparound in Microsoft Office Excel allows an unauthorized attacker to execute code locally...
CVE-2026-45471
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally...
CVE-2026-45468
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
CVE-2026-45472
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally...
CVE-2026-45474
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally...
CVE-2026-45459
Protection mechanism failure in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally...
CVE-2026-45462
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
CVE-2026-45458
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally...
CVE-2026-45463
Integer underflow wrap or wraparound in Microsoft Office allows an unauthorized attacker to execute code locally...
CVE-2026-45464
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-45460
Buffer over-read in Microsoft Office allows an unauthorized attacker to disclose information locally...
CVE-2026-45461
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally...
CVE-2026-45465
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-45446
Issue summary: The implementations of AES-SIV RFC 5297 and AES-GCM-SIV RFC 8452 mishandle the authentication of AAD Additional Authenticated Data with an empty ciphertext allowing a forgery of such messages. Impact summary: An attacker can forge empty messages with arbitrary AAD to the victim's...