364821 matches found
CVE-2026-45454
Improper limitation of a pathname to a restricted directory 'path traversal' in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...
CVE-2026-45456
Access of resource using incompatible type 'type confusion' in Microsoft Office allows an unauthorized attacker to execute code locally...
CVE-2026-45447
Issue summary: A specially crafted PKCS7 or S/MIME signed message could trigger a use-after-free during PKCS7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS7 or S/MIME signed...
CVE-2026-45453
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-45457
Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to execute code locally...
CVE-2026-45455
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally...
CVE-2026-45445
Issue summary: When an application drives an AES-OCB context through the public EVPCipher one-shot interface, the application-supplied initialisation vector IV is silently discarded. Impact summary: Every message encrypted under the same key uses the same effective nonce regardless of the IV...
CVE-2026-44819
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally...
CVE-2026-44824
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally...
CVE-2026-44822
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network...
CVE-2026-44821
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally...
CVE-2026-44820
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally...
CVE-2026-44823
Numeric truncation error in Microsoft Office Excel allows an unauthorized attacker to execute code locally...
CVE-2026-44818
Concurrent execution using shared resource with improper synchronization 'race condition' in Microsoft Office Excel allows an unauthorized attacker to execute code locally...
CVE-2026-44812
Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally...
CVE-2026-44813
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally...
CVE-2026-44814
Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally...
CVE-2026-44810
Improper authentication in Windows Cryptographic Services allows an unauthorized attacker to elevate privileges locally...
CVE-2026-44815
Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code over a network...
CVE-2026-44811
Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally...
CVE-2026-44817
Access of resource using incompatible type 'type confusion' in Microsoft Office Excel allows an unauthorized attacker to execute code locally...
CVE-2026-44809
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally...
CVE-2026-44805
Use after free in Windows Network Controller NC Host Agent allows an authorized attacker to deny service locally...
CVE-2026-44802
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally...
CVE-2026-44807
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally...
CVE-2026-44803
Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally...
CVE-2026-44804
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally...
CVE-2026-44808
Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally...
CVE-2026-42993
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...
CVE-2026-42992
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...
CVE-2026-42989
Improper link resolution before file access 'link following' in Winlogon allows an authorized attacker to elevate privileges locally...
CVE-2026-42991
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Push Notifications allows an authorized attacker to elevate privileges locally...
CVE-2026-44799
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...
CVE-2026-44801
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network...
CVE-2026-42986
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally...
CVE-2026-42987
Use after free in Windows Deployment Services allows an unauthorized attacker to execute code over a network...
CVE-2026-42984
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally...
CVE-2026-42981
Integer underflow wrap or wraparound in Windows Performance Monitor allows an unauthorized attacker to execute code over a network...
CVE-2026-42983
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally...
CVE-2026-42985
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network...
CVE-2026-42980
Integer underflow wrap or wraparound in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally...
CVE-2026-42979
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Push Notifications allows an authorized attacker to elevate privileges locally...
CVE-2026-42977
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Push Notifications allows an authorized attacker to elevate privileges locally...
CVE-2026-42978
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Push Notifications allows an authorized attacker to elevate privileges locally...
CVE-2026-42973
Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally...
CVE-2026-42974
Integer overflow or wraparound in Windows Performance Monitor allows an unauthorized attacker to execute code over a network...
CVE-2026-42969
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally...
CVE-2026-42968
Out-of-bounds read in Windows Telephony Service allows an authorized attacker to disclose information locally...
CVE-2026-42972
Exposure of sensitive information to an unauthorized actor in Windows Hyper-V allows an authorized attacker to disclose information locally...
CVE-2026-42970
Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally...