← Browse

Microsoft

250 CVEs
CVE IDSeverityProduct / summaryPublished
CVE-2026-50521 HIGH 8.3 Microsoft Edge (Chromium Based) — Use after free in Microsoft Edge (Chromium-based) allows an authorized attacker to execute code over a network… 2026-07-01 CVE-2026-49451 HIGH 7.5 Openapi.Net — The OpenAPI.NET SDK contains a useful object model for OpenAPI documents in .NET along with common serializers… 2026-06-30 CVE-2026-32208 HIGH 8.8 Microsoft Edge (Chromium Based) — Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Entra ID all… 2026-06-19 CVE-2026-42895 MEDIUM 6.5 Microsoft 365 Copilot — Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allow… 2026-06-19 CVE-2026-45480 CRITICAL 10 Azure Active Directory — Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a… 2026-06-19 CVE-2026-47645 HIGH 8.8 Microsoft 365 Copilot — Url redirection to untrusted site ('open redirect') in Microsoft 365 Copilot's Business Chat allows an unautho… 2026-06-19 CVE-2026-48582 CRITICAL 9.6 Microsoft Exchange Online — Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a … 2026-06-19 CVE-2026-48584 CRITICAL 9.9 Azure Synapse — Execution with unnecessary privileges in Azure Synapse allows an authorized attacker to elevate privileges ove… 2026-06-19 CVE-2026-49336 MEDIUM 5.5 Kiota Typescript — @microsoft/kiota-http-fetchlibrary provides TypeScript libraries for Kiota-generated API clients. In versions … 2026-06-19 CVE-2026-50519 MEDIUM 6.5 Github Copilot Chat — Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unaut… 2026-06-19 CVE-2026-32174 HIGH 7.7 Azure Ai Bot Service — Improper authentication in Azure Bot Service allows an authorized attacker to elevate privileges over a networ… 2026-06-18 CVE-2026-47633 HIGH 7.5 Microsoft Cost Management — Exposure of sensitive information to an unauthorized actor in Cost Management Interactive Experiences allows a… 2026-06-18 CVE-2026-47647 CRITICAL 9.9 Microsoft Dynamics 365 — Improper access control in Microsoft Dynamics 365 allows an authorized attacker to elevate privileges over a n… 2026-06-18 CVE-2026-54130 CRITICAL 9.8 Microsoft 365 Copilot — Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose infor… 2026-06-18 CVE-2026-50656 HIGH 7.8 Microsoft Malware Protection Engine — Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defend…● PoC 2026-06-16 CVE-2026-26142 CRITICAL 9.8 Nuance Powerscribe 360 4.0 — Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute code over a… 2026-06-09 CVE-2026-32193 HIGH 8.8 Azure Kubernetes Service — Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Azure Kubernetes S… 2026-06-09 CVE-2026-33113 MEDIUM 5.4 Microsoft Sharepoint Enterprise Server 2016 — Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Share… 2026-06-09 CVE-2026-33828 HIGH 7.8 Windows 10 Version 1607 — Trust boundary violation in Windows Attestation allows an authorized attacker to elevate privileges locally. 2026-06-09 CVE-2026-34335 HIGH 7 Windows 10 Version 1607 — Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privi… 2026-06-09 CVE-2026-40371 HIGH 8.8 Microsoft Dynamics 365 (On Premises) Version 9.1 — Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 (on-premises) allows an … 2026-06-09 CVE-2026-40376 HIGH 7.5 Visual Studio Code — Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a n… 2026-06-09 CVE-2026-40404 HIGH 7.8 Windows 10 Version 1607 — Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability 2026-06-09 CVE-2026-40409 HIGH 7.8 Windows 10 Version 1607 — Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability 2026-06-09 CVE-2026-41092 HIGH 7.8 Windows 10 Version 1607 — Improper access control in Microsoft Kinect allows an authorized attacker to elevate privileges locally. 2026-06-09 CVE-2026-41098 HIGH 8.4 Azure Stack Edge — Improper neutralization of input during web page generation ('cross-site scripting') in Azure Stack Edge allow… 2026-06-09 CVE-2026-41108 HIGH 7 Windows 10 Version 1607 — Heap-based buffer overflow in Microsoft Windows DNS allows an authorized attacker to elevate privileges locall… 2026-06-09 CVE-2026-42828 HIGH 7.8 Windows 10 Version 1809 — Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privi… 2026-06-09 CVE-2026-42829 HIGH 7.8 Windows 11 Version 24h2 — Improper access control in Windows Administrator Protection allows an authorized attacker to bypass a security… 2026-06-09 CVE-2026-42835 HIGH 8.1 Microsoft Teams For Android — Improper neutralization of special elements in output used by a downstream component ('injection') in Microsof… 2026-06-09 CVE-2026-42836 HIGH 7 Windows 10 Version 1607 — Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discov… 2026-06-09 CVE-2026-42837 HIGH 7.8 Windows 10 Version 1809 — Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privi… 2026-06-09 CVE-2026-42902 HIGH 7.8 Microsoft Powertoys — Improper authorization in Microsoft PowerToys allows an authorized attacker to elevate privileges locally. 2026-06-09 CVE-2026-42903 MEDIUM 6.5 Windows 10 Version 1607 — Null pointer dereference in Windows Kerberos allows an authorized attacker to deny service over a network. 2026-06-09 CVE-2026-42904 CRITICAL 9.6 Windows 10 Version 21h2 — Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adj… 2026-06-09 CVE-2026-42905 HIGH 7.8 Windows 10 Version 1607 — Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. 2026-06-09 CVE-2026-42906 MEDIUM 5.5 Windows 10 Version 21h2 — Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to d… 2026-06-09 CVE-2026-42907 MEDIUM 6.5 Windows 10 Version 1809 — Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to d… 2026-06-09 CVE-2026-42908 HIGH 7.5 Windows 10 Version 1607 — Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network. 2026-06-09 CVE-2026-42909 HIGH 7.5 Remote Desktop Client For Windows Desktop — Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a net… 2026-06-09 CVE-2026-42910 HIGH 7.8 Windows 11 Version 24h2 — Out-of-bounds write in Windows Hotpatch Monitoring Service allows an authorized attacker to elevate privileges… 2026-06-09 CVE-2026-42911 HIGH 7 Windows 10 Version 1607 — Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privi… 2026-06-09 CVE-2026-42912 HIGH 7 Windows 10 Version 1607 — Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Telepho… 2026-06-09 CVE-2026-42913 HIGH 7.5 Remote Desktop Client For Windows Desktop — Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a net… 2026-06-09 CVE-2026-42914 MEDIUM 5.3 Windows 10 Version 1607 — Windows Kerberos Denial of Service Vulnerability 2026-06-09 CVE-2026-42915 MEDIUM 5.5 Windows 10 Version 21h2 — Incorrect calculation of buffer size in Windows VMSwitch allows an authorized attacker to deny service locally… 2026-06-09 CVE-2026-42916 HIGH 7.8 Windows 10 Version 1607 — Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privil… 2026-06-09 CVE-2026-42968 MEDIUM 5.5 Windows 10 Version 1607 — Out-of-bounds read in Windows Telephony Service allows an authorized attacker to disclose information locally. 2026-06-09 CVE-2026-42969 MEDIUM 5.5 Windows 10 Version 1607 — Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose informat… 2026-06-09 CVE-2026-42970 MEDIUM 5.5 Windows 10 Version 1607 — Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose informat… 2026-06-09 CVE-2026-42971 MEDIUM 5.5 Windows 10 Version 1607 — Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose informat… 2026-06-09 CVE-2026-42972 MEDIUM 5.5 Windows 10 Version 1607 — Exposure of sensitive information to an unauthorized actor in Windows Hyper-V allows an authorized attacker to… 2026-06-09 CVE-2026-42973 MEDIUM 5.5 Windows 10 Version 1607 — Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose informat… 2026-06-09 CVE-2026-42974 HIGH 8.1 Windows 11 Version 23h2 — Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execu… 2026-06-09 CVE-2026-42977 HIGH 7.8 Windows 10 Version 1809 — Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push No… 2026-06-09 CVE-2026-42978 HIGH 7.8 Windows 10 Version 1809 — Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push No… 2026-06-09 CVE-2026-42979 HIGH 7.8 Windows 10 Version 1809 — Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push No… 2026-06-09 CVE-2026-42980 HIGH 7.8 Windows 10 Version 1607 — Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privil… 2026-06-09 CVE-2026-42981 HIGH 8.1 Windows 11 Version 23h2 — Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execu… 2026-06-09 CVE-2026-42983 HIGH 7.8 Windows 10 Version 1809 — Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. 2026-06-09 CVE-2026-42984 HIGH 7 Windows 10 Version 1809 — Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. 2026-06-09 CVE-2026-42985 HIGH 8.8 Remote Desktop Client For Windows Desktop — Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a net… 2026-06-09 CVE-2026-42986 HIGH 7.8 Windows 10 Version 1607 — Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. 2026-06-09 CVE-2026-42987 HIGH 8.1 Windows Server 2012 — Use after free in Windows Deployment Services allows an unauthorized attacker to execute code over a network. 2026-06-09 CVE-2026-42989 HIGH 7.8 Windows 10 Version 1607 — Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to el… 2026-06-09 CVE-2026-42991 HIGH 7.8 Windows 10 Version 1809 — Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push No… 2026-06-09 CVE-2026-42992 HIGH 7.5 Windows 10 Version 1607 — Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a net… 2026-06-09 CVE-2026-42993 HIGH 7.5 Windows 10 Version 21h2 — Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a net… 2026-06-09 CVE-2026-44799 HIGH 7.5 Remote Desktop Client For Windows Desktop — Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a net… 2026-06-09 CVE-2026-44801 HIGH 7.5 Remote Desktop Client For Windows Desktop — Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a net… 2026-06-09 CVE-2026-44802 HIGH 7.8 Windows 10 Version 1809 — Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. 2026-06-09 CVE-2026-44803 HIGH 7.8 Microsoft Excel For Android — Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locall… 2026-06-09 CVE-2026-44804 HIGH 7.8 Windows 11 Version 26h1 — Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. 2026-06-09 CVE-2026-44805 MEDIUM 5.5 Windows Server 2019 — Use after free in Windows Network Controller (NC) Host Agent allows an authorized attacker to deny service loc… 2026-06-09 CVE-2026-44807 HIGH 7.8 Windows 11 Version 26h1 — Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. 2026-06-09 CVE-2026-44808 HIGH 7.8 Windows 11 Version 26h1 — Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. 2026-06-09 CVE-2026-44809 HIGH 7.8 Windows 11 Version 24h2 — Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges lo… 2026-06-09 CVE-2026-44810 HIGH 8.4 Windows 11 Version 23h2 — Improper authentication in Windows Cryptographic Services allows an unauthorized attacker to elevate privilege… 2026-06-09 CVE-2026-44811 HIGH 7.8 Windows 11 Version 26h1 — Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. 2026-06-09 CVE-2026-44812 HIGH 7.8 Microsoft Excel For Android — Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locall… 2026-06-09 CVE-2026-44813 HIGH 7.8 Windows 11 Version 26h1 — Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. 2026-06-09 CVE-2026-44814 MEDIUM 5.5 Windows 11 Version 26h1 — Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally. 2026-06-09 CVE-2026-44815 CRITICAL 9.8 Windows 10 Version 1607 — Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code over a netw… 2026-06-09 CVE-2026-44817 HIGH 7.8 Microsoft 365 Apps For Enterprise — Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute co… 2026-06-09 CVE-2026-44818 HIGH 7 Microsoft 365 Apps For Enterprise — Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute co… 2026-06-09 CVE-2026-44819 HIGH 7.8 Microsoft 365 Apps For Enterprise — Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. 2026-06-09 CVE-2026-44820 HIGH 7.8 Microsoft 365 Apps For Enterprise — Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute co… 2026-06-09 CVE-2026-44821 MEDIUM 5.5 Microsoft 365 Apps For Enterprise — Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally. 2026-06-09 CVE-2026-44822 HIGH 8.2 Microsoft 365 Apps For Enterprise — Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a ne… 2026-06-09 CVE-2026-44823 HIGH 7.8 Microsoft 365 Apps For Enterprise — Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute co… 2026-06-09 CVE-2026-44824 HIGH 7.8 Microsoft 365 Apps For Enterprise — Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. 2026-06-09 CVE-2026-45453 MEDIUM 5.4 Microsoft Sharepoint Enterprise Server 2016 — Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Share… 2026-06-09 CVE-2026-45454 MEDIUM 6.5 Microsoft Sharepoint Enterprise Server 2016 — Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint … 2026-06-09 CVE-2026-45455 LOW 3.3 Microsoft 365 Apps For Enterprise — Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a ne… 2026-06-09 CVE-2026-45456 HIGH 8.4 Microsoft 365 Apps For Enterprise — Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attac… 2026-06-09 CVE-2026-45457 HIGH 7.8 Microsoft 365 Apps For Enterprise — Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally… 2026-06-09 CVE-2026-45458 HIGH 8.4 Microsoft 365 Apps For Enterprise — Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attac… 2026-06-09 CVE-2026-45459 LOW 3.3 Microsoft 365 Apps For Enterprise — Protection mechanism failure in Microsoft Office Excel allows an unauthorized attacker to bypass a security fe… 2026-06-09 CVE-2026-45460 MEDIUM 4.7 Microsoft 365 Apps For Enterprise — Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally. 2026-06-09 CVE-2026-45461 HIGH 8.4 Microsoft 365 Apps For Enterprise — Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. 2026-06-09 CVE-2026-45462 MEDIUM 4.6 Microsoft Sharepoint Enterprise Server 2016 — Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Share… 2026-06-09 CVE-2026-45463 HIGH 8.4 Microsoft 365 Apps For Enterprise — Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. 2026-06-09 CVE-2026-45464 MEDIUM 5.4 Microsoft Sharepoint Enterprise Server 2016 — Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Share… 2026-06-09 CVE-2026-45465 MEDIUM 5.4 Microsoft Sharepoint Enterprise Server 2016 — Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Share… 2026-06-09 CVE-2026-45466 LOW 3.3 Microsoft 365 Apps For Enterprise — Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to disclose information lo… 2026-06-09 CVE-2026-45467 MEDIUM 4.6 Microsoft Sharepoint Enterprise Server 2016 — Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Share… 2026-06-09 CVE-2026-45468 MEDIUM 4.6 Microsoft Sharepoint Enterprise Server 2016 — Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Share… 2026-06-09 CVE-2026-45469 HIGH 7.8 Microsoft 365 Apps For Enterprise — Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute co… 2026-06-09 CVE-2026-45471 HIGH 7.8 Microsoft 365 Apps For Enterprise — Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally… 2026-06-09 CVE-2026-45472 HIGH 8.4 Microsoft 365 Apps For Enterprise — Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. 2026-06-09 CVE-2026-45474 HIGH 8.4 Microsoft 365 Apps For Enterprise — Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. 2026-06-09 CVE-2026-45475 HIGH 7.8 Microsoft 365 Apps For Enterprise — Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. 2026-06-09 CVE-2026-45476 HIGH 8.2 Linux Kernel Microsoft Mana Network Driver — Use after free in Linux MANA Driver allows an authorized attacker to elevate privileges locally. 2026-06-09 CVE-2026-45479 MEDIUM 4.6 Microsoft Sharepoint Enterprise Server 2016 — Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Share… 2026-06-09 CVE-2026-45481 HIGH 7.3 Microsoft Sharepoint Enterprise Server 2016 — Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Share… 2026-06-09 CVE-2026-45482 HIGH 8.4 Microsoft Visual Studio Code Copilot Chat Extension — Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unaut… 2026-06-09 CVE-2026-45483 MEDIUM 4.6 Microsoft Sharepoint Enterprise Server 2016 — Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Proje… 2026-06-09 CVE-2026-45484 HIGH 8.8 Microsoft Sharepoint Enterprise Server 2016 — Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to elevate priv… 2026-06-09 CVE-2026-45485 LOW 3.3 Microsoft 365 Apps For Enterprise — Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally. 2026-06-09 CVE-2026-45486 HIGH 7.8 Microsoft 365 Apps For Enterprise — Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally… 2026-06-09 CVE-2026-45487 HIGH 7.8 Windows 10 Version 21h2 — Time-of-check time-of-use (TOCTOU) race condition in Program Compatibility Assistant Service allows an authori… 2026-06-09 CVE-2026-45490 HIGH 7.8 .Net 10.0 — Improper authorization in .NET allows an authorized attacker to elevate privileges locally. 2026-06-09 CVE-2026-45491 MEDIUM 6.2 .Net 10.0 — Improper link resolution before file access ('link following') in .NET allows an unauthorized attacker to perf… 2026-06-09 CVE-2026-45500 MEDIUM 6.1 Microsoft Exchange Server 2016 Cumulative Update 23 — Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Ser… 2026-06-09 CVE-2026-45501 MEDIUM 6.5 Microsoft Exchange Server 2016 Cumulative Update 23 — Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Ser… 2026-06-09 CVE-2026-45502 MEDIUM 5 Microsoft Exchange Server 2016 Cumulative Update 23 — Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose info… 2026-06-09 CVE-2026-45503 HIGH 8.1 Microsoft Exchange Server 2016 Cumulative Update 23 — Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose info… 2026-06-09 CVE-2026-45504 HIGH 8.8 Microsoft Exchange Server 2016 Cumulative Update 23 — Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to elevate privi… 2026-06-09 CVE-2026-45583 HIGH 7.5 Microsoft Exchange Server 2016 Cumulative Update 23 — Improper control of generation of code ('code injection') in Microsoft Exchange Server allows an unauthorized … 2026-06-09 CVE-2026-45586 HIGH 7.8 Windows 10 Version 1607 — Improper link resolution before file access ('link following') in Windows Collaborative Translation Framework … 2026-06-09 CVE-2026-45588 HIGH 7.9 Windows 10 Version 1607 — Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature… 2026-06-09 CVE-2026-45591 HIGH 7.5 .Net 10.0 — Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a netwo… 2026-06-09 CVE-2026-45592 HIGH 7.8 Windows 10 Version 1607 — Integer overflow or wraparound in Windows Internet (wininet.dll) allows an authorized attacker to elevate priv… 2026-06-09 CVE-2026-45593 HIGH 7.8 Windows 10 Version 1809 — Use after free in Windows SDK allows an authorized attacker to elevate privileges locally. 2026-06-09 CVE-2026-45594 MEDIUM 5.5 Windows 10 Version 1607 — Exposure of sensitive information to an unauthorized actor in Windows Application Identity (AppID) Subsystem a… 2026-06-09 CVE-2026-45595 MEDIUM 5.4 Windows 10 Version 1607 — Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a sec… 2026-06-09 CVE-2026-45596 HIGH 7 Windows 10 Version 1607 — Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privi… 2026-06-09 CVE-2026-45597 HIGH 7 Windows 11 Version 23h2 — Concurrent execution using shared resource with improper synchronization ('race condition') in UI Automation M… 2026-06-09 CVE-2026-45598 HIGH 7 Windows 10 Version 1607 — Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privi… 2026-06-09 CVE-2026-45599 HIGH 8.1 Windows 10 Version 1607 — Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a ne… 2026-06-09 CVE-2026-45600 HIGH 7.8 Windows 11 Version 24h2 — Access of resource using incompatible type ('type confusion') in Windows Kernel-Mode Drivers allows an authori… 2026-06-09 CVE-2026-45601 HIGH 7 Windows 10 Version 1607 — Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privi… 2026-06-09 CVE-2026-45602 CRITICAL 9.1 Windows 10 Version 1607 — No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a netwo… 2026-06-09 CVE-2026-45603 HIGH 7 Windows 10 Version 1607 — Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privi… 2026-06-09 CVE-2026-45604 MEDIUM 5.5 Windows 11 Version 23h2 — Out-of-bounds read in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose… 2026-06-09 CVE-2026-45605 HIGH 7.8 Windows 10 Version 1607 — Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. 2026-06-09 CVE-2026-45606 MEDIUM 5.5 Windows 10 Version 1607 — Out-of-bounds read in Microsoft UxTheme Library (uxtheme.dll) allows an authorized attacker to deny service lo… 2026-06-09 CVE-2026-45607 HIGH 8.4 Windows 10 Version 1607 — Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally. 2026-06-09 CVE-2026-45608 MEDIUM 6.8 Windows 10 Version 1607 — Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally. 2026-06-09 CVE-2026-45634 MEDIUM 5.5 Windows 10 Version 1607 — Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally. 2026-06-09 CVE-2026-45635 HIGH 8.1 Windows 10 Version 1607 — Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a ne… 2026-06-09 CVE-2026-45636 HIGH 7.8 Windows 10 Version 1607 — Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally. 2026-06-09 CVE-2026-45637 HIGH 7.8 Windows 10 Version 1809 — Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. 2026-06-09 CVE-2026-45638 HIGH 7.8 Windows 10 Version 1607 — Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to e… 2026-06-09 CVE-2026-45639 HIGH 7.5 Remote Desktop Client For Windows Desktop — Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network. 2026-06-09 CVE-2026-45640 HIGH 7 Windows 10 Version 21h2 — Use after free in Windows Bluetooth Port Driver allows an authorized attacker to elevate privileges locally. 2026-06-09 CVE-2026-45641 HIGH 8.4 Windows 10 Version 21h2 — Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally. 2026-06-09 CVE-2026-45642 LOW 3.9 Windows 10 Version 1607 — Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows … 2026-06-09 CVE-2026-45643 HIGH 7.8 Microsoft 365 Apps For Enterprise — Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally… 2026-06-09 CVE-2026-45644 HIGH 8 Microsoft Live Share Canvas Sdk — Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Live Share C… 2026-06-09 CVE-2026-45645 HIGH 7.8 Microsoft 365 Apps For Enterprise — Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. 2026-06-09 CVE-2026-45647 MEDIUM 5.5 Microsoft Defender For Endpoint For Mac — Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Endpoint allows an authorized atta… 2026-06-09 CVE-2026-45648 HIGH 8.8 Windows Server 2022 — Stack-based buffer overflow in Active Directory Domain Services allows an authorized attacker to execute code … 2026-06-09 CVE-2026-45649 HIGH 7.1 Microsoft Excel For Android — Improper access control in Office for Android allows an unauthorized attacker to perform spoofing locally. 2026-06-09 CVE-2026-45650 MEDIUM 4.3 Microsoft Bing Search For Android — User interface (ui) misrepresentation of critical information in Microsoft Bing allows an unauthorized attacke… 2026-06-09 CVE-2026-45653 HIGH 7 Windows 10 Version 1607 — Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. 2026-06-09 CVE-2026-45654 HIGH 7.9 Windows 11 Version 24h2 — Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature… 2026-06-09 CVE-2026-45655 MEDIUM 5.3 Windows 10 Version 1607 — Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature… 2026-06-09 CVE-2026-45656 HIGH 7.8 Windows 10 Version 1607 — Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locall… 2026-06-09 CVE-2026-45657 CRITICAL 9.8 Windows 11 Version 23h2 — Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network. 2026-06-09 CVE-2026-45658 HIGH 7.8 Windows 10 Version 1607 — Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature… 2026-06-09 CVE-2026-47281 CRITICAL 9.6 Visual Studio Code — Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a n… 2026-06-09 CVE-2026-47284 MEDIUM 6.5 Visual Studio Code — Exposure of sensitive information to an unauthorized actor in Visual Studio Code allows an unauthorized attack… 2026-06-09 CVE-2026-47287 MEDIUM 6.5 Visual Studio Code — Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform tampering over a netw… 2026-06-09 CVE-2026-47288 HIGH 7.1 Windows Server 2012 — Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjac… 2026-06-09 CVE-2026-47289 HIGH 8.8 Windows 10 Version 1607 — Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a net… 2026-06-09 CVE-2026-47291 CRITICAL 9.8 Windows 10 Version 1607 — Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a netw… 2026-06-09 CVE-2026-47292 HIGH 7.8 Visual Studio Code Mssql Extension — Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker… 2026-06-09 CVE-2026-47293 HIGH 7 Microsoft 365 Apps For Enterprise — Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally. 2026-06-09 CVE-2026-47298 HIGH 8 Microsoft Sharepoint Enterprise Server 2016 — Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a net… 2026-06-09 CVE-2026-47631 HIGH 8.1 Microsoft Exchange Server 2016 Cumulative Update 23 — Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Ser… 2026-06-09 CVE-2026-47634 HIGH 7.3 Microsoft Sharepoint Server 2019 — Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Share… 2026-06-09 CVE-2026-47635 HIGH 8.4 Microsoft Office Ltsc 2024 — Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attac… 2026-06-09 CVE-2026-47636 MEDIUM 5.4 Microsoft Sharepoint Enterprise Server 2016 — Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Share… 2026-06-09 CVE-2026-47637 MEDIUM 4.6 Microsoft Sharepoint Enterprise Server 2016 — Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Share… 2026-06-09 CVE-2026-47638 MEDIUM 4.6 Microsoft Sharepoint Enterprise Server 2016 — Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Share… 2026-06-09 CVE-2026-47639 MEDIUM 5.4 Microsoft Sharepoint Enterprise Server 2016 — Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Share… 2026-06-09 CVE-2026-47640 MEDIUM 4.6 Microsoft Sharepoint Enterprise Server 2016 — Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Share… 2026-06-09 CVE-2026-47641 MEDIUM 4.6 Microsoft Sharepoint Enterprise Server 2016 — Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Share… 2026-06-09 CVE-2026-47643 CRITICAL 9.8 Azure Stack Edge — External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over… 2026-06-09 CVE-2026-47648 HIGH 7 Windows 10 Version 1607 — Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally. 2026-06-09 CVE-2026-47652 HIGH 8.2 Windows 11 Version 23h2 — Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally. 2026-06-09 CVE-2026-47653 HIGH 8.8 Windows 10 Version 1607 — Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a net… 2026-06-09 CVE-2026-47654 HIGH 7.5 Windows Server 2016 — Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a net… 2026-06-09 CVE-2026-47656 HIGH 7.9 Windows 10 Version 1607 — Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security featur… 2026-06-09 CVE-2026-48560 MEDIUM 5.4 Microsoft Sharepoint Enterprise Server 2016 — Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Share… 2026-06-09 CVE-2026-48562 MEDIUM 4.6 Microsoft Sharepoint Enterprise Server 2016 — Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Share… 2026-06-09 CVE-2026-48563 HIGH 7.5 Windows 10 Version 1809 — Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a net… 2026-06-09 CVE-2026-48565 HIGH 7.8 Windows Narrator Braille — Untrusted search path in Windows Narrator Braille allows an authorized attacker to elevate privileges locally. 2026-06-09 CVE-2026-48566 MEDIUM 5.5 Windows 11 Version 24h2 — Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally. 2026-06-09 CVE-2026-48568 HIGH 7.9 Windows 10 Version 1607 — Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature… 2026-06-09 CVE-2026-48569 HIGH 7.1 Visual Studio Code — Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature l… 2026-06-09 CVE-2026-48570 HIGH 7.9 Windows 10 Version 1607 — Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature… 2026-06-09 CVE-2026-48573 HIGH 7.9 Windows 10 Version 1607 — Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature… 2026-06-09 CVE-2026-48574 HIGH 7.8 Windows 10 Version 1607 — Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally. 2026-06-09 CVE-2026-48575 HIGH 7.9 Windows 10 Version 1607 — Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature… 2026-06-09 CVE-2026-48576 HIGH 7.9 Windows 10 Version 1607 — Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature… 2026-06-09 CVE-2026-48578 HIGH 7.9 Windows 10 Version 1607 — Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature… 2026-06-09 CVE-2026-48583 HIGH 7.8 Windows 10 Version 1607 — Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. 2026-06-09 CVE-2026-49160 HIGH 7.5 Windows 10 Version 1607 — Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network. 2026-06-09 CVE-2026-49161 HIGH 7.8 Microsoft Pc Manager — Improper access control in Microsoft PC Manager allows an authorized attacker to bypass a security feature loc… 2026-06-09 CVE-2026-50507 MEDIUM 6.8 Windows 10 Version 1607 — Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature… 2026-06-09 CVE-2026-50508 MEDIUM 6.5 Windows 10 Version 1607 — Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to … 2026-06-09 CVE-2026-50511 HIGH 7.8 Microsoft Pc Manager — Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized at… 2026-06-09 CVE-2026-50512 HIGH 7.8 Microsoft Pc Manager — Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized at… 2026-06-09 CVE-2026-42824 MEDIUM 6.5 Microsoft 365 Copilot — Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose infor… 2026-06-04 CVE-2026-45497 HIGH 7.7 Microsoft 365 Copilot — Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allow… 2026-06-04 CVE-2026-47644 MEDIUM 6.5 Copilot Chat (Microsoft Edge) — Improper neutralization of special elements in output used by a downstream component ('injection') in Copilot … 2026-06-04 CVE-2026-47655 MEDIUM 6.5 Microsoft Graph — Exposure of sensitive information to an unauthorized actor in Microsoft Graph allows an authorized attacker to… 2026-06-04 CVE-2026-48567 CRITICAL 10 Azure Horizondb — Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges ove… 2026-06-04 CVE-2026-48579 CRITICAL 9.1 Microsoft Exchange Online — Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information ov… 2026-06-04 CVE-2026-47294 HIGH 8 Microsoft Sharepoint Enterprise Server 2016 — Improper neutralization of special elements used in an os command ('os command injection') in Microsoft Office… 2026-06-01 CVE-2026-45322 HIGH 7.8 Ufo — Microsoft UFO open-source framework for intelligent automation across devices and platforms. Microsoft UFO tag… 2026-05-27 CVE-2026-46402 HIGH 8.1 Ufo — Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626… 2026-05-27 CVE-2026-46414 HIGH 8.8 Ufo — Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626… 2026-05-27 CVE-2026-46416 MEDIUM 6.3 Ufo — Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626… 2026-05-27 CVE-2026-46538 MEDIUM 5.9 Ufo — Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626… 2026-05-27 CVE-2026-46544 MEDIUM 5.3 Ufo — Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626… 2026-05-27 CVE-2026-23652 CRITICAL 10 Microsoft Power Pages — Improper neutralization of special elements used in a command ('command injection') in Microsoft Power Pages a… 2026-05-22 CVE-2026-23663 HIGH 7.5 Microsoft Global Secure Access (Gsa) — Improper privilege management in Azure Entra ID allows an unauthorized attacker to elevate privileges over a n… 2026-05-22 CVE-2026-26147 HIGH 7.7 Azure Stack Hci — Improper input validation in Azure Compute Gallery allows an authorized attacker to disclose information over … 2026-05-22 CVE-2026-33843 CRITICAL 9.1 Microsoft Entra — Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an una… 2026-05-22 CVE-2026-35430 HIGH 8.8 Azure Privileged Identity Management (Pim) — Authorization bypass through user-controlled key in Azure Privileged Identity Management (PIM) allows an autho… 2026-05-22 CVE-2026-40411 CRITICAL 9.9 Azure Virtual Network Gateway — Improper input validation in Azure Virtual Network Gateway allows an authorized attacker to execute code over … 2026-05-22 CVE-2026-40412 CRITICAL 10 Azure Orbital Spatio — Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to exe… 2026-05-22 CVE-2026-41090 CRITICAL 9.3 Microsoft 365 Copilot For Ios — Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allow… 2026-05-22 CVE-2026-41104 CRITICAL 10 Microsoft Planetary Computer Pro (Geocatalog) — Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an unauthorized attacker to discl… 2026-05-22 CVE-2026-42827 MEDIUM 6.5 Microsoft 365 Copilot — Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an … 2026-05-22 CVE-2026-42901 CRITICAL 10 Microsoft Entra — Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a net… 2026-05-22 CVE-2026-45659 HIGH 8.8 Microsoft Sharepoint Enterprise Server 2016 — Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code…● exploited 2026-05-22 CVE-2026-47280 CRITICAL 10 Azure Resource Manager — Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate privileges … 2026-05-22 CVE-2026-41091 HIGH 7.8 Microsoft Malware Protection Engine — Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized atta…● exploited 2026-05-20 CVE-2026-42834 HIGH 7.8 Windows Admin Center In Azure Portal — Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a net… 2026-05-20 CVE-2026-45498 MEDIUM 4 Microsoft Defender Antimalware Platform — Microsoft Defender Denial of Service Vulnerability● exploited 2026-05-20 CVE-2026-45584 HIGH 8.1 Microsoft Malware Protection Engine — Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a networ… 2026-05-20 CVE-2026-45585 MEDIUM 6.8 Windows 11 Version 24h2 — Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowK…● PoC 2026-05-19 CVE-2026-42822 CRITICAL 10 Azure Local — Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate priv… 2026-05-18 CVE-2026-45492 MEDIUM 5.4 Microsoft Edge (Chromium Based) — Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a secur… 2026-05-18 CVE-2026-45494 MEDIUM 5.4 Microsoft Edge (Chromium Based) — Microsoft Edge (Chromium-based) Spoofing Vulnerability 2026-05-18 CVE-2026-45495 HIGH 8.8 Microsoft Edge (Chromium Based) — Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability 2026-05-18