Microsoft
250 CVEsCVE IDSeverityProduct / summaryPublished
CVE-2026-50521
HIGH 8.3
Microsoft Edge (Chromium Based) — Use after free in Microsoft Edge (Chromium-based) allows an authorized attacker to execute code over a network…
2026-07-01
CVE-2026-49451
HIGH 7.5
Openapi.Net — The OpenAPI.NET SDK contains a useful object model for OpenAPI documents in .NET along with common serializers…
2026-06-30
CVE-2026-32208
HIGH 8.8
Microsoft Edge (Chromium Based) — Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Entra ID all…
2026-06-19
CVE-2026-42895
MEDIUM 6.5
Microsoft 365 Copilot — Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allow…
2026-06-19
CVE-2026-45480
CRITICAL 10
Azure Active Directory — Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a…
2026-06-19
CVE-2026-47645
HIGH 8.8
Microsoft 365 Copilot — Url redirection to untrusted site ('open redirect') in Microsoft 365 Copilot's Business Chat allows an unautho…
2026-06-19
CVE-2026-48582
CRITICAL 9.6
Microsoft Exchange Online — Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a …
2026-06-19
CVE-2026-48584
CRITICAL 9.9
Azure Synapse — Execution with unnecessary privileges in Azure Synapse allows an authorized attacker to elevate privileges ove…
2026-06-19
CVE-2026-49336
MEDIUM 5.5
Kiota Typescript — @microsoft/kiota-http-fetchlibrary provides TypeScript libraries for Kiota-generated API clients. In versions …
2026-06-19
CVE-2026-50519
MEDIUM 6.5
Github Copilot Chat — Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unaut…
2026-06-19
CVE-2026-32174
HIGH 7.7
Azure Ai Bot Service — Improper authentication in Azure Bot Service allows an authorized attacker to elevate privileges over a networ…
2026-06-18
CVE-2026-47633
HIGH 7.5
Microsoft Cost Management — Exposure of sensitive information to an unauthorized actor in Cost Management Interactive Experiences allows a…
2026-06-18
CVE-2026-47647
CRITICAL 9.9
Microsoft Dynamics 365 — Improper access control in Microsoft Dynamics 365 allows an authorized attacker to elevate privileges over a n…
2026-06-18
CVE-2026-54130
CRITICAL 9.8
Microsoft 365 Copilot — Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose infor…
2026-06-18
CVE-2026-50656
HIGH 7.8
Microsoft Malware Protection Engine — Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defend…● PoC
2026-06-16
CVE-2026-26142
CRITICAL 9.8
Nuance Powerscribe 360 4.0 — Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute code over a…
2026-06-09
CVE-2026-32193
HIGH 8.8
Azure Kubernetes Service — Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Azure Kubernetes S…
2026-06-09
CVE-2026-33113
MEDIUM 5.4
Microsoft Sharepoint Enterprise Server 2016 — Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Share…
2026-06-09
CVE-2026-33828
HIGH 7.8
Windows 10 Version 1607 — Trust boundary violation in Windows Attestation allows an authorized attacker to elevate privileges locally.
2026-06-09
CVE-2026-34335
HIGH 7
Windows 10 Version 1607 — Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privi…
2026-06-09
CVE-2026-40371
HIGH 8.8
Microsoft Dynamics 365 (On Premises) Version 9.1 — Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 (on-premises) allows an …
2026-06-09
CVE-2026-40376
HIGH 7.5
Visual Studio Code — Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a n…
2026-06-09
CVE-2026-40404
HIGH 7.8
Windows 10 Version 1607 — Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
2026-06-09
CVE-2026-40409
HIGH 7.8
Windows 10 Version 1607 — Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
2026-06-09
CVE-2026-41092
HIGH 7.8
Windows 10 Version 1607 — Improper access control in Microsoft Kinect allows an authorized attacker to elevate privileges locally.
2026-06-09
CVE-2026-41098
HIGH 8.4
Azure Stack Edge — Improper neutralization of input during web page generation ('cross-site scripting') in Azure Stack Edge allow…
2026-06-09
CVE-2026-41108
HIGH 7
Windows 10 Version 1607 — Heap-based buffer overflow in Microsoft Windows DNS allows an authorized attacker to elevate privileges locall…
2026-06-09
CVE-2026-42828
HIGH 7.8
Windows 10 Version 1809 — Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privi…
2026-06-09
CVE-2026-42829
HIGH 7.8
Windows 11 Version 24h2 — Improper access control in Windows Administrator Protection allows an authorized attacker to bypass a security…
2026-06-09
CVE-2026-42835
HIGH 8.1
Microsoft Teams For Android — Improper neutralization of special elements in output used by a downstream component ('injection') in Microsof…
2026-06-09
CVE-2026-42836
HIGH 7
Windows 10 Version 1607 — Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discov…
2026-06-09
CVE-2026-42837
HIGH 7.8
Windows 10 Version 1809 — Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privi…
2026-06-09
CVE-2026-42902
HIGH 7.8
Microsoft Powertoys — Improper authorization in Microsoft PowerToys allows an authorized attacker to elevate privileges locally.
2026-06-09
CVE-2026-42903
MEDIUM 6.5
Windows 10 Version 1607 — Null pointer dereference in Windows Kerberos allows an authorized attacker to deny service over a network.
2026-06-09
CVE-2026-42904
CRITICAL 9.6
Windows 10 Version 21h2 — Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adj…
2026-06-09
CVE-2026-42905
HIGH 7.8
Windows 10 Version 1607 — Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
2026-06-09
CVE-2026-42906
MEDIUM 5.5
Windows 10 Version 21h2 — Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to d…
2026-06-09
CVE-2026-42907
MEDIUM 6.5
Windows 10 Version 1809 — Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to d…
2026-06-09
CVE-2026-42908
HIGH 7.5
Windows 10 Version 1607 — Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.
2026-06-09
CVE-2026-42909
HIGH 7.5
Remote Desktop Client For Windows Desktop — Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a net…
2026-06-09
CVE-2026-42910
HIGH 7.8
Windows 11 Version 24h2 — Out-of-bounds write in Windows Hotpatch Monitoring Service allows an authorized attacker to elevate privileges…
2026-06-09
CVE-2026-42911
HIGH 7
Windows 10 Version 1607 — Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privi…
2026-06-09
CVE-2026-42912
HIGH 7
Windows 10 Version 1607 — Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Telepho…
2026-06-09
CVE-2026-42913
HIGH 7.5
Remote Desktop Client For Windows Desktop — Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a net…
2026-06-09
CVE-2026-42914
MEDIUM 5.3
Windows 10 Version 1607 — Windows Kerberos Denial of Service Vulnerability
2026-06-09
CVE-2026-42915
MEDIUM 5.5
Windows 10 Version 21h2 — Incorrect calculation of buffer size in Windows VMSwitch allows an authorized attacker to deny service locally…
2026-06-09
CVE-2026-42916
HIGH 7.8
Windows 10 Version 1607 — Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privil…
2026-06-09
CVE-2026-42968
MEDIUM 5.5
Windows 10 Version 1607 — Out-of-bounds read in Windows Telephony Service allows an authorized attacker to disclose information locally.
2026-06-09
CVE-2026-42969
MEDIUM 5.5
Windows 10 Version 1607 — Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose informat…
2026-06-09
CVE-2026-42970
MEDIUM 5.5
Windows 10 Version 1607 — Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose informat…
2026-06-09
CVE-2026-42971
MEDIUM 5.5
Windows 10 Version 1607 — Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose informat…
2026-06-09
CVE-2026-42972
MEDIUM 5.5
Windows 10 Version 1607 — Exposure of sensitive information to an unauthorized actor in Windows Hyper-V allows an authorized attacker to…
2026-06-09
CVE-2026-42973
MEDIUM 5.5
Windows 10 Version 1607 — Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose informat…
2026-06-09
CVE-2026-42974
HIGH 8.1
Windows 11 Version 23h2 — Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execu…
2026-06-09
CVE-2026-42977
HIGH 7.8
Windows 10 Version 1809 — Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push No…
2026-06-09
CVE-2026-42978
HIGH 7.8
Windows 10 Version 1809 — Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push No…
2026-06-09
CVE-2026-42979
HIGH 7.8
Windows 10 Version 1809 — Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push No…
2026-06-09
CVE-2026-42980
HIGH 7.8
Windows 10 Version 1607 — Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privil…
2026-06-09
CVE-2026-42981
HIGH 8.1
Windows 11 Version 23h2 — Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execu…
2026-06-09
CVE-2026-42983
HIGH 7.8
Windows 10 Version 1809 — Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
2026-06-09
CVE-2026-42984
HIGH 7
Windows 10 Version 1809 — Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
2026-06-09
CVE-2026-42985
HIGH 8.8
Remote Desktop Client For Windows Desktop — Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a net…
2026-06-09
CVE-2026-42986
HIGH 7.8
Windows 10 Version 1607 — Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
2026-06-09
CVE-2026-42987
HIGH 8.1
Windows Server 2012 — Use after free in Windows Deployment Services allows an unauthorized attacker to execute code over a network.
2026-06-09
CVE-2026-42989
HIGH 7.8
Windows 10 Version 1607 — Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to el…
2026-06-09
CVE-2026-42991
HIGH 7.8
Windows 10 Version 1809 — Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push No…
2026-06-09
CVE-2026-42992
HIGH 7.5
Windows 10 Version 1607 — Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a net…
2026-06-09
CVE-2026-42993
HIGH 7.5
Windows 10 Version 21h2 — Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a net…
2026-06-09
CVE-2026-44799
HIGH 7.5
Remote Desktop Client For Windows Desktop — Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a net…
2026-06-09
CVE-2026-44801
HIGH 7.5
Remote Desktop Client For Windows Desktop — Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a net…
2026-06-09
CVE-2026-44802
HIGH 7.8
Windows 10 Version 1809 — Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
2026-06-09
CVE-2026-44803
HIGH 7.8
Microsoft Excel For Android — Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locall…
2026-06-09
CVE-2026-44804
HIGH 7.8
Windows 11 Version 26h1 — Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
2026-06-09
CVE-2026-44805
MEDIUM 5.5
Windows Server 2019 — Use after free in Windows Network Controller (NC) Host Agent allows an authorized attacker to deny service loc…
2026-06-09
CVE-2026-44807
HIGH 7.8
Windows 11 Version 26h1 — Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
2026-06-09
CVE-2026-44808
HIGH 7.8
Windows 11 Version 26h1 — Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
2026-06-09
CVE-2026-44809
HIGH 7.8
Windows 11 Version 24h2 — Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges lo…
2026-06-09
CVE-2026-44810
HIGH 8.4
Windows 11 Version 23h2 — Improper authentication in Windows Cryptographic Services allows an unauthorized attacker to elevate privilege…
2026-06-09
CVE-2026-44811
HIGH 7.8
Windows 11 Version 26h1 — Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
2026-06-09
CVE-2026-44812
HIGH 7.8
Microsoft Excel For Android — Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locall…
2026-06-09
CVE-2026-44813
HIGH 7.8
Windows 11 Version 26h1 — Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
2026-06-09
CVE-2026-44814
MEDIUM 5.5
Windows 11 Version 26h1 — Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
2026-06-09
CVE-2026-44815
CRITICAL 9.8
Windows 10 Version 1607 — Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code over a netw…
2026-06-09
CVE-2026-44817
HIGH 7.8
Microsoft 365 Apps For Enterprise — Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute co…
2026-06-09
CVE-2026-44818
HIGH 7
Microsoft 365 Apps For Enterprise — Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute co…
2026-06-09
CVE-2026-44819
HIGH 7.8
Microsoft 365 Apps For Enterprise — Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
2026-06-09
CVE-2026-44820
HIGH 7.8
Microsoft 365 Apps For Enterprise — Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute co…
2026-06-09
CVE-2026-44821
MEDIUM 5.5
Microsoft 365 Apps For Enterprise — Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
2026-06-09
CVE-2026-44822
HIGH 8.2
Microsoft 365 Apps For Enterprise — Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a ne…
2026-06-09
CVE-2026-44823
HIGH 7.8
Microsoft 365 Apps For Enterprise — Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute co…
2026-06-09
CVE-2026-44824
HIGH 7.8
Microsoft 365 Apps For Enterprise — Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
2026-06-09
CVE-2026-45453
MEDIUM 5.4
Microsoft Sharepoint Enterprise Server 2016 — Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Share…
2026-06-09
CVE-2026-45454
MEDIUM 6.5
Microsoft Sharepoint Enterprise Server 2016 — Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint …
2026-06-09
CVE-2026-45455
LOW 3.3
Microsoft 365 Apps For Enterprise — Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a ne…
2026-06-09
CVE-2026-45456
HIGH 8.4
Microsoft 365 Apps For Enterprise — Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attac…
2026-06-09
CVE-2026-45457
HIGH 7.8
Microsoft 365 Apps For Enterprise — Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally…
2026-06-09
CVE-2026-45458
HIGH 8.4
Microsoft 365 Apps For Enterprise — Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attac…
2026-06-09
CVE-2026-45459
LOW 3.3
Microsoft 365 Apps For Enterprise — Protection mechanism failure in Microsoft Office Excel allows an unauthorized attacker to bypass a security fe…
2026-06-09
CVE-2026-45460
MEDIUM 4.7
Microsoft 365 Apps For Enterprise — Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
2026-06-09
CVE-2026-45461
HIGH 8.4
Microsoft 365 Apps For Enterprise — Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
2026-06-09
CVE-2026-45462
MEDIUM 4.6
Microsoft Sharepoint Enterprise Server 2016 — Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Share…
2026-06-09
CVE-2026-45463
HIGH 8.4
Microsoft 365 Apps For Enterprise — Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
2026-06-09
CVE-2026-45464
MEDIUM 5.4
Microsoft Sharepoint Enterprise Server 2016 — Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Share…
2026-06-09
CVE-2026-45465
MEDIUM 5.4
Microsoft Sharepoint Enterprise Server 2016 — Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Share…
2026-06-09
CVE-2026-45466
LOW 3.3
Microsoft 365 Apps For Enterprise — Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to disclose information lo…
2026-06-09
CVE-2026-45467
MEDIUM 4.6
Microsoft Sharepoint Enterprise Server 2016 — Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Share…
2026-06-09
CVE-2026-45468
MEDIUM 4.6
Microsoft Sharepoint Enterprise Server 2016 — Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Share…
2026-06-09
CVE-2026-45469
HIGH 7.8
Microsoft 365 Apps For Enterprise — Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute co…
2026-06-09
CVE-2026-45471
HIGH 7.8
Microsoft 365 Apps For Enterprise — Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally…
2026-06-09
CVE-2026-45472
HIGH 8.4
Microsoft 365 Apps For Enterprise — Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
2026-06-09
CVE-2026-45474
HIGH 8.4
Microsoft 365 Apps For Enterprise — Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
2026-06-09
CVE-2026-45475
HIGH 7.8
Microsoft 365 Apps For Enterprise — Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
2026-06-09
CVE-2026-45476
HIGH 8.2
Linux Kernel Microsoft Mana Network Driver — Use after free in Linux MANA Driver allows an authorized attacker to elevate privileges locally.
2026-06-09
CVE-2026-45479
MEDIUM 4.6
Microsoft Sharepoint Enterprise Server 2016 — Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Share…
2026-06-09
CVE-2026-45481
HIGH 7.3
Microsoft Sharepoint Enterprise Server 2016 — Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Share…
2026-06-09
CVE-2026-45482
HIGH 8.4
Microsoft Visual Studio Code Copilot Chat Extension — Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unaut…
2026-06-09
CVE-2026-45483
MEDIUM 4.6
Microsoft Sharepoint Enterprise Server 2016 — Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Proje…
2026-06-09
CVE-2026-45484
HIGH 8.8
Microsoft Sharepoint Enterprise Server 2016 — Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to elevate priv…
2026-06-09
CVE-2026-45485
LOW 3.3
Microsoft 365 Apps For Enterprise — Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
2026-06-09
CVE-2026-45486
HIGH 7.8
Microsoft 365 Apps For Enterprise — Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally…
2026-06-09
CVE-2026-45487
HIGH 7.8
Windows 10 Version 21h2 — Time-of-check time-of-use (TOCTOU) race condition in Program Compatibility Assistant Service allows an authori…
2026-06-09
CVE-2026-45490
HIGH 7.8
.Net 10.0 — Improper authorization in .NET allows an authorized attacker to elevate privileges locally.
2026-06-09
CVE-2026-45491
MEDIUM 6.2
.Net 10.0 — Improper link resolution before file access ('link following') in .NET allows an unauthorized attacker to perf…
2026-06-09
CVE-2026-45500
MEDIUM 6.1
Microsoft Exchange Server 2016 Cumulative Update 23 — Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Ser…
2026-06-09
CVE-2026-45501
MEDIUM 6.5
Microsoft Exchange Server 2016 Cumulative Update 23 — Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Ser…
2026-06-09
CVE-2026-45502
MEDIUM 5
Microsoft Exchange Server 2016 Cumulative Update 23 — Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose info…
2026-06-09
CVE-2026-45503
HIGH 8.1
Microsoft Exchange Server 2016 Cumulative Update 23 — Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose info…
2026-06-09
CVE-2026-45504
HIGH 8.8
Microsoft Exchange Server 2016 Cumulative Update 23 — Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to elevate privi…
2026-06-09
CVE-2026-45583
HIGH 7.5
Microsoft Exchange Server 2016 Cumulative Update 23 — Improper control of generation of code ('code injection') in Microsoft Exchange Server allows an unauthorized …
2026-06-09
CVE-2026-45586
HIGH 7.8
Windows 10 Version 1607 — Improper link resolution before file access ('link following') in Windows Collaborative Translation Framework …
2026-06-09
CVE-2026-45588
HIGH 7.9
Windows 10 Version 1607 — Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature…
2026-06-09
CVE-2026-45591
HIGH 7.5
.Net 10.0 — Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a netwo…
2026-06-09
CVE-2026-45592
HIGH 7.8
Windows 10 Version 1607 — Integer overflow or wraparound in Windows Internet (wininet.dll) allows an authorized attacker to elevate priv…
2026-06-09
CVE-2026-45593
HIGH 7.8
Windows 10 Version 1809 — Use after free in Windows SDK allows an authorized attacker to elevate privileges locally.
2026-06-09
CVE-2026-45594
MEDIUM 5.5
Windows 10 Version 1607 — Exposure of sensitive information to an unauthorized actor in Windows Application Identity (AppID) Subsystem a…
2026-06-09
CVE-2026-45595
MEDIUM 5.4
Windows 10 Version 1607 — Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a sec…
2026-06-09
CVE-2026-45596
HIGH 7
Windows 10 Version 1607 — Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privi…
2026-06-09
CVE-2026-45597
HIGH 7
Windows 11 Version 23h2 — Concurrent execution using shared resource with improper synchronization ('race condition') in UI Automation M…
2026-06-09
CVE-2026-45598
HIGH 7
Windows 10 Version 1607 — Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privi…
2026-06-09
CVE-2026-45599
HIGH 8.1
Windows 10 Version 1607 — Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a ne…
2026-06-09
CVE-2026-45600
HIGH 7.8
Windows 11 Version 24h2 — Access of resource using incompatible type ('type confusion') in Windows Kernel-Mode Drivers allows an authori…
2026-06-09
CVE-2026-45601
HIGH 7
Windows 10 Version 1607 — Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privi…
2026-06-09
CVE-2026-45602
CRITICAL 9.1
Windows 10 Version 1607 — No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a netwo…
2026-06-09
CVE-2026-45603
HIGH 7
Windows 10 Version 1607 — Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privi…
2026-06-09
CVE-2026-45604
MEDIUM 5.5
Windows 11 Version 23h2 — Out-of-bounds read in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose…
2026-06-09
CVE-2026-45605
HIGH 7.8
Windows 10 Version 1607 — Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
2026-06-09
CVE-2026-45606
MEDIUM 5.5
Windows 10 Version 1607 — Out-of-bounds read in Microsoft UxTheme Library (uxtheme.dll) allows an authorized attacker to deny service lo…
2026-06-09
CVE-2026-45607
HIGH 8.4
Windows 10 Version 1607 — Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
2026-06-09
CVE-2026-45608
MEDIUM 6.8
Windows 10 Version 1607 — Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.
2026-06-09
CVE-2026-45634
MEDIUM 5.5
Windows 10 Version 1607 — Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.
2026-06-09
CVE-2026-45635
HIGH 8.1
Windows 10 Version 1607 — Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a ne…
2026-06-09
CVE-2026-45636
HIGH 7.8
Windows 10 Version 1607 — Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
2026-06-09
CVE-2026-45637
HIGH 7.8
Windows 10 Version 1809 — Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
2026-06-09
CVE-2026-45638
HIGH 7.8
Windows 10 Version 1607 — Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to e…
2026-06-09
CVE-2026-45639
HIGH 7.5
Remote Desktop Client For Windows Desktop — Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.
2026-06-09
CVE-2026-45640
HIGH 7
Windows 10 Version 21h2 — Use after free in Windows Bluetooth Port Driver allows an authorized attacker to elevate privileges locally.
2026-06-09
CVE-2026-45641
HIGH 8.4
Windows 10 Version 21h2 — Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
2026-06-09
CVE-2026-45642
LOW 3.9
Windows 10 Version 1607 — Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows …
2026-06-09
CVE-2026-45643
HIGH 7.8
Microsoft 365 Apps For Enterprise — Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally…
2026-06-09
CVE-2026-45644
HIGH 8
Microsoft Live Share Canvas Sdk — Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Live Share C…
2026-06-09
CVE-2026-45645
HIGH 7.8
Microsoft 365 Apps For Enterprise — Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
2026-06-09
CVE-2026-45647
MEDIUM 5.5
Microsoft Defender For Endpoint For Mac — Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Endpoint allows an authorized atta…
2026-06-09
CVE-2026-45648
HIGH 8.8
Windows Server 2022 — Stack-based buffer overflow in Active Directory Domain Services allows an authorized attacker to execute code …
2026-06-09
CVE-2026-45649
HIGH 7.1
Microsoft Excel For Android — Improper access control in Office for Android allows an unauthorized attacker to perform spoofing locally.
2026-06-09
CVE-2026-45650
MEDIUM 4.3
Microsoft Bing Search For Android — User interface (ui) misrepresentation of critical information in Microsoft Bing allows an unauthorized attacke…
2026-06-09
CVE-2026-45653
HIGH 7
Windows 10 Version 1607 — Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
2026-06-09
CVE-2026-45654
HIGH 7.9
Windows 11 Version 24h2 — Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature…
2026-06-09
CVE-2026-45655
MEDIUM 5.3
Windows 10 Version 1607 — Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature…
2026-06-09
CVE-2026-45656
HIGH 7.8
Windows 10 Version 1607 — Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locall…
2026-06-09
CVE-2026-45657
CRITICAL 9.8
Windows 11 Version 23h2 — Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network.
2026-06-09
CVE-2026-45658
HIGH 7.8
Windows 10 Version 1607 — Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature…
2026-06-09
CVE-2026-47281
CRITICAL 9.6
Visual Studio Code — Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a n…
2026-06-09
CVE-2026-47284
MEDIUM 6.5
Visual Studio Code — Exposure of sensitive information to an unauthorized actor in Visual Studio Code allows an unauthorized attack…
2026-06-09
CVE-2026-47287
MEDIUM 6.5
Visual Studio Code — Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform tampering over a netw…
2026-06-09
CVE-2026-47288
HIGH 7.1
Windows Server 2012 — Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjac…
2026-06-09
CVE-2026-47289
HIGH 8.8
Windows 10 Version 1607 — Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a net…
2026-06-09
CVE-2026-47291
CRITICAL 9.8
Windows 10 Version 1607 — Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a netw…
2026-06-09
CVE-2026-47292
HIGH 7.8
Visual Studio Code Mssql Extension — Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker…
2026-06-09
CVE-2026-47293
HIGH 7
Microsoft 365 Apps For Enterprise — Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
2026-06-09
CVE-2026-47298
HIGH 8
Microsoft Sharepoint Enterprise Server 2016 — Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a net…
2026-06-09
CVE-2026-47631
HIGH 8.1
Microsoft Exchange Server 2016 Cumulative Update 23 — Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Ser…
2026-06-09
CVE-2026-47634
HIGH 7.3
Microsoft Sharepoint Server 2019 — Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Share…
2026-06-09
CVE-2026-47635
HIGH 8.4
Microsoft Office Ltsc 2024 — Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attac…
2026-06-09
CVE-2026-47636
MEDIUM 5.4
Microsoft Sharepoint Enterprise Server 2016 — Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Share…
2026-06-09
CVE-2026-47637
MEDIUM 4.6
Microsoft Sharepoint Enterprise Server 2016 — Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Share…
2026-06-09
CVE-2026-47638
MEDIUM 4.6
Microsoft Sharepoint Enterprise Server 2016 — Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Share…
2026-06-09
CVE-2026-47639
MEDIUM 5.4
Microsoft Sharepoint Enterprise Server 2016 — Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Share…
2026-06-09
CVE-2026-47640
MEDIUM 4.6
Microsoft Sharepoint Enterprise Server 2016 — Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Share…
2026-06-09
CVE-2026-47641
MEDIUM 4.6
Microsoft Sharepoint Enterprise Server 2016 — Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Share…
2026-06-09
CVE-2026-47643
CRITICAL 9.8
Azure Stack Edge — External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over…
2026-06-09
CVE-2026-47648
HIGH 7
Windows 10 Version 1607 — Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.
2026-06-09
CVE-2026-47652
HIGH 8.2
Windows 11 Version 23h2 — Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
2026-06-09
CVE-2026-47653
HIGH 8.8
Windows 10 Version 1607 — Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a net…
2026-06-09
CVE-2026-47654
HIGH 7.5
Windows Server 2016 — Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a net…
2026-06-09
CVE-2026-47656
HIGH 7.9
Windows 10 Version 1607 — Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security featur…
2026-06-09
CVE-2026-48560
MEDIUM 5.4
Microsoft Sharepoint Enterprise Server 2016 — Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Share…
2026-06-09
CVE-2026-48562
MEDIUM 4.6
Microsoft Sharepoint Enterprise Server 2016 — Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Share…
2026-06-09
CVE-2026-48563
HIGH 7.5
Windows 10 Version 1809 — Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a net…
2026-06-09
CVE-2026-48565
HIGH 7.8
Windows Narrator Braille — Untrusted search path in Windows Narrator Braille allows an authorized attacker to elevate privileges locally.
2026-06-09
CVE-2026-48566
MEDIUM 5.5
Windows 11 Version 24h2 — Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
2026-06-09
CVE-2026-48568
HIGH 7.9
Windows 10 Version 1607 — Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature…
2026-06-09
CVE-2026-48569
HIGH 7.1
Visual Studio Code — Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature l…
2026-06-09
CVE-2026-48570
HIGH 7.9
Windows 10 Version 1607 — Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature…
2026-06-09
CVE-2026-48573
HIGH 7.9
Windows 10 Version 1607 — Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature…
2026-06-09
CVE-2026-48574
HIGH 7.8
Windows 10 Version 1607 — Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.
2026-06-09
CVE-2026-48575
HIGH 7.9
Windows 10 Version 1607 — Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature…
2026-06-09
CVE-2026-48576
HIGH 7.9
Windows 10 Version 1607 — Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature…
2026-06-09
CVE-2026-48578
HIGH 7.9
Windows 10 Version 1607 — Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature…
2026-06-09
CVE-2026-48583
HIGH 7.8
Windows 10 Version 1607 — Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
2026-06-09
CVE-2026-49160
HIGH 7.5
Windows 10 Version 1607 — Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.
2026-06-09
CVE-2026-49161
HIGH 7.8
Microsoft Pc Manager — Improper access control in Microsoft PC Manager allows an authorized attacker to bypass a security feature loc…
2026-06-09
CVE-2026-50507
MEDIUM 6.8
Windows 10 Version 1607 — Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature…
2026-06-09
CVE-2026-50508
MEDIUM 6.5
Windows 10 Version 1607 — Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to …
2026-06-09
CVE-2026-50511
HIGH 7.8
Microsoft Pc Manager — Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized at…
2026-06-09
CVE-2026-50512
HIGH 7.8
Microsoft Pc Manager — Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized at…
2026-06-09
CVE-2026-42824
MEDIUM 6.5
Microsoft 365 Copilot — Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose infor…
2026-06-04
CVE-2026-45497
HIGH 7.7
Microsoft 365 Copilot — Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allow…
2026-06-04
CVE-2026-47644
MEDIUM 6.5
Copilot Chat (Microsoft Edge) — Improper neutralization of special elements in output used by a downstream component ('injection') in Copilot …
2026-06-04
CVE-2026-47655
MEDIUM 6.5
Microsoft Graph — Exposure of sensitive information to an unauthorized actor in Microsoft Graph allows an authorized attacker to…
2026-06-04
CVE-2026-48567
CRITICAL 10
Azure Horizondb — Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges ove…
2026-06-04
CVE-2026-48579
CRITICAL 9.1
Microsoft Exchange Online — Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information ov…
2026-06-04
CVE-2026-47294
HIGH 8
Microsoft Sharepoint Enterprise Server 2016 — Improper neutralization of special elements used in an os command ('os command injection') in Microsoft Office…
2026-06-01
CVE-2026-45322
HIGH 7.8
Ufo — Microsoft UFO open-source framework for intelligent automation across devices and platforms. Microsoft UFO tag…
2026-05-27
CVE-2026-46402
HIGH 8.1
Ufo — Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626…
2026-05-27
CVE-2026-46414
HIGH 8.8
Ufo — Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626…
2026-05-27
CVE-2026-46416
MEDIUM 6.3
Ufo — Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626…
2026-05-27
CVE-2026-46538
MEDIUM 5.9
Ufo — Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626…
2026-05-27
CVE-2026-46544
MEDIUM 5.3
Ufo — Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626…
2026-05-27
CVE-2026-23652
CRITICAL 10
Microsoft Power Pages — Improper neutralization of special elements used in a command ('command injection') in Microsoft Power Pages a…
2026-05-22
CVE-2026-23663
HIGH 7.5
Microsoft Global Secure Access (Gsa) — Improper privilege management in Azure Entra ID allows an unauthorized attacker to elevate privileges over a n…
2026-05-22
CVE-2026-26147
HIGH 7.7
Azure Stack Hci — Improper input validation in Azure Compute Gallery allows an authorized attacker to disclose information over …
2026-05-22
CVE-2026-33843
CRITICAL 9.1
Microsoft Entra — Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an una…
2026-05-22
CVE-2026-35430
HIGH 8.8
Azure Privileged Identity Management (Pim) — Authorization bypass through user-controlled key in Azure Privileged Identity Management (PIM) allows an autho…
2026-05-22
CVE-2026-40411
CRITICAL 9.9
Azure Virtual Network Gateway — Improper input validation in Azure Virtual Network Gateway allows an authorized attacker to execute code over …
2026-05-22
CVE-2026-40412
CRITICAL 10
Azure Orbital Spatio — Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to exe…
2026-05-22
CVE-2026-41090
CRITICAL 9.3
Microsoft 365 Copilot For Ios — Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allow…
2026-05-22
CVE-2026-41104
CRITICAL 10
Microsoft Planetary Computer Pro (Geocatalog) — Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an unauthorized attacker to discl…
2026-05-22
CVE-2026-42827
MEDIUM 6.5
Microsoft 365 Copilot — Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an …
2026-05-22
CVE-2026-42901
CRITICAL 10
Microsoft Entra — Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a net…
2026-05-22
CVE-2026-45659
HIGH 8.8
Microsoft Sharepoint Enterprise Server 2016 — Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code…● exploited
2026-05-22
CVE-2026-47280
CRITICAL 10
Azure Resource Manager — Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate privileges …
2026-05-22
CVE-2026-41091
HIGH 7.8
Microsoft Malware Protection Engine — Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized atta…● exploited
2026-05-20
CVE-2026-42834
HIGH 7.8
Windows Admin Center In Azure Portal — Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a net…
2026-05-20
CVE-2026-45498
MEDIUM 4
Microsoft Defender Antimalware Platform — Microsoft Defender Denial of Service Vulnerability● exploited
2026-05-20
CVE-2026-45584
HIGH 8.1
Microsoft Malware Protection Engine — Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a networ…
2026-05-20
CVE-2026-45585
MEDIUM 6.8
Windows 11 Version 24h2 — Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowK…● PoC
2026-05-19
CVE-2026-42822
CRITICAL 10
Azure Local — Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate priv…
2026-05-18
CVE-2026-45492
MEDIUM 5.4
Microsoft Edge (Chromium Based) — Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a secur…
2026-05-18
CVE-2026-45494
MEDIUM 5.4
Microsoft Edge (Chromium Based) — Microsoft Edge (Chromium-based) Spoofing Vulnerability
2026-05-18
CVE-2026-45495
HIGH 8.8
Microsoft Edge (Chromium Based) — Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
2026-05-18