| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-47653 | Hig | 0.57 | 8.8 | 0.01 | Jun 9, 2026 | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-47652 | Hig | 0.53 | 8.2 | 0.00 | Jun 9, 2026 | Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-47648 | Hig | 0.45 | 7.0 | 0.00 | Jun 9, 2026 | Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-47643 | Cri | 0.64 | 9.8 | 0.01 | Jun 9, 2026 | External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-47641 | Med | 0.30 | 4.6 | 0.01 | Jun 9, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | ||
| CVE-2026-47640 | Med | 0.30 | 4.6 | 0.01 | Jun 9, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | ||
| CVE-2026-47639 | Med | 0.35 | 5.4 | 0.01 | Jun 9, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | ||
| CVE-2026-47638 | Med | 0.30 | 4.6 | 0.01 | Jun 9, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | ||
| CVE-2026-47637 | Med | 0.30 | 4.6 | 0.01 | Jun 9, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | ||
| CVE-2026-47636 | Med | 0.35 | 5.4 | 0.01 | Jun 9, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | ||
| CVE-2026-47635 | Hig | 0.55 | 8.4 | 0.00 | Jun 9, 2026 | Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-47634 | Hig | 0.47 | 7.3 | 0.01 | Jun 9, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | ||
| CVE-2026-47631 | Hig | 0.53 | 8.1 | 0.00 | Jun 9, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | ||
| CVE-2026-47298 | Hig | 0.52 | 8.0 | 0.01 | Jun 9, 2026 | Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||
| CVE-2026-47293 | Hig | 0.45 | 7.0 | 0.00 | Jun 9, 2026 | Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-47292 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally. | ||
| CVE-2026-47291 | Cri | 0.64 | 9.8 | 0.22 | Jun 9, 2026 | Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-47289 | Hig | 0.57 | 8.8 | 0.01 | Jun 9, 2026 | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-47288 | Hig | 0.46 | 7.1 | 0.01 | Jun 9, 2026 | Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network. | ||
| CVE-2026-47287 | Med | 0.42 | 6.5 | 0.01 | Jun 9, 2026 | Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform tampering over a network. | ||
| CVE-2026-47284 | Med | 0.42 | 6.5 | 0.01 | Jun 9, 2026 | Exposure of sensitive information to an unauthorized actor in Visual Studio Code allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2026-47281 | Cri | 0.62 | 9.6 | 0.01 | Jun 9, 2026 | Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network. | ||
| CVE-2026-46492 | Hig | 0.40 | 7.2 | 0.00 | Jun 9, 2026 | md-fileserver allows for local viewing of markdown files in a browser. Prior to version 1.10.3, a cross-site scripting (XSS) vulnerability exists in the application’s Markdown rendering logic. When user-supplied Markdown content is rendered, embedded raw HTML—including… | ||
| CVE-2026-45771 | Hig | 0.42 | 7.5 | 0.00 | Jun 9, 2026 | FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH's bundled XML parser expands nested <!ENTITY> declarations… | ||
| CVE-2026-45658 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | ||
| CVE-2026-45657 | Cri | 0.64 | 9.8 | 0.15 | Jun 9, 2026 | Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-45656 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally. | ||
| CVE-2026-45655 | Med | 0.34 | 5.3 | 0.00 | Jun 9, 2026 | Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | ||
| CVE-2026-45654 | Hig | 0.51 | 7.9 | 0.00 | Jun 9, 2026 | Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. | ||
| CVE-2026-45653 | Hig | 0.46 | 7.0 | 0.00 | Jun 9, 2026 | Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-45650 | Med | 0.28 | 4.3 | 0.01 | Jun 9, 2026 | User interface (ui) misrepresentation of critical information in Microsoft Bing allows an unauthorized attacker to perform spoofing over a network. | ||
| CVE-2026-45649 | Hig | 0.46 | 7.1 | 0.00 | Jun 9, 2026 | Improper access control in Office for Android allows an unauthorized attacker to perform spoofing locally. | ||
| CVE-2026-45648 | Hig | 0.57 | 8.8 | 0.01 | Jun 9, 2026 | Stack-based buffer overflow in Active Directory Domain Services allows an authorized attacker to execute code over a network. | ||
| CVE-2026-45647 | Med | 0.36 | 5.5 | 0.00 | Jun 9, 2026 | Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-45645 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-45644 | Hig | 0.52 | 8.0 | 0.01 | Jun 9, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Live Share Canvas SDK allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2026-45643 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-45642 | Low | 0.25 | 3.9 | 0.00 | Jun 9, 2026 | Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack. | ||
| CVE-2026-45641 | Hig | 0.55 | 8.4 | 0.00 | Jun 9, 2026 | Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-45640 | Hig | 0.46 | 7.0 | 0.00 | Jun 9, 2026 | Use after free in Windows Bluetooth Port Driver allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-45639 | Hig | 0.49 | 7.5 | 0.01 | Jun 9, 2026 | Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2026-45638 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-45637 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-45636 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-45635 | Hig | 0.53 | 8.1 | 0.01 | Jun 9, 2026 | Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-45634 | Med | 0.36 | 5.5 | 0.00 | Jun 9, 2026 | Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally. | ||
| CVE-2026-45608 | Med | 0.44 | 6.8 | 0.00 | Jun 9, 2026 | Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally. | ||
| CVE-2026-45607 | Hig | 0.55 | 8.4 | 0.00 | Jun 9, 2026 | Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-45606 | Med | 0.36 | 5.5 | 0.00 | Jun 9, 2026 | Out-of-bounds read in Microsoft UxTheme Library (uxtheme.dll) allows an authorized attacker to deny service locally. | ||
| CVE-2026-45605 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. |
- risk 0.57cvss 8.8epss 0.01
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
- risk 0.53cvss 8.2epss 0.00
Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
- risk 0.45cvss 7.0epss 0.00
Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.
- risk 0.64cvss 9.8epss 0.01
External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network.
- risk 0.30cvss 4.6epss 0.01
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
- risk 0.30cvss 4.6epss 0.01
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
- risk 0.35cvss 5.4epss 0.01
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
- risk 0.30cvss 4.6epss 0.01
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
- risk 0.30cvss 4.6epss 0.01
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
- risk 0.35cvss 5.4epss 0.01
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
- risk 0.55cvss 8.4epss 0.00
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.47cvss 7.3epss 0.01
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
- risk 0.53cvss 8.1epss 0.00
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
- risk 0.52cvss 8.0epss 0.01
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- risk 0.45cvss 7.0epss 0.00
Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally.
- risk 0.64cvss 9.8epss 0.22
Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.01
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
- risk 0.46cvss 7.1epss 0.01
Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network.
- risk 0.42cvss 6.5epss 0.01
Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform tampering over a network.
- risk 0.42cvss 6.5epss 0.01
Exposure of sensitive information to an unauthorized actor in Visual Studio Code allows an unauthorized attacker to disclose information over a network.
- risk 0.62cvss 9.6epss 0.01
Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
- risk 0.40cvss 7.2epss 0.00
md-fileserver allows for local viewing of markdown files in a browser. Prior to version 1.10.3, a cross-site scripting (XSS) vulnerability exists in the application’s Markdown rendering logic. When user-supplied Markdown content is rendered, embedded raw HTML—including…
- risk 0.42cvss 7.5epss 0.00
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH's bundled XML parser expands nested <!ENTITY> declarations…
- risk 0.51cvss 7.8epss 0.00
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
- risk 0.64cvss 9.8epss 0.15
Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network.
- risk 0.51cvss 7.8epss 0.00
Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.
- risk 0.34cvss 5.3epss 0.00
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
- risk 0.51cvss 7.9epss 0.00
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
- risk 0.28cvss 4.3epss 0.01
User interface (ui) misrepresentation of critical information in Microsoft Bing allows an unauthorized attacker to perform spoofing over a network.
- risk 0.46cvss 7.1epss 0.00
Improper access control in Office for Android allows an unauthorized attacker to perform spoofing locally.
- risk 0.57cvss 8.8epss 0.01
Stack-based buffer overflow in Active Directory Domain Services allows an authorized attacker to execute code over a network.
- risk 0.36cvss 5.5epss 0.00
Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.52cvss 8.0epss 0.01
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Live Share Canvas SDK allows an authorized attacker to elevate privileges over a network.
- risk 0.51cvss 7.8epss 0.00
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- risk 0.25cvss 3.9epss 0.00
Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.
- risk 0.55cvss 8.4epss 0.00
Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Bluetooth Port Driver allows an authorized attacker to elevate privileges locally.
- risk 0.49cvss 7.5epss 0.01
Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.
- risk 0.51cvss 7.8epss 0.00
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
- risk 0.53cvss 8.1epss 0.01
Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.
- risk 0.36cvss 5.5epss 0.00
Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.
- risk 0.44cvss 6.8epss 0.00
Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.
- risk 0.55cvss 8.4epss 0.00
Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
- risk 0.36cvss 5.5epss 0.00
Out-of-bounds read in Microsoft UxTheme Library (uxtheme.dll) allows an authorized attacker to deny service locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.