VYPR

CVEs

345,251 total · page 113 of 6,906

  • CVE-2026-47653HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.01

    Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

  • CVE-2026-47652HigJun 9, 2026
    risk 0.53cvss 8.2epss 0.00

    Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.

  • CVE-2026-47648HigJun 9, 2026
    risk 0.45cvss 7.0epss 0.00

    Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.

  • CVE-2026-47643CriJun 9, 2026
    risk 0.64cvss 9.8epss 0.01

    External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network.

  • CVE-2026-47641MedJun 9, 2026
    risk 0.30cvss 4.6epss 0.01

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

  • CVE-2026-47640MedJun 9, 2026
    risk 0.30cvss 4.6epss 0.01

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

  • CVE-2026-47639MedJun 9, 2026
    risk 0.35cvss 5.4epss 0.01

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

  • CVE-2026-47638MedJun 9, 2026
    risk 0.30cvss 4.6epss 0.01

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

  • CVE-2026-47637MedJun 9, 2026
    risk 0.30cvss 4.6epss 0.01

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

  • CVE-2026-47636MedJun 9, 2026
    risk 0.35cvss 5.4epss 0.01

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

  • CVE-2026-47635HigJun 9, 2026
    risk 0.55cvss 8.4epss 0.00

    Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

  • CVE-2026-47634HigJun 9, 2026
    risk 0.47cvss 7.3epss 0.01

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

  • CVE-2026-47631HigJun 9, 2026
    risk 0.53cvss 8.1epss 0.00

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2026-47298HigJun 9, 2026
    risk 0.52cvss 8.0epss 0.01

    Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

  • CVE-2026-47293HigJun 9, 2026
    risk 0.45cvss 7.0epss 0.00

    Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

  • CVE-2026-47292HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally.

  • CVE-2026-47291CriJun 9, 2026
    risk 0.64cvss 9.8epss 0.22

    Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.

  • CVE-2026-47289HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.01

    Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

  • CVE-2026-47288HigJun 9, 2026
    risk 0.46cvss 7.1epss 0.01

    Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network.

  • CVE-2026-47287MedJun 9, 2026
    risk 0.42cvss 6.5epss 0.01

    Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform tampering over a network.

  • CVE-2026-47284MedJun 9, 2026
    risk 0.42cvss 6.5epss 0.01

    Exposure of sensitive information to an unauthorized actor in Visual Studio Code allows an unauthorized attacker to disclose information over a network.

  • CVE-2026-47281CriJun 9, 2026
    risk 0.62cvss 9.6epss 0.01

    Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.

  • CVE-2026-46492HigJun 9, 2026
    risk 0.40cvss 7.2epss 0.00

    md-fileserver allows for local viewing of markdown files in a browser. Prior to version 1.10.3, a cross-site scripting (XSS) vulnerability exists in the application’s Markdown rendering logic. When user-supplied Markdown content is rendered, embedded raw HTML—including…

  • CVE-2026-45771HigJun 9, 2026
    risk 0.42cvss 7.5epss 0.00

    FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH's bundled XML parser expands nested <!ENTITY> declarations…

  • CVE-2026-45658HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

  • CVE-2026-45657CriJun 9, 2026
    risk 0.64cvss 9.8epss 0.15

    Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network.

  • CVE-2026-45656HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.

  • CVE-2026-45655MedJun 9, 2026
    risk 0.34cvss 5.3epss 0.00

    Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

  • CVE-2026-45654HigJun 9, 2026
    risk 0.51cvss 7.9epss 0.00

    Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

  • CVE-2026-45653HigJun 9, 2026
    risk 0.46cvss 7.0epss 0.00

    Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

  • CVE-2026-45650MedJun 9, 2026
    risk 0.28cvss 4.3epss 0.01

    User interface (ui) misrepresentation of critical information in Microsoft Bing allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2026-45649HigJun 9, 2026
    risk 0.46cvss 7.1epss 0.00

    Improper access control in Office for Android allows an unauthorized attacker to perform spoofing locally.

  • CVE-2026-45648HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.01

    Stack-based buffer overflow in Active Directory Domain Services allows an authorized attacker to execute code over a network.

  • CVE-2026-45647MedJun 9, 2026
    risk 0.36cvss 5.5epss 0.00

    Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.

  • CVE-2026-45645HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

  • CVE-2026-45644HigJun 9, 2026
    risk 0.52cvss 8.0epss 0.01

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Live Share Canvas SDK allows an authorized attacker to elevate privileges over a network.

  • CVE-2026-45643HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

  • CVE-2026-45642LowJun 9, 2026
    risk 0.25cvss 3.9epss 0.00

    Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.

  • CVE-2026-45641HigJun 9, 2026
    risk 0.55cvss 8.4epss 0.00

    Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.

  • CVE-2026-45640HigJun 9, 2026
    risk 0.46cvss 7.0epss 0.00

    Use after free in Windows Bluetooth Port Driver allows an authorized attacker to elevate privileges locally.

  • CVE-2026-45639HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.01

    Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.

  • CVE-2026-45638HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

  • CVE-2026-45637HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

  • CVE-2026-45636HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.

  • CVE-2026-45635HigJun 9, 2026
    risk 0.53cvss 8.1epss 0.01

    Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.

  • CVE-2026-45634MedJun 9, 2026
    risk 0.36cvss 5.5epss 0.00

    Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.

  • CVE-2026-45608MedJun 9, 2026
    risk 0.44cvss 6.8epss 0.00

    Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.

  • CVE-2026-45607HigJun 9, 2026
    risk 0.55cvss 8.4epss 0.00

    Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.

  • CVE-2026-45606MedJun 9, 2026
    risk 0.36cvss 5.5epss 0.00

    Out-of-bounds read in Microsoft UxTheme Library (uxtheme.dll) allows an authorized attacker to deny service locally.

  • CVE-2026-45605HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.