| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-45635 | Hig | 0.53 | 8.1 | 0.01 | Jun 9, 2026 | Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-45607 | Hig | 0.55 | 8.4 | 0.00 | Jun 9, 2026 | Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-45605 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-45603 | Hig | 0.46 | 7.0 | 0.00 | Jun 9, 2026 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-45601 | Hig | 0.46 | 7.0 | 0.00 | Jun 9, 2026 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-45600 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Access of resource using incompatible type ('type confusion') in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-45599 | Hig | 0.53 | 8.1 | 0.01 | Jun 9, 2026 | Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-45598 | Hig | 0.46 | 7.0 | 0.00 | Jun 9, 2026 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-45597 | Hig | 0.46 | 7.0 | 0.00 | Jun 9, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in UI Automation Manager (uiamanager.dll) allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-45596 | Hig | 0.46 | 7.0 | 0.00 | Jun 9, 2026 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-45593 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Use after free in Windows SDK allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-45592 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Integer overflow or wraparound in Windows Internet (wininet.dll) allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-45591 | Hig | 0.42 | 7.5 | 0.02 | Jun 9, 2026 | Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network. | ||
| CVE-2026-45588 | Hig | 0.51 | 7.9 | 0.00 | Jun 9, 2026 | Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. | ||
| CVE-2026-45586 | Hig | 0.51 | 7.8 | 0.03 | Jun 9, 2026 | Improper link resolution before file access ('link following') in Windows Collaborative Translation Framework allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-45583 | Hig | 0.49 | 7.5 | 0.00 | Jun 9, 2026 | Improper control of generation of code ('code injection') in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-45504 | Hig | 0.57 | 8.8 | 0.00 | Jun 9, 2026 | Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2026-45503 | Hig | 0.53 | 8.1 | 0.00 | Jun 9, 2026 | Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network. | ||
| CVE-2026-45490 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Improper authorization in .NET allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-45487 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Time-of-check time-of-use (TOCTOU) race condition in Program Compatibility Assistant Service allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-45486 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-45484 | Hig | 0.57 | 8.8 | 0.02 | Jun 9, 2026 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2026-45482 | Hig | 0.55 | 8.4 | 0.00 | Jun 9, 2026 | Improper limitation of a pathname to a restricted directory ('path traversal') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature locally. | ||
| CVE-2026-45481 | Hig | 0.47 | 7.3 | 0.01 | Jun 9, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | ||
| CVE-2026-45476 | Hig | 0.53 | 8.2 | 0.00 | Jun 9, 2026 | Use after free in Linux MANA Driver allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-45475 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-45474 | Hig | 0.55 | 8.4 | 0.00 | Jun 9, 2026 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-45472 | Hig | 0.55 | 8.4 | 0.00 | Jun 9, 2026 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-45471 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-45469 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-45463 | Hig | 0.55 | 8.4 | 0.00 | Jun 9, 2026 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-45461 | Hig | 0.55 | 8.4 | 0.00 | Jun 9, 2026 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-45458 | Hig | 0.55 | 8.4 | 0.00 | Jun 9, 2026 | Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-45457 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-45456 | Hig | 0.55 | 8.4 | 0.00 | Jun 9, 2026 | Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-45447 | Hig | 0.50 | 8.8 | 0.03 | Jun 9, 2026 | Issue summary: A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free during PKCS#7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a… | ||
| CVE-2026-45445 | Hig | 0.42 | 7.5 | 0.00 | Jun 9, 2026 | Issue summary: When an application drives an AES-OCB context through the public EVP_Cipher() one-shot interface, the application-supplied initialisation vector (IV) is silently discarded. Impact summary: Every message encrypted under the same key uses the same effective nonce… | ||
| CVE-2026-44824 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-44823 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-44822 | Hig | 0.53 | 8.2 | 0.01 | Jun 9, 2026 | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2026-44820 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-44819 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-44818 | Hig | 0.46 | 7.0 | 0.00 | Jun 9, 2026 | Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-44817 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-44813 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-44812 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-44811 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-44810 | Hig | 0.55 | 8.4 | 0.00 | Jun 9, 2026 | Improper authentication in Windows Cryptographic Services allows an unauthorized attacker to elevate privileges locally. | ||
| CVE-2026-44809 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-44808 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. |
- risk 0.53cvss 8.1epss 0.01
Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.
- risk 0.55cvss 8.4epss 0.00
Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Access of resource using incompatible type ('type confusion') in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.
- risk 0.53cvss 8.1epss 0.01
Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in UI Automation Manager (uiamanager.dll) allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Windows SDK allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Integer overflow or wraparound in Windows Internet (wininet.dll) allows an authorized attacker to elevate privileges locally.
- risk 0.42cvss 7.5epss 0.02
Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network.
- risk 0.51cvss 7.9epss 0.00
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
- risk 0.51cvss 7.8epss 0.03
Improper link resolution before file access ('link following') in Windows Collaborative Translation Framework allows an authorized attacker to elevate privileges locally.
- risk 0.49cvss 7.5epss 0.00
Improper control of generation of code ('code injection') in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.00
Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.
- risk 0.53cvss 8.1epss 0.00
Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.
- risk 0.51cvss 7.8epss 0.00
Improper authorization in .NET allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Time-of-check time-of-use (TOCTOU) race condition in Program Compatibility Assistant Service allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- risk 0.57cvss 8.8epss 0.02
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.
- risk 0.55cvss 8.4epss 0.00
Improper limitation of a pathname to a restricted directory ('path traversal') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
- risk 0.47cvss 7.3epss 0.01
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
- risk 0.53cvss 8.2epss 0.00
Use after free in Linux MANA Driver allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.4epss 0.00
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.4epss 0.00
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.4epss 0.00
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.4epss 0.00
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.4epss 0.00
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.4epss 0.00
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.50cvss 8.8epss 0.03
Issue summary: A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free during PKCS#7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a…
- risk 0.42cvss 7.5epss 0.00
Issue summary: When an application drives an AES-OCB context through the public EVP_Cipher() one-shot interface, the application-supplied initialisation vector (IV) is silently discarded. Impact summary: Every message encrypted under the same key uses the same effective nonce…
- risk 0.51cvss 7.8epss 0.00
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- risk 0.53cvss 8.2epss 0.01
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.
- risk 0.51cvss 7.8epss 0.00
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.46cvss 7.0epss 0.00
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
- risk 0.55cvss 8.4epss 0.00
Improper authentication in Windows Cryptographic Services allows an unauthorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.