Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22832
Total
1629
Critical
7118
High
7284
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-47936 | MEDIUM | 5.4 | Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a … | Jun 09, 2026 |
| CVE-2026-47935 | MEDIUM | 5.4 | Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue … | Jun 09, 2026 |
| CVE-2026-47656 | HIGH | 7.9 | Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally. | Jun 09, 2026 |
| CVE-2026-47654 | HIGH | 7.5 | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | Jun 09, 2026 |
| CVE-2026-47653 | HIGH | 8.8 | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | Jun 09, 2026 |
| CVE-2026-47652 | HIGH | 8.2 | Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally. | Jun 09, 2026 |
| CVE-2026-47648 | HIGH | 7.0 | Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally. | Jun 09, 2026 |
| CVE-2026-47643 | CRITICAL | 9.8 | External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network. | Jun 09, 2026 |
| CVE-2026-47641 | MEDIUM | 4.6 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | Jun 09, 2026 |
| CVE-2026-47640 | MEDIUM | 4.6 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | Jun 09, 2026 |
| CVE-2026-47639 | MEDIUM | 5.4 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | Jun 09, 2026 |
| CVE-2026-47638 | MEDIUM | 4.6 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | Jun 09, 2026 |
| CVE-2026-47637 | MEDIUM | 4.6 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | Jun 09, 2026 |
| CVE-2026-47636 | MEDIUM | 5.4 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | Jun 09, 2026 |
| CVE-2026-47635 | HIGH | 8.4 | Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. | Jun 09, 2026 |
| CVE-2026-47634 | HIGH | 7.3 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | Jun 09, 2026 |
| CVE-2026-47631 | HIGH | 8.1 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | Jun 09, 2026 |
| CVE-2026-47298 | HIGH | 8.0 | Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | Jun 09, 2026 |
| CVE-2026-47293 | HIGH | 7.0 | Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally. | Jun 09, 2026 |
| CVE-2026-47292 | HIGH | 7.8 | Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally. | Jun 09, 2026 |
| CVE-2026-47291 | CRITICAL | 9.8 | Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network. | Jun 09, 2026 |
| CVE-2026-47289 | HIGH | 8.8 | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | Jun 09, 2026 |
| CVE-2026-47288 | HIGH | 7.1 | Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network. | Jun 09, 2026 |
| CVE-2026-47287 | MEDIUM | 6.5 | Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform tampering over a network. | Jun 09, 2026 |
| CVE-2026-47284 | MEDIUM | 6.5 | Exposure of sensitive information to an unauthorized actor in Visual Studio Code allows an unauthorized attacker to disclose information over a network. | Jun 09, 2026 |