Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

22832
Total
1629
Critical
7118
High
7284
Medium
CVE ID Severity Score Description Published
CVE-2026-47936 MEDIUM 5.4 Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a … Jun 09, 2026
CVE-2026-47935 MEDIUM 5.4 Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue … Jun 09, 2026
CVE-2026-47656 HIGH 7.9 Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally. Jun 09, 2026
CVE-2026-47654 HIGH 7.5 Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. Jun 09, 2026
CVE-2026-47653 HIGH 8.8 Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. Jun 09, 2026
CVE-2026-47652 HIGH 8.2 Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally. Jun 09, 2026
CVE-2026-47648 HIGH 7.0 Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally. Jun 09, 2026
CVE-2026-47643 CRITICAL 9.8 External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network. Jun 09, 2026
CVE-2026-47641 MEDIUM 4.6 Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. Jun 09, 2026
CVE-2026-47640 MEDIUM 4.6 Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. Jun 09, 2026
CVE-2026-47639 MEDIUM 5.4 Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. Jun 09, 2026
CVE-2026-47638 MEDIUM 4.6 Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. Jun 09, 2026
CVE-2026-47637 MEDIUM 4.6 Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. Jun 09, 2026
CVE-2026-47636 MEDIUM 5.4 Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. Jun 09, 2026
CVE-2026-47635 HIGH 8.4 Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. Jun 09, 2026
CVE-2026-47634 HIGH 7.3 Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. Jun 09, 2026
CVE-2026-47631 HIGH 8.1 Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. Jun 09, 2026
CVE-2026-47298 HIGH 8.0 Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. Jun 09, 2026
CVE-2026-47293 HIGH 7.0 Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally. Jun 09, 2026
CVE-2026-47292 HIGH 7.8 Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally. Jun 09, 2026
CVE-2026-47291 CRITICAL 9.8 Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network. Jun 09, 2026
CVE-2026-47289 HIGH 8.8 Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. Jun 09, 2026
CVE-2026-47288 HIGH 7.1 Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network. Jun 09, 2026
CVE-2026-47287 MEDIUM 6.5 Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform tampering over a network. Jun 09, 2026
CVE-2026-47284 MEDIUM 6.5 Exposure of sensitive information to an unauthorized actor in Visual Studio Code allows an unauthorized attacker to disclose information over a network. Jun 09, 2026