Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

22832
Total
1629
Critical
7118
High
7284
Medium
CVE ID Severity Score Description Published
CVE-2026-45608 MEDIUM 6.8 Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally. Jun 09, 2026
CVE-2026-45607 HIGH 8.4 Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally. Jun 09, 2026
CVE-2026-45606 MEDIUM 5.5 Out-of-bounds read in Microsoft UxTheme Library (uxtheme.dll) allows an authorized attacker to deny service locally. Jun 09, 2026
CVE-2026-45605 HIGH 7.8 Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. Jun 09, 2026
CVE-2026-45604 MEDIUM 5.5 Out-of-bounds read in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally. Jun 09, 2026
CVE-2026-45603 HIGH 7.0 Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Jun 09, 2026
CVE-2026-45602 CRITICAL 9.1 No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network. Jun 09, 2026
CVE-2026-45601 HIGH 7.0 Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Jun 09, 2026
CVE-2026-45600 HIGH 7.8 Access of resource using incompatible type ('type confusion') in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally. Jun 09, 2026
CVE-2026-45599 HIGH 8.1 Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network. Jun 09, 2026
CVE-2026-45598 HIGH 7.0 Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Jun 09, 2026
CVE-2026-45597 HIGH 7.0 Concurrent execution using shared resource with improper synchronization ('race condition') in UI Automation Manager (uiamanager.dll) allows an authorized attacker to elevate privileges locally. Jun 09, 2026
CVE-2026-45596 HIGH 7.0 Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Jun 09, 2026
CVE-2026-45595 MEDIUM 5.4 Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network. Jun 09, 2026
CVE-2026-45594 MEDIUM 5.5 Exposure of sensitive information to an unauthorized actor in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally. Jun 09, 2026
CVE-2026-45593 HIGH 7.8 Use after free in Windows SDK allows an authorized attacker to elevate privileges locally. Jun 09, 2026
CVE-2026-45592 HIGH 7.8 Integer overflow or wraparound in Windows Internet (wininet.dll) allows an authorized attacker to elevate privileges locally. Jun 09, 2026
CVE-2026-45591 HIGH 7.5 Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network. Jun 09, 2026
CVE-2026-45588 HIGH 7.9 Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. Jun 09, 2026
CVE-2026-45586 HIGH 7.8 Improper link resolution before file access ('link following') in Windows Collaborative Translation Framework allows an authorized attacker to elevate privileges locally. Jun 09, 2026
CVE-2026-45583 HIGH 7.5 Improper control of generation of code ('code injection') in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network. Jun 09, 2026
CVE-2026-45504 HIGH 8.8 Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network. Jun 09, 2026
CVE-2026-45503 HIGH 8.1 Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network. Jun 09, 2026
CVE-2026-45502 MEDIUM 5.0 Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network. Jun 09, 2026
CVE-2026-45501 MEDIUM 6.5 Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. Jun 09, 2026