Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22832
Total
1629
Critical
7118
High
7284
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-45500 | MEDIUM | 6.1 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | Jun 09, 2026 |
| CVE-2026-45491 | MEDIUM | 6.2 | Improper link resolution before file access ('link following') in .NET allows an unauthorized attacker to perform tampering locally. | Jun 09, 2026 |
| CVE-2026-45490 | HIGH | 7.8 | Improper authorization in .NET allows an authorized attacker to elevate privileges locally. | Jun 09, 2026 |
| CVE-2026-45487 | HIGH | 7.8 | Time-of-check time-of-use (TOCTOU) race condition in Program Compatibility Assistant Service allows an authorized attacker to elevate privileges locally. | Jun 09, 2026 |
| CVE-2026-45486 | HIGH | 7.8 | Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. | Jun 09, 2026 |
| CVE-2026-45485 | LOW | 3.3 | Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally. | Jun 09, 2026 |
| CVE-2026-45484 | HIGH | 8.8 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network. | Jun 09, 2026 |
| CVE-2026-45483 | MEDIUM | 4.6 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Project Server allows an authorized attacker to perform spoofing over a network. | Jun 09, 2026 |
| CVE-2026-45482 | HIGH | 8.4 | Improper limitation of a pathname to a restricted directory ('path traversal') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a … | Jun 09, 2026 |
| CVE-2026-45481 | HIGH | 7.3 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | Jun 09, 2026 |
| CVE-2026-45479 | MEDIUM | 4.6 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | Jun 09, 2026 |
| CVE-2026-45476 | HIGH | 8.2 | Use after free in Linux MANA Driver allows an authorized attacker to elevate privileges locally. | Jun 09, 2026 |
| CVE-2026-45475 | HIGH | 7.8 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | Jun 09, 2026 |
| CVE-2026-45474 | HIGH | 8.4 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | Jun 09, 2026 |
| CVE-2026-45472 | HIGH | 8.4 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | Jun 09, 2026 |
| CVE-2026-45471 | HIGH | 7.8 | Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. | Jun 09, 2026 |
| CVE-2026-45469 | HIGH | 7.8 | Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | Jun 09, 2026 |
| CVE-2026-45468 | MEDIUM | 4.6 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | Jun 09, 2026 |
| CVE-2026-45467 | MEDIUM | 4.6 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | Jun 09, 2026 |
| CVE-2026-45466 | LOW | 3.3 | Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | Jun 09, 2026 |
| CVE-2026-45465 | MEDIUM | 5.4 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | Jun 09, 2026 |
| CVE-2026-45464 | MEDIUM | 5.4 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | Jun 09, 2026 |
| CVE-2026-45463 | HIGH | 8.4 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | Jun 09, 2026 |
| CVE-2026-45462 | MEDIUM | 4.6 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | Jun 09, 2026 |
| CVE-2026-45461 | HIGH | 8.4 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | Jun 09, 2026 |