Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22874
Total
1630
Critical
7150
High
7293
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-45600 | HIGH | 7.8 | Access of resource using incompatible type ('type confusion') in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally. | Jun 09, 2026 |
| CVE-2026-45599 | HIGH | 8.1 | Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network. | Jun 09, 2026 |
| CVE-2026-45598 | HIGH | 7.0 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | Jun 09, 2026 |
| CVE-2026-45597 | HIGH | 7.0 | Concurrent execution using shared resource with improper synchronization ('race condition') in UI Automation Manager (uiamanager.dll) allows an authorized attacker to elevate privileges locally. | Jun 09, 2026 |
| CVE-2026-45596 | HIGH | 7.0 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | Jun 09, 2026 |
| CVE-2026-45595 | MEDIUM | 5.4 | Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network. | Jun 09, 2026 |
| CVE-2026-45594 | MEDIUM | 5.5 | Exposure of sensitive information to an unauthorized actor in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally. | Jun 09, 2026 |
| CVE-2026-45593 | HIGH | 7.8 | Use after free in Windows SDK allows an authorized attacker to elevate privileges locally. | Jun 09, 2026 |
| CVE-2026-45592 | HIGH | 7.8 | Integer overflow or wraparound in Windows Internet (wininet.dll) allows an authorized attacker to elevate privileges locally. | Jun 09, 2026 |
| CVE-2026-45591 | HIGH | 7.5 | Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network. | Jun 09, 2026 |
| CVE-2026-45588 | HIGH | 7.9 | Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. | Jun 09, 2026 |
| CVE-2026-45586 | HIGH | 7.8 | Improper link resolution before file access ('link following') in Windows Collaborative Translation Framework allows an authorized attacker to elevate privileges locally. | Jun 09, 2026 |
| CVE-2026-45583 | HIGH | 7.5 | Improper control of generation of code ('code injection') in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network. | Jun 09, 2026 |
| CVE-2026-45504 | HIGH | 8.8 | Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network. | Jun 09, 2026 |
| CVE-2026-45503 | HIGH | 8.1 | Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network. | Jun 09, 2026 |
| CVE-2026-45502 | MEDIUM | 5.0 | Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network. | Jun 09, 2026 |
| CVE-2026-45501 | MEDIUM | 6.5 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | Jun 09, 2026 |
| CVE-2026-45500 | MEDIUM | 6.1 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | Jun 09, 2026 |
| CVE-2026-45491 | MEDIUM | 6.2 | Improper link resolution before file access ('link following') in .NET allows an unauthorized attacker to perform tampering locally. | Jun 09, 2026 |
| CVE-2026-45490 | HIGH | 7.8 | Improper authorization in .NET allows an authorized attacker to elevate privileges locally. | Jun 09, 2026 |
| CVE-2026-45487 | HIGH | 7.8 | Time-of-check time-of-use (TOCTOU) race condition in Program Compatibility Assistant Service allows an authorized attacker to elevate privileges locally. | Jun 09, 2026 |
| CVE-2026-45486 | HIGH | 7.8 | Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. | Jun 09, 2026 |
| CVE-2026-45485 | LOW | 3.3 | Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally. | Jun 09, 2026 |
| CVE-2026-45484 | HIGH | 8.8 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network. | Jun 09, 2026 |
| CVE-2026-45483 | MEDIUM | 4.6 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Project Server allows an authorized attacker to perform spoofing over a network. | Jun 09, 2026 |