Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

22874
Total
1630
Critical
7150
High
7293
Medium
CVE ID Severity Score Description Published
CVE-2026-45600 HIGH 7.8 Access of resource using incompatible type ('type confusion') in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally. Jun 09, 2026
CVE-2026-45599 HIGH 8.1 Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network. Jun 09, 2026
CVE-2026-45598 HIGH 7.0 Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Jun 09, 2026
CVE-2026-45597 HIGH 7.0 Concurrent execution using shared resource with improper synchronization ('race condition') in UI Automation Manager (uiamanager.dll) allows an authorized attacker to elevate privileges locally. Jun 09, 2026
CVE-2026-45596 HIGH 7.0 Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Jun 09, 2026
CVE-2026-45595 MEDIUM 5.4 Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network. Jun 09, 2026
CVE-2026-45594 MEDIUM 5.5 Exposure of sensitive information to an unauthorized actor in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally. Jun 09, 2026
CVE-2026-45593 HIGH 7.8 Use after free in Windows SDK allows an authorized attacker to elevate privileges locally. Jun 09, 2026
CVE-2026-45592 HIGH 7.8 Integer overflow or wraparound in Windows Internet (wininet.dll) allows an authorized attacker to elevate privileges locally. Jun 09, 2026
CVE-2026-45591 HIGH 7.5 Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network. Jun 09, 2026
CVE-2026-45588 HIGH 7.9 Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. Jun 09, 2026
CVE-2026-45586 HIGH 7.8 Improper link resolution before file access ('link following') in Windows Collaborative Translation Framework allows an authorized attacker to elevate privileges locally. Jun 09, 2026
CVE-2026-45583 HIGH 7.5 Improper control of generation of code ('code injection') in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network. Jun 09, 2026
CVE-2026-45504 HIGH 8.8 Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network. Jun 09, 2026
CVE-2026-45503 HIGH 8.1 Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network. Jun 09, 2026
CVE-2026-45502 MEDIUM 5.0 Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network. Jun 09, 2026
CVE-2026-45501 MEDIUM 6.5 Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. Jun 09, 2026
CVE-2026-45500 MEDIUM 6.1 Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. Jun 09, 2026
CVE-2026-45491 MEDIUM 6.2 Improper link resolution before file access ('link following') in .NET allows an unauthorized attacker to perform tampering locally. Jun 09, 2026
CVE-2026-45490 HIGH 7.8 Improper authorization in .NET allows an authorized attacker to elevate privileges locally. Jun 09, 2026
CVE-2026-45487 HIGH 7.8 Time-of-check time-of-use (TOCTOU) race condition in Program Compatibility Assistant Service allows an authorized attacker to elevate privileges locally. Jun 09, 2026
CVE-2026-45486 HIGH 7.8 Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. Jun 09, 2026
CVE-2026-45485 LOW 3.3 Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally. Jun 09, 2026
CVE-2026-45484 HIGH 8.8 Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network. Jun 09, 2026
CVE-2026-45483 MEDIUM 4.6 Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Project Server allows an authorized attacker to perform spoofing over a network. Jun 09, 2026