Filtered by vendor Microsoft Subscriptions
Total 24966 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2026-44802 1 Microsoft 18 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 15 more 2026-06-12 7.8 High
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-44804 1 Microsoft 2 Windows 11 26h1, Windows 11 26h1 2026-06-12 7.8 High
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-44807 1 Microsoft 2 Windows 11 26h1, Windows 11 26h1 2026-06-12 7.8 High
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-44813 1 Microsoft 2 Windows 11 26h1, Windows 11 26h1 2026-06-12 7.8 High
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-44814 1 Microsoft 2 Windows 11 26h1, Windows 11 26h1 2026-06-12 5.5 Medium
Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
CVE-2026-48565 1 Microsoft 1 Windows Narrator Braille 2026-06-12 7.8 High
Untrusted search path in Windows Narrator Braille allows an authorized attacker to elevate privileges locally.
CVE-2026-48569 1 Microsoft 1 Visual Studio Code 2026-06-12 7.1 High
Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-45467 1 Microsoft 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 2026-06-12 4.6 Medium
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-45481 1 Microsoft 4 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 and 1 more 2026-06-12 7.3 High
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-47298 1 Microsoft 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 2026-06-12 8 High
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-45484 1 Microsoft 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 2026-06-12 8.8 High
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.
CVE-2026-48562 1 Microsoft 5 Sharepoint Enterprise Server 2016, Sharepoint Server, Sharepoint Server 2016 and 2 more 2026-06-12 4.6 Medium
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-47961 3 Adobe, Apple, Microsoft 4 Acrobat, Acrobat Reader, Macos and 1 more 2026-06-12 5.5 Medium
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-47959 3 Adobe, Apple, Microsoft 4 Acrobat, Acrobat Reader, Macos and 1 more 2026-06-12 7.8 High
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-42968 1 Microsoft 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more 2026-06-11 5.5 Medium
Out-of-bounds read in Windows Telephony Service allows an authorized attacker to disclose information locally.
CVE-2026-42969 1 Microsoft 21 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 18 more 2026-06-11 5.5 Medium
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
CVE-2026-42912 1 Microsoft 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more 2026-06-11 7 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
CVE-2026-42911 1 Microsoft 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more 2026-06-11 7 High
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-42910 1 Microsoft 8 Windows 11 24h2, Windows 11 24h2, Windows 11 25h2 and 5 more 2026-06-11 7.8 High
Out-of-bounds write in Windows Hotpatch Monitoring Service allows an authorized attacker to elevate privileges locally.
CVE-2026-47906 3 Adobe, Apple, Microsoft 3 Dreamweaver, Macos, Windows 2026-06-11 8.6 High
Dreamweaver Desktop versions 21.7 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.