Filtered by vendor Microsoft
Subscriptions
Total
24966 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-44802 | 1 Microsoft | 18 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 15 more | 2026-06-12 | 7.8 High |
| Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-44804 | 1 Microsoft | 2 Windows 11 26h1, Windows 11 26h1 | 2026-06-12 | 7.8 High |
| Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-44807 | 1 Microsoft | 2 Windows 11 26h1, Windows 11 26h1 | 2026-06-12 | 7.8 High |
| Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-44813 | 1 Microsoft | 2 Windows 11 26h1, Windows 11 26h1 | 2026-06-12 | 7.8 High |
| Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-44814 | 1 Microsoft | 2 Windows 11 26h1, Windows 11 26h1 | 2026-06-12 | 5.5 Medium |
| Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-48565 | 1 Microsoft | 1 Windows Narrator Braille | 2026-06-12 | 7.8 High |
| Untrusted search path in Windows Narrator Braille allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-48569 | 1 Microsoft | 1 Visual Studio Code | 2026-06-12 | 7.1 High |
| Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally. | ||||
| CVE-2026-45467 | 1 Microsoft | 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 | 2026-06-12 | 4.6 Medium |
| Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | ||||
| CVE-2026-45481 | 1 Microsoft | 4 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 and 1 more | 2026-06-12 | 7.3 High |
| Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | ||||
| CVE-2026-47298 | 1 Microsoft | 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 | 2026-06-12 | 8 High |
| Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-45484 | 1 Microsoft | 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 | 2026-06-12 | 8.8 High |
| Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-48562 | 1 Microsoft | 5 Sharepoint Enterprise Server 2016, Sharepoint Server, Sharepoint Server 2016 and 2 more | 2026-06-12 | 4.6 Medium |
| Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | ||||
| CVE-2026-47961 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Macos and 1 more | 2026-06-12 | 5.5 Medium |
| Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-47959 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Macos and 1 more | 2026-06-12 | 7.8 High |
| Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-42968 | 1 Microsoft | 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more | 2026-06-11 | 5.5 Medium |
| Out-of-bounds read in Windows Telephony Service allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-42969 | 1 Microsoft | 21 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 18 more | 2026-06-11 | 5.5 Medium |
| Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-42912 | 1 Microsoft | 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more | 2026-06-11 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Telephony Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-42911 | 1 Microsoft | 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more | 2026-06-11 | 7 High |
| Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-42910 | 1 Microsoft | 8 Windows 11 24h2, Windows 11 24h2, Windows 11 25h2 and 5 more | 2026-06-11 | 7.8 High |
| Out-of-bounds write in Windows Hotpatch Monitoring Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-47906 | 3 Adobe, Apple, Microsoft | 3 Dreamweaver, Macos, Windows | 2026-06-11 | 8.6 High |
| Dreamweaver Desktop versions 21.7 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed. | ||||