Filtered by vendor Microsoft Subscriptions
Total 24965 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2026-48568 1 Microsoft 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more 2026-06-10 7.9 High
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-48570 1 Microsoft 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more 2026-06-10 7.9 High
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-47637 1 Microsoft 5 Sharepoint Enterprise Server 2016, Sharepoint Server, Sharepoint Server 2016 and 2 more 2026-06-10 4.6 Medium
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-47638 1 Microsoft 5 Sharepoint Enterprise Server 2016, Sharepoint Server, Sharepoint Server 2016 and 2 more 2026-06-10 4.6 Medium
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-47640 1 Microsoft 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 2026-06-10 4.6 Medium
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2020-18171 2 Microsoft, Techsmith 2 Windows, Snagit 2026-06-10 8.8 High
TechSmith Snagit 19.1.0.2653 uses Object Linking and Embedding (OLE) which can allow attackers to obfuscate and embed crafted files used to escalate privileges. NOTE: This implies that Snagit's use of OLE is a security vulnerability unto itself and it is not. See reference document for more details.
CVE-2020-18169 2 Microsoft, Techsmith 2 Windows, Snagit 2026-06-10 7.8 High
A vulnerability in the Windows installer XML (WiX) toolset of TechSmith Snagit 19.1.1.2860 allows attackers to escalate privileges. NOTE: Exploit of the Snagit installer would require the end user to ignore other safety mechanisms provided by the Host OS. See reference document for more details.
CVE-2026-48574 1 Microsoft 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more 2026-06-10 7.8 High
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.
CVE-2026-48575 1 Microsoft 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more 2026-06-10 7.9 High
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-48583 1 Microsoft 21 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 18 more 2026-06-10 7.8 High
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-49160 1 Microsoft 21 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 18 more 2026-06-10 7.5 High
Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.
CVE-2026-45500 1 Microsoft 7 Exchange Server 2016, Exchange Server 2019, Exchange Server Se and 4 more 2026-06-10 6.1 Medium
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-11645 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2026-06-10 8.8 High
Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-26142 1 Microsoft 4 Nuance Powerscribe 360, Nuance Powerscribe One, Powerscribe One Version 2023.1 Sp2 and 1 more 2026-06-10 9.8 Critical
Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute code over a network.
CVE-2026-50511 1 Microsoft 1 Pc Manager 2026-06-10 7.8 High
Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-47643 1 Microsoft 1 Azure Stack Edge 2026-06-10 9.8 Critical
External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network.
CVE-2026-45639 1 Microsoft 28 Remote Desktop, Windows 10 1607, Windows 10 1809 and 25 more 2026-06-10 7.5 High
Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.
CVE-2026-45483 1 Microsoft 4 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 and 1 more 2026-06-10 4.6 Medium
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Project Server allows an authorized attacker to perform spoofing over a network.
CVE-2026-42908 1 Microsoft 27 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 24 more 2026-06-10 7.5 High
Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.
CVE-2026-45644 1 Microsoft 2 Live Share Canvas, Microsoft Live Share Canvas Sdk 2026-06-10 8 High
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Live Share Canvas SDK allows an authorized attacker to elevate privileges over a network.