Filtered by vendor Microsoft Subscriptions
Total 24964 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2026-8035 3 Linux, Microsoft, Ni 4 Linux Kernel, Windows, Linux Real-time and 1 more 2026-06-05 7.1 High
Improper input validation in the NI-PAL kernel driver may allow a local authenticated user to cause a denial of service by triggering a crash due to a NULL pointer dereference. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux.
CVE-2026-8036 3 Linux, Microsoft, Ni 4 Linux Kernel, Windows, Linux Real-time and 1 more 2026-06-05 7.1 High
Improper input validation in NI-PAL may allow a local authenticated user to access arbitrary system memory, potentially leading to privilege escalation. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux.
CVE-2026-10022 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2026-06-05 7.5 High
Type Confusion in V8 in Google Chrome prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code inside a sandbox via a crafted Chrome Extension. (Chromium security severity: Medium)
CVE-2026-3087 2 Microsoft, Python 3 Windows, Cpython, Python 2026-06-05 7.5 High
If `shutil.unpack_archive()` is given a ZIP archive with an absolute Windows path containing a drive (`C:\\...`) then the archive will be extracted outside the target directory which is different than other operating systems. Only Windows is affected by this vulnerability.
CVE-2026-10000 2 Google, Microsoft 2 Chrome, Windows 2026-06-03 8.3 High
Use after free in Passwords in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2026-9890 2 Google, Microsoft 2 Chrome, Windows 2026-06-03 8.3 High
Use after free in XR in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-40417 1 Microsoft 8 Dynamics 365 Business Central, Dynamics 365 Business Central 2024, Dynamics 365 Business Central 2024 Wave 1 and 5 more 2026-06-03 7.8 High
Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally.
CVE-2026-40361 1 Microsoft 10 365 Apps, Office, Office 2019 and 7 more 2026-06-03 8.4 High
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-28373 3 Apple, Microsoft, Stackfield 4 Macos, Windows, Desktop App and 1 more 2026-06-02 9.6 Critical
The Stackfield Desktop App before 1.10.2 for macOS and Windows contains a path traversal vulnerability in certain decryption functionality when processing the filePath property. A malicious export can write arbitrary content to any path on the victim's filesystem.
CVE-2026-46414 1 Microsoft 1 Ufo 2026-06-02 8.8 High
Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's WebSocket control plane trusts client-supplied identity and role fields in task messages. A client connection can register as a normal device, but later send a TASK message claiming client_type="constellation" and target_id=<victim-device-id>. The server trusts the role and target values from the wire message rather than enforcing the role registered for that WebSocket connection. As a result, any authenticated WebSocket client with the shared server token can spoof the higher-privilege constellation role and dispatch attacker-controlled tasks to another connected device. The same client registry also allows duplicate client_id registration, overwriting an existing live client's stored websocket, role, and task protocol. This is an authenticated WebSocket role/identity spoofing issue leading to peer task hijacking.
CVE-2023-23375 1 Microsoft 6 Odbc, Odbc Driver 17 For Sql Server, Odbc Driver 18 For Sql Server and 3 more 2026-06-02 7.8 High
Microsoft ODBC and OLE DB Remote Code Execution Vulnerability
CVE-2026-8670 4 Avantra, Linux, Microsoft and 1 more 4 Avantra, Linux Kernel, Windows and 1 more 2026-06-02 9.6 Critical
Insufficient session expiration vulnerability in syslink software AG Avantra on Linux, Windows allows Reusing Session IDs (aka Session Replay). This issue affects Avantra: before 25.3.1.
CVE-2026-8671 4 Avantra, Linux, Microsoft and 1 more 4 Avantra, Linux Kernel, Windows and 1 more 2026-06-02 7.5 High
Insertion of sensitive information into log file vulnerability in syslink software AG Avantra on Linux, Windows allows Resource Leak Exposure. This issue affects Avantra: before 25.3.0.
CVE-2026-8672 4 Avantra, Linux, Microsoft and 1 more 4 Avantra, Linux Kernel, Windows and 1 more 2026-06-02 5.1 Medium
Use of default password vulnerability in syslink software AG Avantra on Linux, Windows allows Try Common or Default Usernames and Passwords. This issue affects Avantra: before 25.3.0.
CVE-2026-8673 4 Avantra, Linux, Microsoft and 1 more 4 Avantra, Linux Kernel, Windows and 1 more 2026-06-02 5.9 Medium
Unprotected transport of credentials vulnerability in syslink software AG Avantra on Linux, Windows allows Sniffing Attacks. This issue affects Avantra: before 25.3.0.
CVE-2022-2160 3 Fedoraproject, Google, Microsoft 3 Fedora, Chrome, Windows 2026-06-02 6.5 Medium
Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from a user's local files via a crafted HTML page.
CVE-2022-28880 3 Apple, F-secure, Microsoft 10 Macos, Atlant, Cloud Protection For Salesforce and 7 more 2026-06-02 4.3 Medium
A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files it is possible that can crash the scanning engine. The exploit can be triggered remotely by an attacker.
CVE-2022-26826 1 Microsoft 13 Windows 10, Windows 10 1607, Windows 10 1809 and 10 more 2026-06-02 7.2 High
Windows DNS Server Remote Code Execution Vulnerability
CVE-2022-26795 1 Microsoft 12 Windows 10, Windows 10 1809, Windows 10 1909 and 9 more 2026-06-02 7.8 High
Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2022-23742 2 Checkpoint, Microsoft 2 Endpoint Security, Windows 2026-06-02 7.8 High
Check Point Endpoint Security Client for Windows versions earlier than E86.40 copy files for forensics reports from a directory with low privileges. An attacker can replace those files with malicious or linked content, such as exploiting CVE-2020-0896 on unpatched systems or using symbolic links.