Filtered by vendor Microsoft
Subscriptions
Total
24964 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-22977 | 2 Microsoft, Vmware | 2 Windows, Tools | 2026-06-02 | 7.1 High |
| VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE) vulnerability. A malicious actor with non-administrative local user privileges in the Windows guest OS, where VMware Tools is installed, may exploit this issue leading to a denial-of-service condition or unintended information disclosure. | ||||
| CVE-2026-44470 | 3 Anthropic, Anthropics, Microsoft | 3 Claude Desktop, Claude Code, Windows | 2026-06-02 | 7.8 High |
| The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. Prior to 1.3834.0, the CoworkVMService component in Claude Desktop for Windows ran as SYSTEM and did not validate whether the VM bundle directory was a real directory or an NTFS directory junction before creating files within it. A local non-elevated user could replace the user-writable VM bundle directory with a directory junction pointing to an attacker-chosen location, causing the service to create a SYSTEM-owned file in an arbitrary directory. This could be leveraged for local privilege escalation. This vulnerability is fixed in 1.3834.0. | ||||
| CVE-2026-9940 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-06-01 | 8.8 High |
| Heap buffer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-9924 | 2 Google, Microsoft | 2 Chrome, Windows | 2026-06-01 | 8.3 High |
| Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-9932 | 2 Google, Microsoft | 2 Chrome, Windows | 2026-06-01 | 8.3 High |
| Use after free in ANGLE in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-9907 | 2 Google, Microsoft | 2 Chrome, Windows | 2026-06-01 | 4.3 Medium |
| Out of bounds read in Dawn in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-9905 | 2 Google, Microsoft | 2 Chrome, Windows | 2026-06-01 | 8.3 High |
| Use after free in Accessibility in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-9944 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-06-01 | 3.1 Low |
| Uninitialized Use in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-9953 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-06-01 | 6.5 Medium |
| Out of bounds read in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-9954 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-06-01 | 7.5 High |
| Use after free in TabStrip in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-9958 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-06-01 | 8.8 High |
| Use after free in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) | ||||
| CVE-2026-33844 | 1 Microsoft | 1 Azure Managed Instance For Apache Cassandra | 2026-06-01 | 9 Critical |
| Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-26164 | 1 Microsoft | 2 365 Copilot Business Chat, 365 Copilot Chat | 2026-06-01 | 7.5 High |
| Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-26129 | 1 Microsoft | 2 365 Copilot Business Chat, 365 Copilot Chat | 2026-06-01 | 7.5 High |
| Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-42834 | 1 Microsoft | 2 Azure Portal Windows Admin Center, Windows Admin Center | 2026-06-01 | 7.8 High |
| Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-42833 | 1 Microsoft | 1 Dynamics 365 | 2026-06-01 | 9.1 Critical |
| Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-40420 | 1 Microsoft | 6 365 Apps, Office, Office 2019 and 3 more | 2026-06-01 | 8.8 High |
| Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-35436 | 1 Microsoft | 6 365 Apps, Office, Office 2019 and 3 more | 2026-06-01 | 8.8 High |
| Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-40418 | 1 Microsoft | 6 365 Apps, Office, Office 2019 and 3 more | 2026-06-01 | 7.8 High |
| Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-40413 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-06-01 | 7.4 High |
| Windows TCP/IP Denial of Service Vulnerability | ||||