Filtered by vendor Microsoft
Subscriptions
Total
24292 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-47294 | 1 Microsoft | 5 Sharepoint Enterprise Server 2016, Sharepoint Server, Sharepoint Server 2016 and 2 more | 2026-06-03 | 8 High |
| Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-10000 | 2 Google, Microsoft | 2 Chrome, Windows | 2026-06-03 | 8.3 High |
| Use after free in Passwords in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-9890 | 2 Google, Microsoft | 2 Chrome, Windows | 2026-06-03 | 8.3 High |
| Use after free in XR in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-40417 | 1 Microsoft | 8 Dynamics 365 Business Central, Dynamics 365 Business Central 2024, Dynamics 365 Business Central 2024 Wave 1 and 5 more | 2026-06-03 | 7.8 High |
| Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-40361 | 1 Microsoft | 10 365 Apps, Office, Office 2019 and 7 more | 2026-06-03 | 8.4 High |
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-28373 | 3 Apple, Microsoft, Stackfield | 4 Macos, Windows, Desktop App and 1 more | 2026-06-02 | 9.6 Critical |
| The Stackfield Desktop App before 1.10.2 for macOS and Windows contains a path traversal vulnerability in certain decryption functionality when processing the filePath property. A malicious export can write arbitrary content to any path on the victim's filesystem. | ||||
| CVE-2026-46414 | 1 Microsoft | 1 Ufo | 2026-06-02 | 8.8 High |
| Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's WebSocket control plane trusts client-supplied identity and role fields in task messages. A client connection can register as a normal device, but later send a TASK message claiming client_type="constellation" and target_id=<victim-device-id>. The server trusts the role and target values from the wire message rather than enforcing the role registered for that WebSocket connection. As a result, any authenticated WebSocket client with the shared server token can spoof the higher-privilege constellation role and dispatch attacker-controlled tasks to another connected device. The same client registry also allows duplicate client_id registration, overwriting an existing live client's stored websocket, role, and task protocol. This is an authenticated WebSocket role/identity spoofing issue leading to peer task hijacking. | ||||
| CVE-2023-23375 | 1 Microsoft | 6 Odbc, Odbc Driver 17 For Sql Server, Odbc Driver 18 For Sql Server and 3 more | 2026-06-02 | 7.8 High |
| Microsoft ODBC and OLE DB Remote Code Execution Vulnerability | ||||
| CVE-2026-8670 | 4 Avantra, Linux, Microsoft and 1 more | 4 Avantra, Linux Kernel, Windows and 1 more | 2026-06-02 | 9.6 Critical |
| Insufficient session expiration vulnerability in syslink software AG Avantra on Linux, Windows allows Reusing Session IDs (aka Session Replay). This issue affects Avantra: before 25.3.1. | ||||
| CVE-2026-8671 | 4 Avantra, Linux, Microsoft and 1 more | 4 Avantra, Linux Kernel, Windows and 1 more | 2026-06-02 | 7.5 High |
| Insertion of sensitive information into log file vulnerability in syslink software AG Avantra on Linux, Windows allows Resource Leak Exposure. This issue affects Avantra: before 25.3.0. | ||||
| CVE-2026-8672 | 4 Avantra, Linux, Microsoft and 1 more | 4 Avantra, Linux Kernel, Windows and 1 more | 2026-06-02 | 5.1 Medium |
| Use of default password vulnerability in syslink software AG Avantra on Linux, Windows allows Try Common or Default Usernames and Passwords. This issue affects Avantra: before 25.3.0. | ||||
| CVE-2026-8673 | 4 Avantra, Linux, Microsoft and 1 more | 4 Avantra, Linux Kernel, Windows and 1 more | 2026-06-02 | 5.9 Medium |
| Unprotected transport of credentials vulnerability in syslink software AG Avantra on Linux, Windows allows Sniffing Attacks. This issue affects Avantra: before 25.3.0. | ||||
| CVE-2022-2160 | 3 Fedoraproject, Google, Microsoft | 3 Fedora, Chrome, Windows | 2026-06-02 | 6.5 Medium |
| Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from a user's local files via a crafted HTML page. | ||||
| CVE-2022-28880 | 3 Apple, F-secure, Microsoft | 10 Macos, Atlant, Cloud Protection For Salesforce and 7 more | 2026-06-02 | 4.3 Medium |
| A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files it is possible that can crash the scanning engine. The exploit can be triggered remotely by an attacker. | ||||
| CVE-2022-26826 | 1 Microsoft | 13 Windows 10, Windows 10 1607, Windows 10 1809 and 10 more | 2026-06-02 | 7.2 High |
| Windows DNS Server Remote Code Execution Vulnerability | ||||
| CVE-2022-26795 | 1 Microsoft | 12 Windows 10, Windows 10 1809, Windows 10 1909 and 9 more | 2026-06-02 | 7.8 High |
| Windows Print Spooler Elevation of Privilege Vulnerability | ||||
| CVE-2022-23742 | 2 Checkpoint, Microsoft | 2 Endpoint Security, Windows | 2026-06-02 | 7.8 High |
| Check Point Endpoint Security Client for Windows versions earlier than E86.40 copy files for forensics reports from a directory with low privileges. An attacker can replace those files with malicious or linked content, such as exploiting CVE-2020-0896 on unpatched systems or using symbolic links. | ||||
| CVE-2022-22977 | 2 Microsoft, Vmware | 2 Windows, Tools | 2026-06-02 | 7.1 High |
| VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE) vulnerability. A malicious actor with non-administrative local user privileges in the Windows guest OS, where VMware Tools is installed, may exploit this issue leading to a denial-of-service condition or unintended information disclosure. | ||||
| CVE-2026-44470 | 3 Anthropic, Anthropics, Microsoft | 3 Claude Desktop, Claude Code, Windows | 2026-06-02 | 7.8 High |
| The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. Prior to 1.3834.0, the CoworkVMService component in Claude Desktop for Windows ran as SYSTEM and did not validate whether the VM bundle directory was a real directory or an NTFS directory junction before creating files within it. A local non-elevated user could replace the user-writable VM bundle directory with a directory junction pointing to an attacker-chosen location, causing the service to create a SYSTEM-owned file in an arbitrary directory. This could be leveraged for local privilege escalation. This vulnerability is fixed in 1.3834.0. | ||||
| CVE-2026-9940 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-06-01 | 8.8 High |
| Heap buffer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||