Total CVEs

138,728

Critical Severity

3,597

High Severity

12,893

Last 7 Days

1,720
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 3,261 - 3,280 of 35,133 CVEs
CVE-2026-47656 HIGH - 7.9

Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.

Vendor: microsoft
Product: windows_10_1607
Published: Jun 09, 2026
Source: NVD
CVE-2026-47654 HIGH - 7.5

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

Vendor: microsoft
Product: windows_server_2016
Published: Jun 09, 2026
Source: NVD
CVE-2026-47653 HIGH - 8.8

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

Vendor: microsoft
Product: windows_10_1607
Published: Jun 09, 2026
Source: NVD
CVE-2026-47652 HIGH - 8.2

Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.

Vendor: microsoft
Product: windows_11_23h2
Published: Jun 09, 2026
Source: NVD
CVE-2026-47648 HIGH - 7.0

Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: Jun 09, 2026
Source: NVD
CVE-2026-47643 CRITICAL - 9.8

External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network.

Published: Jun 09, 2026
Source: NVD
CVE-2026-47641 MEDIUM - 4.6

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

Vendor: microsoft
Product: sharepoint_server
Published: Jun 09, 2026
Source: NVD
CVE-2026-47640 MEDIUM - 4.6

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

Vendor: microsoft
Product: sharepoint_server
Published: Jun 09, 2026
Source: NVD
CVE-2026-47639 MEDIUM - 5.4

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

Vendor: microsoft
Product: sharepoint_server
Published: Jun 09, 2026
Source: NVD
CVE-2026-47638 MEDIUM - 4.6

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

Vendor: microsoft
Product: sharepoint_server
Published: Jun 09, 2026
Source: NVD
CVE-2026-47637 MEDIUM - 4.6

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

Vendor: microsoft
Product: sharepoint_server
Published: Jun 09, 2026
Source: NVD
CVE-2026-47636 MEDIUM - 5.4

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

Vendor: microsoft
Product: sharepoint_server
Published: Jun 09, 2026
Source: NVD
CVE-2026-47635 HIGH - 8.4

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

Vendor: microsoft
Product: office_2024
Published: Jun 09, 2026
Source: NVD
CVE-2026-47634 HIGH - 7.3

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

Vendor: microsoft
Product: sharepoint_server
Published: Jun 09, 2026
Source: NVD
CVE-2026-47631 HIGH - 8.1

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

Vendor: microsoft
Product: exchange_server
Published: Jun 09, 2026
Source: NVD
CVE-2026-47298 HIGH - 8.0

Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Vendor: microsoft
Product: sharepoint_server
Published: Jun 09, 2026
Source: NVD
CVE-2026-47293 HIGH - 7.0

Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

Published: Jun 09, 2026
Source: NVD
CVE-2026-47292 HIGH - 7.8

Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally.

Vendor: microsoft
Product: visual_studio_code
Published: Jun 09, 2026
Source: NVD
CVE-2026-47291 CRITICAL - 9.8

Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.

Vendor: microsoft
Product: windows_10_1607
Published: Jun 09, 2026
Source: NVD
CVE-2026-47289 HIGH - 8.8

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

Vendor: microsoft
Product: windows_app
Published: Jun 09, 2026
Source: NVD