Total CVEs

138,466

Critical Severity

3,569

High Severity

12,817

Last 7 Days

1,987
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 941 - 960 of 12,943 CVEs
CVE-2026-47284 MEDIUM - 6.5

Exposure of sensitive information to an unauthorized actor in Visual Studio Code allows an unauthorized attacker to disclose information over a network.

Vendor: microsoft
Product: visual_studio_code
Published: Jun 09, 2026
Source: NVD
CVE-2026-45655 MEDIUM - 5.3

Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

Vendor: microsoft
Product: windows_10_1607
Published: Jun 09, 2026
Source: NVD
CVE-2026-45650 MEDIUM - 4.3

User interface (ui) misrepresentation of critical information in Microsoft Bing allows an unauthorized attacker to perform spoofing over a network.

Vendor: microsoft
Product: bing
Published: Jun 09, 2026
Source: NVD
CVE-2026-45647 MEDIUM - 5.5

Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.

Published: Jun 09, 2026
Source: NVD
CVE-2026-45634 MEDIUM - 5.5

Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.

Vendor: microsoft
Product: windows_10_1607
Published: Jun 09, 2026
Source: NVD
CVE-2026-45608 MEDIUM - 6.8

Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.

Vendor: microsoft
Product: windows_10_1607
Published: Jun 09, 2026
Source: NVD
CVE-2026-45606 MEDIUM - 5.5

Out-of-bounds read in Microsoft UxTheme Library (uxtheme.dll) allows an authorized attacker to deny service locally.

Vendor: microsoft
Product: windows_10_1607
Published: Jun 09, 2026
Source: NVD
CVE-2026-45604 MEDIUM - 5.5

Out-of-bounds read in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally.

Vendor: microsoft
Product: windows_11_23h2
Published: Jun 09, 2026
Source: NVD
CVE-2026-45595 MEDIUM - 5.4

Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network.

Vendor: microsoft
Product: windows_10_1607
Published: Jun 09, 2026
Source: NVD
CVE-2026-45594 MEDIUM - 5.5

Exposure of sensitive information to an unauthorized actor in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally.

Vendor: microsoft
Product: windows_10_1607
Published: Jun 09, 2026
Source: NVD
CVE-2026-45502 MEDIUM - 5.0

Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.

Vendor: microsoft
Product: exchange_server
Published: Jun 09, 2026
Source: NVD
CVE-2026-45501 MEDIUM - 6.5

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

Vendor: microsoft
Product: exchange_server
Published: Jun 09, 2026
Source: NVD
CVE-2026-45500 MEDIUM - 6.1

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

Published: Jun 09, 2026
Source: NVD
CVE-2026-45491 MEDIUM - 6.2

Improper link resolution before file access ('link following') in .NET allows an unauthorized attacker to perform tampering locally.

Vendor: nuget
Product: Microsoft.NETCore.App.Runtime.linux-x64
Published: Jun 09, 2026
Source: NVD
CVE-2026-45483 MEDIUM - 4.6

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Project Server allows an authorized attacker to perform spoofing over a network.

Published: Jun 09, 2026
Source: NVD
CVE-2026-45479 MEDIUM - 4.6

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

Vendor: microsoft
Product: sharepoint_server
Published: Jun 09, 2026
Source: NVD
CVE-2026-45468 MEDIUM - 4.6

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

Vendor: microsoft
Product: sharepoint_server
Published: Jun 09, 2026
Source: NVD
CVE-2026-45467 MEDIUM - 4.6

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

Vendor: microsoft
Product: sharepoint_server
Published: Jun 09, 2026
Source: NVD
CVE-2026-45465 MEDIUM - 5.4

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

Vendor: microsoft
Product: sharepoint_server
Published: Jun 09, 2026
Source: NVD
CVE-2026-45464 MEDIUM - 5.4

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

Vendor: microsoft
Product: sharepoint_server
Published: Jun 09, 2026
Source: NVD