Microsoft MSRC
CVE-2026-45656 UEFI Secure Boot Security Feature Bypass Vulnerability
Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.
vulnerabilitymicrosoft
Archive
Page 9 of 19 — 1128 stories total
Microsoft MSRC
CVE-2026-45657 Windows Kernel Remote Code Execution Vulnerability
Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-47287 Visual Studio Code Tampering Vulnerability
Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform tampering over a network.
vulnerability
Microsoft MSRC
CVE-2026-47288 Windows Kerberos Key Distribution Center (KDC) Remote Code Execution
Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-47289 Remote Desktop Client Remote Code Execution Vulnerability
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
vulnerability
Microsoft MSRC
CVE-2026-47291 HTTP.sys Remote Code Execution Vulnerability
Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.
vulnerabilitymicrosoft
EPSS 4%
Microsoft MSRC
CVE-2026-47292 Visual Studio Code MSSQL Extension Remote Code Execution Vulnerability
Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally.
vulnerability
Microsoft MSRC
CVE-2026-41092 Microsoft Kinect Elevation of Privilege Vulnerability
Improper access control in Microsoft Kinect allows an authorized attacker to elevate privileges locally.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-32193 Azure Kubernetes Service (AKS) Remote Code Execution Vulnerability
Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Azure Kubernetes Service allows an authorized attacker to execute code locally.
vulnerabilitymicrosoftcloud
Microsoft MSRC
CVE-2026-47298 Microsoft SharePoint Server Remote Code Execution Vulnerability
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-47631 Microsoft Exchange Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-41098 Azure Stack Edge Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Azure Stack Edge allows an authorized attacker to perform spoofing over a network.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-47635 Microsoft Outlook and Word Remote Code Execution Vulnerability
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-47636 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-47637 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-47638 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-47639 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-47641 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-45588 Secure Boot Security Feature Bypass Vulnerability
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-47648 Windows Storage Elevation of Privilege Vulnerability
Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-8863 UEFI Secure Boot Security Feature Bypass Vulnerability
Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-47653 Remote Desktop Client Remote Code Execution Vulnerability
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
vulnerability
Microsoft MSRC
CVE-2026-47652 Windows Hyper-V Remote Code Execution Vulnerability
Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-47654 Remote Desktop Client Remote Code Execution Vulnerability
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
vulnerability
Microsoft MSRC
CVE-2026-48563 Remote Desktop Client Remote Code Execution Vulnerability
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
vulnerability
Microsoft MSRC
CVE-2026-48566 Windows DWM Core Library Information Disclosure Vulnerability
Information published. This CVE was addressed by updates that were released in May 2026, but the CVE was inadvertently omitted from the May 2026 Security Updates. This is an informational change only. Customers who have already installed the May 2026 updates do not need to tak...
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-48568 Secure Boot Security Feature Bypass Vulnerability
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-48570 Secure Boot Security Feature Bypass Vulnerability
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-48573 Secure Boot Security Feature Bypass Vulnerability
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-48575 Secure Boot Security Feature Bypass Vulnerability
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-48576 Secure Boot Security Feature Bypass Vulnerability
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-48578 Secure Boot Security Feature Bypass Vulnerability
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-48583 Windows Kernel Elevation of Privilege Vulnerability
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-49161 Microsoft PC Manager Security Feature Bypass Vulnerability
Improper access control in Microsoft PC Manager allows an authorized attacker to bypass a security feature locally.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-50508 Windows NTLM Spoofing Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-26142 Nuance PowerScribe Remote Code Execution Vulnerability
Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute code over a network.
vulnerability
EPSS 1%
Microsoft MSRC
Chromium: CVE-2026-11148 Inappropriate implementation in Payments
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-33113 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-40371 Microsoft Dynamics 365 (on-premises) Elevation of Privilege Vulnerability
Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to elevate privileges over a network.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-42828 Windows Projected File System Elevation of Privilege Vulnerability
Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-42829 Windows Administrator Protection Secure Feature Bypass Vulnerability
Improper access control in Windows Administrator Protection allows an authorized attacker to bypass a security feature locally.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-42835 Microsoft Teams for Android Information Disclosure Vulnerability
Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Teams for Android allows an authorized attacker to disclose information over a network.
vulnerabilitymicrosoft
EPSS 1%
Microsoft MSRC
CVE-2026-40376 Visual Studio Code Elevation of Privilege Vulnerability
Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
vulnerability
Microsoft MSRC
CVE-2026-44822 Microsoft Excel Information Disclosure Vulnerability
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-45454 Microsoft SharePoint Remote Code Execution Vulnerability
Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-45455 Microsoft Excel Information Disclosure Vulnerability
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-45457 Microsoft Word Remote Code Execution Vulnerability
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-45459 Microsoft Excel Security Feature Bypass Vulnerability
Protection mechanism failure in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-45462 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-45463 Microsoft Office Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-45464 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-45465 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-45476 Microsoft Azure Network Adapter Elevation of Privilege Vulnerability
Use after free in Linux MANA Driver allows an authorized attacker to elevate privileges locally.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-45482 Microsoft Visual Studio Code CoPilot Chat Extension Security Feature Bypass Vulnerability
Improper limitation of a pathname to a restricted directory ('path traversal') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-45586 Windows Collaborative Translation Framework (CTFMON) Elevation of Privilege Vulnerability
Improper link resolution before file access ('link following') in Windows Collaborative Translation Framework allows an authorized attacker to elevate privileges locally.
vulnerabilitymicrosoft
EPSS 2%
Microsoft MSRC
CVE-2026-45591 ASP.NET Core Denial of Service Vulnerability
Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network.
vulnerability
Microsoft MSRC
CVE-2026-45592 Windows Internet (wininet.dll) Elevation of Privilege Vulnerability
Integer overflow or wraparound in Windows Internet (wininet.dll) allows an authorized attacker to elevate privileges locally.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-45593 Windows SDK Elevation of Privilege Vulnerability
Updated an acknowledgement. This is an informational change only.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-45594 Windows Application Identity (AppID) Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-45604 Windows Managed Installer Information Disclosure Vulnerability
Out-of-bounds read in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally.
vulnerabilitymicrosoft