CVE-2026-44822 - Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information

CVE-2026-44821 - Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information local

CVE-2026-44820 - Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to

CVE-2026-44819 - Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code local

CVE-2026-44818 - Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to

CVE-2026-44817 - Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to

CVE-2026-42986 - Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges l

CVE-2026-42902 - Improper authorization in Microsoft PowerToys allows an authorized attacker to elevate privileges lo

CVE-2026-42835 - Improper neutralization of special elements in output used by a downstream component ('injection') i

CVE-2026-41108 - Heap-based buffer overflow in Microsoft Windows DNS allows an authorized attacker to elevate privile

CVE-2026-41092 - Improper access control in Microsoft Kinect allows an authorized attacker to elevate privileges loca

CVE-2026-40371 - Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 (on-premises)

CVE-2026-33113 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of

CVE-2026-32193 - Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Azure Ku

CVE-2026-48579 - Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose info

CVE-2026-47655 - Exposure of sensitive information to an unauthorized actor in Microsoft Graph allows an authorized a

CVE-2026-47644 - Improper neutralization of special elements in output used by a downstream component ('injection') i

CVE-2026-45497 - Improper neutralization of special elements used in a command ('command injection') in Microsoft Cop

CVE-2025-71316 - SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unico

CVE-2026-49139 - Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft

CVE-2026-47294 - Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to ex

CVE-2026-4387 - StrongDM Desktop Application before 23.74.0 (Desktop Client before 53.77.0) on Microsoft Windows sto

CVE-2026-46139 - In the Linux kernel, the following vulnerability has been resolved: smb: client: use kzalloc to zer

CVE-2026-32996 - This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation.

CVE-2026-46544 - Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.

CVE-2026-46538 - Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.

CVE-2026-46416 - Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.

CVE-2026-46414 - Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.

CVE-2026-46402 - Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.

CVE-2026-45322 - Microsoft UFO open-source framework for intelligent automation across devices and platforms. Microso

CVE-2026-45108 - Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 2.0.0 to befor

CVE-2026-45659 - Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to ex

CVE-2026-42901 - Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges

CVE-2026-41104 - Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an unauthorized attacke

CVE-2026-41090 - Improper neutralization of special elements used in a command ('command injection') in Microsoft Cop

CVE-2026-33843 - Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C all

CVE-2026-23652 - Improper neutralization of special elements used in a command ('command injection') in Microsoft Pow

CVE-2026-45584 - Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code ove

CVE-2026-45498 - Microsoft Defender Denial of Service Vulnerability

CVE-2026-41091 - Improper link resolution before file access ('link following') in Microsoft Defender allows an autho

CVE-2026-45585 - Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as &qu

CVE-2026-45495 - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

CVE-2026-45494 - Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE-2026-45492 - Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypa

CVE-2026-46383 - Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.13.0,

CVE-2026-45539 - Microsoft APM is an open-source, community-driven dependency manager for AI agents. From 0.5.4 to 0.

CVE-2026-44641 - Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.8.12,

CVE-2026-24899 - Fleet is open source device management software. Prior to version 4.82.0, a vulnerability in Fleet's

CVE-2026-42897 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Ex

CVE-2026-41615 - Exposure of sensitive information to an unauthorized actor in Microsoft Authenticator allows an unau

CVE-2026-44503 - The RedirectHandler middleware in microsoft/kiota-java (com.microsoft.kiota:microsoft-kiota-http-okH

CVE-2026-42898 - Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) al

CVE-2026-42891 - User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) all

CVE-2026-42838 - Improper neutralization of special elements in output used by a downstream component ('injection') i

CVE-2026-42833 - Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) al

CVE-2026-42832 - Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing loca

CVE-2026-42831 - Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code local

CVE-2026-42177 - linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform

CVE-2026-41107 - External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized atta

CVE-2026-41103 - Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluen

CVE-2026-41102 - Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoo

CVE-2026-41101 - Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing l

CVE-2026-41096 - Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code

CVE-2026-41094 - Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an una

CVE-2026-40421 - Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized

CVE-2026-40420 - Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

CVE-2026-40419 - Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

CVE-2026-40418 - Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

CVE-2026-40416 - User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) all

CVE-2026-40368 - Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to ex

CVE-2026-40367 - Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an una

CVE-2026-40366 - Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an una

CVE-2026-40365 - Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to ex

CVE-2026-40364 - Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an una

CVE-2026-40363 - Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code local

CVE-2026-40362 - Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-40361 - Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-40360 - Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information

CVE-2026-40359 - Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-40358 - Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code local

CVE-2026-40357 - Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to ex

CVE-2026-35440 - Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized

CVE-2026-35439 - Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to ex

CVE-2026-35436 - Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

CVE-2026-35429 - User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) all

CVE-2026-33821 - Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attac

CVE-2026-33112 - Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to ex

CVE-2026-33110 - Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to ex

CVE-2026-32185 - Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attack

CVE-2026-42316 - kafka-sink-azure-kusto Kafka Connect plugin is the official Microsoft sink for Azure Data Explorer (

CVE-2026-6093 - Corteza contains a SQL injection vulnerability in its Microsoft SQL Server (MSSQL) backend when filt

CVE-2026-43475 - In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Fix scheduling w

CVE-2026-41574 - Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.49.1, Nhost automatica

CVE-2026-34327 - Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows a

CVE-2026-33823 - Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over

CVE-2026-33111 - Improper neutralization of special elements used in a command ('command injection') in Copilot Chat

CVE-2026-43094 - In the Linux kernel, the following vulnerability has been resolved: ixgbevf: add missing negotiate_

CVE-2026-43572 - OpenClaw versions 2026.4.10 before 2026.4.14 contain a missing authorization vulnerability in the Mi

CVE-2025-58074 - A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Mic

CVE-2026-42525 - Jenkins Microsoft Entra ID (previously Azure AD) Plugin 666.v6060de32f87d and earlier does not restr

CVE-2026-35431 - Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthoriz

CVE-2026-33819 - Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code

CVE-2026-32210 - Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacke

CVE-2026-32172 - Uncontrolled search path element in Microsoft Power Apps allows an unauthorized attacker to execute

CVE-2026-26150 - Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate p

CVE-2026-24303 - Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privile

CVE-2026-34294 - Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (componen

CVE-2026-40321 - DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft e

CVE-2026-40306 - DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft e

CVE-2026-40305 - DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft e

CVE-2026-23772 - Dell Storage Manager - Replay Manager for Microsoft Servers, version(s) 8.0, contain(s) an Improper

CVE-2026-4682 - Certain HP DeskJet All in One devices may be vulnerable to remote code execution caused by a buffer

CVE-2026-33825 - Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to el

CVE-2026-33822 - Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information

CVE-2026-33115 - Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-33114 - Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute co

CVE-2026-33103 - Improper access control in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to dis

CVE-2026-33095 - Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-32221 - Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execut

CVE-2026-32219 - Double free in Microsoft Brokering File System allows an authorized attacker to elevate privileges l

CVE-2026-32201 - Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform

CVE-2026-32200 - Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locall

CVE-2026-32199 - Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-32198 - Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-32197 - Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-32190 - Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-32189 - Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-32188 - Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information

CVE-2026-32184 - Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an authori

CVE-2026-32181 - Improper privilege management in Microsoft Windows allows an authorized attacker to deny service loc

CVE-2026-32153 - Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges local

CVE-2026-32091 - Concurrent execution using shared resource with improper synchronization ('race condition') in Micro

CVE-2026-27914 - Improper access control in Microsoft Management Console allows an authorized attacker to elevate pri

CVE-2026-27909 - Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privil

CVE-2026-26181 - Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privilege

CVE-2026-26170 - Improper input validation in Microsoft PowerShell allows an authorized attacker to elevate privilege

CVE-2026-26155 - Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability

CVE-2026-26149 - Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an auth

CVE-2026-26143 - Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a securi

CVE-2026-23657 - Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-20945 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of

CVE-2026-39424 - MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, the chat export fe

CVE-2026-0234 - An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex

CVE-2026-33119 - User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) all

CVE-2026-33118 - Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE-2026-35654 - OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Microsoft Teams feedback

CVE-2026-34721 - Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the OA

CVE-2026-1078 - An arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robotic Automatio

CVE-2026-32186 - Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to elevate priv

CVE-2026-33105 - Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elev

CVE-2026-34397 - Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From versions 2.0.0

CVE-2026-34506 - OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerability in its Microsoft Teams plu

CVE-2026-0898 - An arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robot Studio deve

CVE-2019-25598 - HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers

CVE-2026-32194 - Improper neutralization of special elements used in a command ('command injection') in Microsoft Bin

CVE-2026-32191 - Improper neutralization of special elements used in an os command ('os command injection') in Micros

CVE-2026-26139 - Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate p

CVE-2026-26138 - Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate p

CVE-2026-26137 - Server-side request forgery (ssrf) in Microsoft Exchange allows an authorized attacker to elevate pr

CVE-2026-26136 - Improper neutralization of special elements used in a command ('command injection') in Microsoft Cop

CVE-2026-26120 - Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to perform tamp

CVE-2026-25667 - ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote