Latest CVE Vulnerabilities

7.8 HIGH

CVE-2026-45586 — Windows Collaborative Translation Framework (CTFMON) Elevation of Privilege Vulnerability

Improper link resolution before file access ('link following') in Windows Collaborative Translation Framework allows an authorized attacker to elevate privileges locally.

windows_10 windows_server_2012 windows_server_2016 windows_server_2019 windows_server_2022 windows_11 +1 more

Jun 09, 2026 Jun 09, 2026

Jun 09, 2026

7.5 HIGH

CVE-2026-45583 — Microsoft Exchange Server Remote Code Execution Vulnerability

Improper control of generation of code ('code injection') in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network.

Jun 09, 2026 Jun 09, 2026

Jun 09, 2026

8.8 HIGH

CVE-2026-45504 — Microsoft Exchange Server Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.

Jun 09, 2026 Jun 09, 2026

Jun 09, 2026

8.1 HIGH

CVE-2026-45503 — Microsoft Exchange Server Information Disclosure Vulnerability

Improper authorization in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.

Jun 09, 2026 Jun 09, 2026

Jun 09, 2026

5.0 MEDIUM

CVE-2026-45502 — Microsoft Exchange Server Information Disclosure Vulnerability

Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.

Jun 09, 2026 Jun 09, 2026

Jun 09, 2026

6.5 MEDIUM

CVE-2026-45501 — Microsoft Exchange Server Spoofing Vulnerability

Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to perform spoofing over a network.

Jun 09, 2026 Jun 09, 2026

Jun 09, 2026

6.1 MEDIUM

CVE-2026-45500 — Microsoft Exchange Server Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

Jun 09, 2026 Jun 09, 2026

Jun 09, 2026

6.2 MEDIUM

CVE-2026-45491 — .NET Tampering Vulnerability

Improper link resolution before file access ('link following') in .NET allows an unauthorized attacker to perform tampering locally.

Jun 09, 2026 Jun 09, 2026

Jun 09, 2026

7.8 HIGH

CVE-2026-45490 — .NET SDK Elevation of Privilege Vulnerability

Improper authorization in .NET allows an authorized attacker to elevate privileges locally.

Jun 09, 2026 Jun 09, 2026

Jun 09, 2026

7.8 HIGH

CVE-2026-45487 — Windows Program Compatibility Assistant Service Elevation of Privilege Vulnerability

Time-of-check time-of-use (TOCTOU) race condition in Program Compatibility Assistant Service allows an authorized attacker to elevate privileges locally.

windows_10 windows_server_2022 windows_11 windows_server_2025

Jun 09, 2026 Jun 09, 2026

Jun 09, 2026

7.8 HIGH

CVE-2026-45486 — Microsoft Word Remote Code Execution Vulnerability

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Jun 09, 2026 Jun 09, 2026

Jun 09, 2026

3.3 LOW

CVE-2026-45485 — Microsoft Office Information Disclosure Vulnerability

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

sharepoint_enterprise_server_2016 office_2016 sharepoint_server_2019 office_2019

Jun 09, 2026 Jun 09, 2026

Jun 09, 2026

8.8 HIGH

CVE-2026-45484 — Microsoft SharePoint Elevation of Privilege Vulnerability

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.

sharepoint_enterprise_server_2016 sharepoint_server_2019

Jun 09, 2026 Jun 09, 2026

Jun 09, 2026

4.6 MEDIUM

CVE-2026-45483 — Microsoft Office Project Server Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Project Server allows an authorized attacker to perform spoofing over a network.

sharepoint_enterprise_server_2016 sharepoint_server_2019

Jun 09, 2026 Jun 09, 2026

Jun 09, 2026

8.4 HIGH

CVE-2026-45482 — Microsoft Visual Studio Code CoPilot Chat Extension Security Feature Bypass Vulnerability

Improper limitation of a pathname to a restricted directory ('path traversal') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.

visual_studio_code_copilot_chat_extension

Jun 09, 2026 Jun 09, 2026

Jun 09, 2026

7.3 HIGH

CVE-2026-45481 — Microsoft SharePoint Server Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

sharepoint_enterprise_server_2016 sharepoint_server_2019

Jun 09, 2026 Jun 09, 2026

Jun 09, 2026

4.6 MEDIUM

CVE-2026-45479 — Microsoft SharePoint Server Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

sharepoint_enterprise_server_2016 sharepoint_server_2019

Jun 09, 2026 Jun 09, 2026

Jun 09, 2026

8.2 HIGH

CVE-2026-45476 — Microsoft Azure Network Adapter Elevation of Privilege Vulnerability

Use after free in Linux MANA Driver allows an authorized attacker to elevate privileges locally.

Jun 09, 2026 Jun 09, 2026

Jun 09, 2026

7.8 HIGH

CVE-2026-45475 — Microsoft Office Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

sharepoint_enterprise_server_2016 office_2016 sharepoint_server_2019 office_2019

Jun 09, 2026 Jun 09, 2026

Jun 09, 2026

8.4 HIGH

CVE-2026-45474 — Microsoft Office Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

office_2016 office_2019

Jun 09, 2026 Jun 09, 2026

Jun 09, 2026

Browse by Apps

Latest CVE Feed

Cookie Preferences