CVE-2026-42898 - Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) al

CVE-2026-42891 - User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) all

CVE-2026-42838 - Improper neutralization of special elements in output used by a downstream component ('injection') i

CVE-2026-42833 - Execution with unnecessary privileges in Microsoft Dynamics 365 (on-premises) allows an authorized a

CVE-2026-42832 - Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing loca

CVE-2026-42831 - Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code local

CVE-2026-42177 - linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform

CVE-2026-41107 - External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized atta

CVE-2026-41103 - Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluen

CVE-2026-41102 - Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoo

CVE-2026-41101 - Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing l

CVE-2026-41096 - Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code

CVE-2026-41094 - Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an una

CVE-2026-40421 - External control of file name or path in Microsoft Office Word allows an unauthorized attacker to di

CVE-2026-40420 - Improper access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate pr

CVE-2026-40419 - Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

CVE-2026-40418 - Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges

CVE-2026-40416 - User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) all

CVE-2026-40368 - Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to ex

CVE-2026-40367 - Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute co

CVE-2026-40366 - Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-40365 - Insufficient granularity of access control in Microsoft Office SharePoint allows an authorized attac

CVE-2026-40364 - Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an una

CVE-2026-40363 - Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code local

CVE-2026-40362 - Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code

CVE-2026-40361 - Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-40360 - Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information

CVE-2026-40359 - Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-40358 - Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-40357 - Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to ex

CVE-2026-35440 - Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized

CVE-2026-35439 - Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to ex

CVE-2026-35436 - Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized att

CVE-2026-35429 - User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows a

CVE-2026-33821 - Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attac

CVE-2026-33112 - Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to ex

CVE-2026-33110 - Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to ex

CVE-2026-32185 - Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attack

CVE-2026-6093 - Corteza contains a SQL injection vulnerability in its Microsoft SQL Server (MSSQL) backend when filt

CVE-2026-43475 - In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Fix scheduling w

CVE-2026-34327 - Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows a

CVE-2026-33823 - Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over

CVE-2026-33111 - Improper neutralization of special elements used in a command ('command injection') in Copilot Chat

CVE-2026-43572 - OpenClaw versions 2026.4.10 before 2026.4.14 contain a missing authorization vulnerability in the Mi

CVE-2025-58074 - A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Mic

CVE-2026-35431 - Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthoriz

CVE-2026-33819 - Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code

CVE-2026-32210 - Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacke

CVE-2026-32172 - Uncontrolled search path element in Microsoft Power Apps allows an unauthorized attacker to execute

CVE-2026-26150 - Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate p

CVE-2026-24303 - Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privile

CVE-2026-34294 - Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (componen

CVE-2026-40321 - DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft e

CVE-2026-40306 - DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft e

CVE-2026-40305 - DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft e

CVE-2026-4682 - Certain HP DeskJet All in One devices may be vulnerable to remote code execution caused by a buffer

CVE-2026-33825 - Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to el

CVE-2026-33822 - Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information

CVE-2026-33115 - Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-33114 - Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute co

CVE-2026-33103 - Improper access control in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to dis

CVE-2026-33095 - Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-32221 - Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execut

CVE-2026-32219 - Double free in Microsoft Brokering File System allows an authorized attacker to elevate privileges l

CVE-2026-32201 - Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform

CVE-2026-32200 - Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locall

CVE-2026-32199 - Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-32198 - Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-32197 - Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-32190 - Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-32189 - Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-32188 - Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information

CVE-2026-32184 - Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an authori

CVE-2026-32181 - Improper privilege management in Microsoft Windows allows an authorized attacker to deny service loc

CVE-2026-32153 - Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges local

CVE-2026-32091 - Concurrent execution using shared resource with improper synchronization ('race condition') in Micro

CVE-2026-27914 - Improper access control in Microsoft Management Console allows an authorized attacker to elevate pri

CVE-2026-27909 - Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privil

CVE-2026-26181 - Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privilege

CVE-2026-26170 - Improper input validation in Microsoft PowerShell allows an authorized attacker to elevate privilege

CVE-2026-26155 - Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability

CVE-2026-26149 - Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an auth

CVE-2026-26143 - Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a securi

CVE-2026-23657 - Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-20945 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of

CVE-2026-39424 - MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, the chat export fe

CVE-2026-0234 - An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex

CVE-2026-33119 - User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) all

CVE-2026-33118 - Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE-2026-35654 - OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Microsoft Teams feedback

CVE-2026-34721 - Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the OA

CVE-2026-1078 - An arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robotic Automatio

CVE-2026-32186 - Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to elevate priv

CVE-2026-34506 - OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerability in its Microsoft Teams plu

CVE-2026-0898 - An arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robot Studio deve

CVE-2019-25598 - HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers

CVE-2026-32194 - Improper neutralization of special elements used in a command ('command injection') in Microsoft Bin

CVE-2026-32191 - Improper neutralization of special elements used in an os command ('os command injection') in Micros

CVE-2026-26139 - Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate p

CVE-2026-26138 - Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate p

CVE-2026-26137 - Server-side request forgery (ssrf) in Microsoft Exchange allows an authorized attacker to elevate pr

CVE-2026-26136 - Improper neutralization of special elements used in a command ('command injection') in Microsoft Cop

CVE-2026-26120 - Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to perform tamp

CVE-2026-25667 - ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote

CVE-2025-58112 - Microsoft Dynamics 365 Customer Engagement (on-premises) 1612 (9.0.2.3034) allows the generation of

CVE-2026-0385 - Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability

CVE-2025-68623 - In Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0, a low-privilege user can replace an

CVE-2026-26123 - Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized attacker to disclose

CVE-2026-26144 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of

CVE-2026-26134 - Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileg

CVE-2026-26114 - Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to ex

CVE-2026-26113 - Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code lo

CVE-2026-26112 - Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute c

CVE-2026-26110 - Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthor

CVE-2026-26109 - Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally

CVE-2026-26108 - Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code

CVE-2026-26107 - Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-26106 - Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute co

CVE-2026-26105 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of

CVE-2026-25180 - Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attacker to disclose infor

CVE-2026-25169 - Divide by zero in Microsoft Graphics Component allows an unauthorized attacker to deny service local

CVE-2026-25168 - Null pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to deny ser

CVE-2026-25167 - Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privile

CVE-2026-23668 - Concurrent execution using shared resource with improper synchronization ('race condition') in Micro

CVE-2026-21536 - Microsoft Devices Pricing Program Remote Code Execution Vulnerability

CVE-2025-58107 - In Microsoft Exchange through 2019, Exchange ActiveSync (EAS) configurations on on-premises servers

CVE-2026-28215 - hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, an unauthenticate

CVE-2026-2636 - This vulnerability is caused by a CWE‑159: "Improper Handling of Invalid Use of Special Elements" we

CVE-2026-21535 - Improper access control in Microsoft Teams allows an unauthorized attacker to disclose information o

CVE-2026-26030 - Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability i

CVE-2026-2627 - A security flaw has been discovered in Softland FBackup up to 9.9. This impacts an unknown function