CVE-2026-32187 - Microsoft Edge (Chromium-based) Defense in Depth Vulnerability

CVE-2026-0898 - An arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robot Studio deve

CVE-2019-25598 - HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers

CVE-2026-32194 - Improper neutralization of special elements used in a command ('command injection') in Microsoft Bin

CVE-2026-32191 - Improper neutralization of special elements used in an os command ('os command injection') in Micros

CVE-2026-26139 - Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate p

CVE-2026-26138 - Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate p

CVE-2026-26137 - Server-side request forgery (ssrf) in Microsoft Exchange allows an authorized attacker to elevate pr

CVE-2026-26136 - Improper neutralization of special elements used in a command ('command injection') in Microsoft Cop

CVE-2026-26120 - Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to perform tamp

CVE-2026-25667 - ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote

CVE-2025-58112 - Microsoft Dynamics 365 Customer Engagement (on-premises) 1612 (9.0.2.3034) allows the generation of

CVE-2026-0385 - Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability

CVE-2025-68623 - In Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0, a low-privilege user can replace an

CVE-2026-26123 - Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized attacker to disclose

CVE-2026-26144 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of

CVE-2026-26134 - Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileg

CVE-2026-26114 - Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to ex

CVE-2026-26113 - Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code lo

CVE-2026-26112 - Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute c

CVE-2026-26110 - Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthor

CVE-2026-26109 - Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally

CVE-2026-26108 - Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code

CVE-2026-26107 - Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-26106 - Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute co

CVE-2026-26105 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of

CVE-2026-25180 - Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attacker to disclose infor

CVE-2026-25169 - Divide by zero in Microsoft Graphics Component allows an unauthorized attacker to deny service local

CVE-2026-25168 - Null pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to deny ser

CVE-2026-25167 - Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privile

CVE-2026-23668 - Concurrent execution using shared resource with improper synchronization ('race condition') in Micro

CVE-2026-21536 - Microsoft Devices Pricing Program Remote Code Execution Vulnerability

CVE-2025-58107 - In Microsoft Exchange through 2019, Exchange ActiveSync (EAS) configurations on on-premises servers

CVE-2026-28215 - hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, an unauthenticate

CVE-2026-2636 - This vulnerability is caused by a CWE‑159: "Improper Handling of Invalid Use of Special Elements" we

CVE-2026-21535 - Improper access control in Microsoft Teams allows an unauthorized attacker to disclose information o

CVE-2026-26030 - Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability i

CVE-2026-2627 - A security flaw has been discovered in Softland FBackup up to 9.9. This impacts an unknown function

CVE-2026-21537 - Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows an

CVE-2026-21527 - User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an

CVE-2026-21514 - Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized

CVE-2026-21511 - Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to per

CVE-2026-21261 - Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information

CVE-2026-21260 - Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an una

CVE-2026-21259 - Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate priv

CVE-2026-21258 - Improper input validation in Microsoft Office Excel allows an unauthorized attacker to disclose info

CVE-2026-21246 - Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate

CVE-2026-21235 - Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges l

CVE-2026-25592 - Semantic Kernel is an SDK used to build, orchestrate, and deploy AI agents and multi-agent systems.

CVE-2026-0391 - User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows a

CVE-2026-0948 - Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Microsoft Entra ID

CVE-2026-24838 - DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft e

CVE-2026-24837 - DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft e

CVE-2026-24836 - DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft e

CVE-2026-24833 - DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft e

CVE-2026-24784 - DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft e

CVE-2026-21509 - Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attac

CVE-2026-21264 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Ac

CVE-2026-23873 - hustoj is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. A

CVE-2026-21223 - Improper privilege management in Microsoft Edge (Chromium-based) allows an authorized attacker to by

CVE-2026-20960 - Improper authorization in Microsoft Power Apps allows an authorized attacker to execute code over a

CVE-2025-61973 - A local privilege escalation vulnerability exists during the installation of Epic Games Store via th

CVE-2026-21265 - Windows Secure Boot stores Microsoft certificates in the UEFI KEK and DB. These original certificate

CVE-2026-20963 - Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to ex

CVE-2026-20959 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of

CVE-2026-20958 - Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to d

CVE-2026-20957 - Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to

CVE-2026-20956 - Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute c

CVE-2026-20955 - Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute c

CVE-2026-20953 - Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-20952 - Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-20951 - Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to execute

CVE-2026-20950 - Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-20949 - Improper access control in Microsoft Office Excel allows an unauthorized attacker to bypass a securi

CVE-2026-20948 - Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute co

CVE-2026-20947 - Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Of

CVE-2026-20946 - Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally

CVE-2026-20944 - Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-20943 - Untrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-20822 - Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges l

CVE-2025-62224 - User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows a

CVE-2025-9611 - Microsoft Playwright MCP Server versions prior to 0.0.40 fails to validate the Origin header on inco