CVE-2026-49451 - The OpenAPI.NET SDK contains a useful object model for OpenAPI documents in .NET along with common s

CVE-2025-59868 - HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a sensitive data exposure vulnerability

CVE-2023-37524 - HCL Traveler for Microsoft Outlook (HTMO) is susceptible to vulnerabilities due to .NET Framework 4.

CVE-2024-23581 - The HCL Traveler for Microsoft Outlook libraries are being flagged as potentially malicious software

CVE-2026-45677 - Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8

CVE-2026-56351 - n8n before version 2.4.0 contains a sql injection vulnerability in MySQL, PostgreSQL, and Microsoft

CVE-2026-56270 - Flowise before 3.1.0 (versions 3.0.13 and earlier) contains a missing authentication vulnerability i

CVE-2026-47693 - Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4

CVE-2026-54308 - n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, the MicrosoftAgent36

CVE-2026-54312 - n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with perm

CVE-2026-54303 - n8n is an open source workflow automation platform. Prior to 2.24.0, an endpoint in the Meta and Mic

CVE-2026-48582 - Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileg

CVE-2026-47645 - Url redirection to untrusted site ('open redirect') in Microsoft 365 Copilot's Business Chat allows

CVE-2026-42895 - Improper neutralization of special elements used in a command ('command injection') in Microsoft Cop

CVE-2026-32208 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Ed

CVE-2026-49336 - @microsoft/kiota-http-fetchlibrary provides TypeScript libraries for Kiota-generated API clients. In

CVE-2025-62821 - Microsoft HEIF Image Extensions 1.2.22.0 has an out-of-bounds read because CHEIFItemInfoEntry_GetDat

CVE-2026-47647 - Improper access control in Microsoft Dynamics 365 allows an authorized attacker to elevate privilege

CVE-2026-50656 - Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Micros

CVE-2024-24909 - Dell OpenManage Integration with Microsoft Windows Admin Center contains a Remote Code Execution vul

CVE-2026-8863 - Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker wit

CVE-2026-50512 - Improper link resolution before file access ('link following') in Microsoft PC Manager allows an aut

CVE-2026-50511 - Improper link resolution before file access ('link following') in Microsoft PC Manager allows an aut

CVE-2026-49161 - Improper access control in Microsoft PC Manager allows an authorized attacker to bypass a security f

CVE-2026-48562 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of

CVE-2026-48560 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of

CVE-2026-47641 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of

CVE-2026-47640 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of

CVE-2026-47639 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of

CVE-2026-47638 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of

CVE-2026-47637 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of

CVE-2026-47636 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of

CVE-2026-47635 - Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthor

CVE-2026-47634 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of

CVE-2026-47631 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Ex

CVE-2026-47298 - Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code

CVE-2026-47293 - Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges

CVE-2026-45650 - User interface (ui) misrepresentation of critical information in Microsoft Bing allows an unauthoriz

CVE-2026-45647 - Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Endpoint allows an autho

CVE-2026-45645 - Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code local

CVE-2026-45644 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Li

CVE-2026-45643 - Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute co

CVE-2026-45642 - Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Servi

CVE-2026-45606 - Out-of-bounds read in Microsoft UxTheme Library (uxtheme.dll) allows an authorized attacker to deny

CVE-2026-45583 - Improper control of generation of code ('code injection') in Microsoft Exchange Server allows an una

CVE-2026-45504 - Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to ele

CVE-2026-45503 - Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to dis

CVE-2026-45502 - Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to dis

CVE-2026-45501 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Ex

CVE-2026-45500 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Ex

CVE-2026-45486 - Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute co

CVE-2026-45485 - Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information local

CVE-2026-45484 - Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to el

CVE-2026-45483 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of

CVE-2026-45481 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of

CVE-2026-45479 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of

CVE-2026-45475 - Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code local

CVE-2026-45474 - Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code local

CVE-2026-45472 - Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code local

CVE-2026-45471 - Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute co

CVE-2026-45469 - Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to

CVE-2026-45468 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of

CVE-2026-45467 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of

CVE-2026-45466 - Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to disclose info

CVE-2026-45465 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of

CVE-2026-45464 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of

CVE-2026-45463 - Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code local

CVE-2026-45462 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of

CVE-2026-45461 - Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code local

CVE-2026-45460 - Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information local

CVE-2026-45459 - Protection mechanism failure in Microsoft Office Excel allows an unauthorized attacker to bypass a s

CVE-2026-45458 - Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthor

CVE-2026-45457 - Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute co

CVE-2026-45456 - Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthor

CVE-2026-45455 - Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information

CVE-2026-45454 - Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office S

CVE-2026-45453 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of

CVE-2026-44824 - Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code local

CVE-2026-44823 - Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to

CVE-2026-44822 - Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information

CVE-2026-44821 - Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information local

CVE-2026-44820 - Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to

CVE-2026-44819 - Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code local

CVE-2026-44818 - Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to

CVE-2026-44817 - Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to

CVE-2026-42986 - Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges l

CVE-2026-42902 - Improper authorization in Microsoft PowerToys allows an authorized attacker to elevate privileges lo

CVE-2026-42835 - Improper neutralization of special elements in output used by a downstream component ('injection') i

CVE-2026-41108 - Heap-based buffer overflow in Microsoft Windows DNS allows an authorized attacker to elevate privile

CVE-2026-41092 - Improper access control in Microsoft Kinect allows an authorized attacker to elevate privileges loca

CVE-2026-40371 - Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 (on-premises)

CVE-2026-33113 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of

CVE-2026-32193 - Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Azure Ku

CVE-2026-48579 - Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose info

CVE-2026-47655 - Exposure of sensitive information to an unauthorized actor in Microsoft Graph allows an authorized a

CVE-2026-47644 - Improper neutralization of special elements in output used by a downstream component ('injection') i

CVE-2026-45497 - Improper neutralization of special elements used in a command ('command injection') in Microsoft Cop

CVE-2025-71316 - SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unico

CVE-2026-49139 - Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft

CVE-2026-47294 - Improper neutralization of special elements used in an os command ('os command injection') in Micros

CVE-2026-4387 - StrongDM Desktop Application before 23.74.0 (Desktop Client before 53.77.0) on Microsoft Windows sto

CVE-2026-46139 - In the Linux kernel, the following vulnerability has been resolved: smb: client: use kzalloc to zer

CVE-2026-32996 - This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation.

CVE-2026-46544 - Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.

CVE-2026-46538 - Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.

CVE-2026-46416 - Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.

CVE-2026-46414 - Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.

CVE-2026-46402 - Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.

CVE-2026-45322 - Microsoft UFO open-source framework for intelligent automation across devices and platforms. Microso

CVE-2026-45108 - Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 2.0.0 to befor

CVE-2026-45659 - Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to ex

CVE-2026-42901 - Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges

CVE-2026-41104 - Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an unauthorized attacke

CVE-2026-41090 - Improper neutralization of special elements used in a command ('command injection') in Microsoft Cop

CVE-2026-33843 - Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C all

CVE-2026-23652 - Improper neutralization of special elements used in a command ('command injection') in Microsoft Pow

CVE-2026-45584 - Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code ove

CVE-2026-45498 - Microsoft Defender Denial of Service Vulnerability

CVE-2026-41091 - Improper link resolution before file access ('link following') in Microsoft Defender allows an autho

CVE-2026-45585 - Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as &qu

CVE-2026-45495 - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

CVE-2026-45494 - Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE-2026-45492 - Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypa

CVE-2026-46383 - Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.13.0,

CVE-2026-45539 - Microsoft APM is an open-source, community-driven dependency manager for AI agents. From 0.5.4 to 0.

CVE-2026-44641 - Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.8.12,

CVE-2026-24899 - Fleet is open source device management software. Prior to version 4.82.0, a vulnerability in Fleet's

CVE-2026-42897 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Ex

CVE-2026-41615 - Exposure of sensitive information to an unauthorized actor in Microsoft Authenticator allows an unau

CVE-2026-44503 - The RedirectHandler middleware in microsoft/kiota-java (com.microsoft.kiota:microsoft-kiota-http-okH

CVE-2026-42898 - Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) al

CVE-2026-42891 - User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) all

CVE-2026-42838 - Improper neutralization of special elements in output used by a downstream component ('injection') i

CVE-2026-42833 - Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) al

CVE-2026-42832 - Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing loca

CVE-2026-42831 - Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code local

CVE-2026-42177 - linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform

CVE-2026-41107 - External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized atta

CVE-2026-41103 - Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluen

CVE-2026-41102 - Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoo

CVE-2026-41101 - Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing l

CVE-2026-41096 - Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code

CVE-2026-41094 - Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an una

CVE-2026-40421 - Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized

CVE-2026-40420 - Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

CVE-2026-40419 - Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

CVE-2026-40418 - Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

CVE-2026-40416 - User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) all

CVE-2026-40368 - Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to ex

CVE-2026-40367 - Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an una

CVE-2026-40366 - Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an una

CVE-2026-40365 - Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to ex

CVE-2026-40364 - Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an una

CVE-2026-40363 - Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code local

CVE-2026-40362 - Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-40361 - Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-40360 - Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information

CVE-2026-40359 - Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-40358 - Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code local

CVE-2026-40357 - Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to ex

CVE-2026-35440 - Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized

CVE-2026-35439 - Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to ex

CVE-2026-35436 - Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

CVE-2026-35429 - User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) all

CVE-2026-33821 - Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attac

CVE-2026-33112 - Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to ex

CVE-2026-33110 - Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to ex

CVE-2026-32185 - Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attack

CVE-2026-42316 - kafka-sink-azure-kusto Kafka Connect plugin is the official Microsoft sink for Azure Data Explorer (

CVE-2026-6093 - Corteza contains a SQL injection vulnerability in its Microsoft SQL Server (MSSQL) backend when filt

CVE-2026-43475 - In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Fix scheduling w

CVE-2026-41574 - Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.49.1, Nhost automatica

CVE-2026-34327 - Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows a

CVE-2026-33823 - Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over

CVE-2026-33111 - Improper neutralization of special elements used in a command ('command injection') in Copilot Chat

CVE-2026-43094 - In the Linux kernel, the following vulnerability has been resolved: ixgbevf: add missing negotiate_

CVE-2026-43572 - OpenClaw versions 2026.4.10 before 2026.4.14 contain a missing authorization vulnerability in the Mi

CVE-2025-58074 - A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Mic

CVE-2026-42525 - Jenkins Microsoft Entra ID (previously Azure AD) Plugin 666.v6060de32f87d and earlier does not restr

CVE-2026-35431 - Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthoriz

CVE-2026-33819 - Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code

CVE-2026-32210 - Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacke

CVE-2026-32172 - Uncontrolled search path element in Microsoft Power Apps allows an unauthorized attacker to execute

CVE-2026-26150 - Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate p

CVE-2026-24303 - Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privile

CVE-2026-34294 - Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (componen

CVE-2026-40321 - DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft e

CVE-2026-40306 - DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft e

CVE-2026-40305 - DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft e

CVE-2026-23772 - Dell Storage Manager - Replay Manager for Microsoft Servers, version(s) 8.0, contain(s) an Improper

CVE-2026-4682 - Certain HP DeskJet All in One devices may be vulnerable to remote code execution caused by a buffer

CVE-2026-33825 - Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to el

CVE-2026-33822 - Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information

CVE-2026-33115 - Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-33114 - Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute co

CVE-2026-33103 - Improper access control in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to dis

CVE-2026-33095 - Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-32221 - Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execut

CVE-2026-32219 - Double free in Microsoft Brokering File System allows an authorized attacker to elevate privileges l

CVE-2026-32201 - Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform

CVE-2026-32200 - Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locall

CVE-2026-32199 - Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-32198 - Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-32197 - Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-32190 - Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-32189 - Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-32188 - Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information

CVE-2026-32184 - Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an authori

CVE-2026-32181 - Improper privilege management in Microsoft Windows allows an authorized attacker to deny service loc

CVE-2026-32153 - Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges local

CVE-2026-32091 - Concurrent execution using shared resource with improper synchronization ('race condition') in Micro

CVE-2026-27914 - Improper access control in Microsoft Management Console allows an authorized attacker to elevate pri

CVE-2026-27909 - Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privil

CVE-2026-26181 - Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privilege

CVE-2026-26170 - Improper input validation in Microsoft PowerShell allows an authorized attacker to elevate privilege

CVE-2026-26155 - Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability

CVE-2026-26149 - Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an auth

CVE-2026-26143 - Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a securi

CVE-2026-23657 - Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-20945 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of

CVE-2026-39424 - MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, the chat export fe

CVE-2026-0234 - An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex

CVE-2026-33119 - User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) all

CVE-2026-33118 - User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) all

CVE-2026-35654 - OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Microsoft Teams feedback

CVE-2026-34721 - Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the OA

CVE-2026-1078 - An arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robotic Automatio

CVE-2026-32186 - Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to elevate priv

CVE-2026-33105 - Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elev