CVE Database

108856+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-45458
8.4 HIGH

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

Jun 9, 2026
CVE-2026-45457
7.8 HIGH

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Jun 9, 2026
CVE-2026-45456
8.4 HIGH

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

Jun 9, 2026
CVE-2026-45455
3.3 LOW

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.

Jun 9, 2026
CVE-2026-45454
6.5 MEDIUM

Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Jun 9, 2026
CVE-2026-45453
5.4 MEDIUM

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

Jun 9, 2026
CVE-2026-45447
8.8 HIGH

Issue summary: A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free during PKCS#7 signature verification. Impact summary: A use-after-free may result in …

Jun 9, 2026
CVE-2026-45446
4.8 MEDIUM

Issue summary: The implementations of AES-SIV (RFC 5297) and AES-GCM-SIV (RFC 8452) mishandle the authentication of AAD (Additional Authenticated Data) with an empty ciphertext allowing …

Jun 9, 2026
CVE-2026-45445
7.5 HIGH

Issue summary: When an application drives an AES-OCB context through the public EVP_Cipher() one-shot interface, the application-supplied initialisation vector (IV) is silently discarded. Impact summary: …

Jun 9, 2026
CVE-2026-44824
7.8 HIGH

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Jun 9, 2026
CVE-2026-44823
7.8 HIGH

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Jun 9, 2026
CVE-2026-44822
8.2 HIGH

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.

Jun 9, 2026
CVE-2026-44821
5.5 MEDIUM

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

Jun 9, 2026
CVE-2026-44820
7.8 HIGH

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Jun 9, 2026
CVE-2026-44819
7.8 HIGH

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Jun 9, 2026
CVE-2026-44818
7.0 HIGH

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Jun 9, 2026
CVE-2026-44817
7.8 HIGH

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Jun 9, 2026
CVE-2026-44815
9.8 CRITICAL

Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code over a network.

Jun 9, 2026
CVE-2026-44814
5.5 MEDIUM

Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.

Jun 9, 2026
CVE-2026-44813
7.8 HIGH

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-44812
7.8 HIGH

Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.

Jun 9, 2026
CVE-2026-44811
7.8 HIGH

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-44810
8.4 HIGH

Improper authentication in Windows Cryptographic Services allows an unauthorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-44809
7.8 HIGH

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-44808
7.8 HIGH

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-44807
7.8 HIGH

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-44805
5.5 MEDIUM

Use after free in Windows Network Controller (NC) Host Agent allows an authorized attacker to deny service locally.

Jun 9, 2026
CVE-2026-44804
7.8 HIGH

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-44803
7.8 HIGH

Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.

Jun 9, 2026
CVE-2026-44802
7.8 HIGH

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-44801
7.5 HIGH

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

Jun 9, 2026
CVE-2026-44799
7.5 HIGH

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

Jun 9, 2026
CVE-2026-42993
7.5 HIGH

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

Jun 9, 2026
CVE-2026-42992
7.5 HIGH

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

Jun 9, 2026
CVE-2026-42991
7.8 HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42989
7.8 HIGH

Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42987
8.1 HIGH

Use after free in Windows Deployment Services allows an unauthorized attacker to execute code over a network.

Jun 9, 2026
CVE-2026-42986
7.8 HIGH

Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42985
8.8 HIGH

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

Jun 9, 2026
CVE-2026-42984
7.0 HIGH

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42983
7.8 HIGH

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42981
8.1 HIGH

Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.

Jun 9, 2026
CVE-2026-42980
7.8 HIGH

Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42979
7.8 HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42978
7.8 HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42977
7.8 HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42974
8.1 HIGH

Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.

Jun 9, 2026
CVE-2026-42973
5.5 MEDIUM

Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.

Jun 9, 2026
CVE-2026-42972
5.5 MEDIUM

Exposure of sensitive information to an unauthorized actor in Windows Hyper-V allows an authorized attacker to disclose information locally.

Jun 9, 2026
CVE-2026-42971
5.5 MEDIUM

Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.

Jun 9, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.