CVE Database

36368+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-45636
7.8 HIGH

Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.

Jun 9, 2026
CVE-2026-45635
8.1 HIGH

Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.

Jun 9, 2026
CVE-2026-45607
8.4 HIGH

Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.

Jun 9, 2026
CVE-2026-45605
7.8 HIGH

Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-45603
7.0 HIGH

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-45601
7.0 HIGH

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-45600
7.8 HIGH

Access of resource using incompatible type ('type confusion') in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-45599
8.1 HIGH

Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.

Jun 9, 2026
CVE-2026-45598
7.0 HIGH

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-45597
7.0 HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in UI Automation Manager (uiamanager.dll) allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-45596
7.0 HIGH

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-45593
7.8 HIGH

Use after free in Windows SDK allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-45592
7.8 HIGH

Integer overflow or wraparound in Windows Internet (wininet.dll) allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-45591
7.5 HIGH

Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network.

Jun 9, 2026
CVE-2026-45588
7.9 HIGH

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

Jun 9, 2026
CVE-2026-45586
7.8 HIGH

Improper link resolution before file access ('link following') in Windows Collaborative Translation Framework allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-45583
7.5 HIGH

Improper control of generation of code ('code injection') in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network.

Jun 9, 2026
CVE-2026-45504
8.8 HIGH

Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.

Jun 9, 2026
CVE-2026-45503
8.1 HIGH

Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.

Jun 9, 2026
CVE-2026-45490
7.8 HIGH

Improper authorization in .NET allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-45487
7.8 HIGH

Time-of-check time-of-use (TOCTOU) race condition in Program Compatibility Assistant Service allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-45486
7.8 HIGH

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Jun 9, 2026
CVE-2026-45484
8.8 HIGH

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.

Jun 9, 2026
CVE-2026-45482
8.4 HIGH

Improper limitation of a pathname to a restricted directory ('path traversal') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a …

Jun 9, 2026
CVE-2026-45481
7.3 HIGH

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

Jun 9, 2026
CVE-2026-45476
8.2 HIGH

Use after free in Linux MANA Driver allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-45475
7.8 HIGH

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Jun 9, 2026
CVE-2026-45474
8.4 HIGH

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Jun 9, 2026
CVE-2026-45472
8.4 HIGH

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Jun 9, 2026
CVE-2026-45471
7.8 HIGH

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Jun 9, 2026
CVE-2026-45469
7.8 HIGH

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Jun 9, 2026
CVE-2026-45463
8.4 HIGH

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Jun 9, 2026
CVE-2026-45461
8.4 HIGH

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Jun 9, 2026
CVE-2026-45458
8.4 HIGH

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

Jun 9, 2026
CVE-2026-45457
7.8 HIGH

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Jun 9, 2026
CVE-2026-45456
8.4 HIGH

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

Jun 9, 2026
CVE-2026-45447
8.8 HIGH

Issue summary: A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free during PKCS#7 signature verification. Impact summary: A use-after-free may result in …

Jun 9, 2026
CVE-2026-45445
7.5 HIGH

Issue summary: When an application drives an AES-OCB context through the public EVP_Cipher() one-shot interface, the application-supplied initialisation vector (IV) is silently discarded. Impact summary: …

Jun 9, 2026
CVE-2026-44824
7.8 HIGH

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Jun 9, 2026
CVE-2026-44823
7.8 HIGH

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Jun 9, 2026
CVE-2026-44822
8.2 HIGH

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.

Jun 9, 2026
CVE-2026-44820
7.8 HIGH

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Jun 9, 2026
CVE-2026-44819
7.8 HIGH

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Jun 9, 2026
CVE-2026-44818
7.0 HIGH

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Jun 9, 2026
CVE-2026-44817
7.8 HIGH

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Jun 9, 2026
CVE-2026-44813
7.8 HIGH

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-44812
7.8 HIGH

Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.

Jun 9, 2026
CVE-2026-44811
7.8 HIGH

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-44810
8.4 HIGH

Improper authentication in Windows Cryptographic Services allows an unauthorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-44809
7.8 HIGH

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Jun 9, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.