VIR Vulnerability Intelligence Relay

Search

Found 697 results in 189ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-47294 high 8.0 8.0 microsoft 2d ago Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-42899 high 7.5 7.5 FIX rhelmacos macos linux-kernel microsoft 8d ago Important: .NET 9.0 security update
CVE-2026-35430 high 8.8 8.8 windows windows microsoft 12d ago Authorization bypass through user-controlled key in Azure Privileged Identity Management (PIM) allows an authorized attacker to elevate privileges over a network.
CVE-2026-26147 high 7.7 7.7 windows windows microsoft 12d ago Improper input validation in Azure Compute Gallery allows an authorized attacker to disclose information over a network.
CVE-2026-23663 high 7.5 7.5 windows windows microsoft 12d ago Improper privilege management in Azure Entra ID allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-45659 high 8.8 8.8 windows windows microsoft 12d ago Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-45584 high 8.1 8.1 windows windows microsoft 14d ago Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network.
CVE-2026-42834 high 7.8 7.8 windows windows microsoft 14d ago Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
CVE-2026-41091 high 7.8 9.3 KEV windows windows microsoft 14d ago Microsoft Defender contains a link following vulnerability that allows an authorized attacker to elevate privileges locally.
CVE-2026-45495 high 8.8 8.8 windows windows microsoft 16d ago Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2026-42897 high 8.1 9.6 KEV windows windows microsoft 20d ago Microsoft Exchange Server contains a cross-site scripting vulnerability during web page generation in Outlook Web Access and when certain interaction conditions are met, arbitrary JavaScript can be e…
CVE-2026-42893 high 7.4 7.4 windows windows microsoft 22d ago Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to perform tampering over a network.
CVE-2026-42832 high 7.7 7.7 windows windows microsoft 22d ago Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.
CVE-2026-42831 high 7.8 7.8 windows windows microsoft 22d ago Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-41613 high 8.8 8.8 windows windows microsoft 22d ago Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-41611 high 7.8 7.8 windows windows microsoft 22d ago Improper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthorized attacker to execute code locally.
CVE-2026-41109 high 8.8 8.8 windows windows microsoft 22d ago Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature ove…
CVE-2026-41107 high 7.4 7.4 windows windows microsoft 22d ago External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.
CVE-2026-41102 high 7.1 7.1 windows windows microsoft 22d ago Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally.
CVE-2026-41101 high 7.1 7.1 windows windows microsoft 22d ago Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.
CVE-2026-41094 high 8.8 8.8 windows windows microsoft 22d ago Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network.
CVE-2026-41086 high 8.8 8.8 windows windows microsoft 22d ago Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
CVE-2026-40420 high 8.8 8.8 windows windows microsoft 22d ago Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
CVE-2026-40419 high 7.8 7.8 windows windows microsoft 22d ago Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
CVE-2026-40418 high 7.8 7.8 windows windows microsoft 22d ago Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
CVE-2026-40417 high 7.8 7.8 windows windows microsoft 22d ago Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally.
CVE-2026-40381 high 7.8 7.8 windows windows microsoft 22d ago Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-40368 high 8.0 8.0 windows windows microsoft 22d ago Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-40367 high 8.4 8.4 windows windows microsoft 22d ago Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-40366 high 8.4 8.4 windows windows microsoft 22d ago Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-40365 high 8.8 8.8 windows windows microsoft 22d ago Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-40364 high 8.4 8.4 windows windows microsoft 22d ago Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-40363 high 8.4 8.4 windows windows microsoft 22d ago Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-40362 high 7.8 7.8 windows windows microsoft 22d ago Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-40361 high 8.4 8.4 windows windows microsoft 22d ago Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-40360 high 7.8 7.8 windows windows microsoft 22d ago Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-40359 high 7.8 7.8 windows windows microsoft 22d ago Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-40358 high 8.4 8.4 windows windows microsoft 22d ago Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-40357 high 8.8 8.8 windows windows microsoft 22d ago Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-35439 high 8.8 8.8 windows windows microsoft 22d ago Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-35438 high 8.3 8.3 windows windows microsoft 22d ago Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
CVE-2026-35436 high 8.8 8.8 windows windows microsoft 22d ago Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
CVE-2026-33833 high 8.2 8.2 windows windows microsoft 22d ago Improper neutralization of special elements in output used by a downstream component ('injection') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-33821 high 7.7 7.7 windows windows microsoft 22d ago Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network.
CVE-2026-33112 high 8.8 8.8 windows windows microsoft 22d ago Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-33110 high 8.8 8.8 windows windows microsoft 22d ago Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-32204 high 7.8 7.8 windows windows microsoft 22d ago External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-41105 high 8.1 8.1 windows windows microsoft 27d ago Server-side request forgery (ssrf) in Azure Notification Service allows an authorized attacker to elevate privileges over a network.
CVE-2026-35435 high 8.6 8.6 windows windows microsoft 27d ago Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-34327 high 8.2 8.2 windows windows microsoft 27d ago Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-33111 high 7.5 7.5 windows windows microsoft 27d ago Improper neutralization of special elements used in a command ('command injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network.
CVE-2026-32207 high 8.8 8.8 windows windows microsoft 27d ago Improper neutralization of input during web page generation ('cross-site scripting') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-26164 high 7.5 7.5 windows windows microsoft 27d ago Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-26129 high 7.5 7.5 windows windows microsoft 27d ago Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-32952 high 7.5 7.5 debian debian microsoft 1mo ago go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash a…
CVE-2026-32172 high 8.0 8.0 microsoft 1mo ago Uncontrolled search path element in Microsoft Power Apps allows an unauthorized attacker to execute code over a network.
CVE-2026-26150 high 8.6 8.6 microsoft 1mo ago Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-41134 high 7.8 7.8 microsoft 1mo ago Kiota: Code Generation Literal Injection
CVE-2026-33116 high 7.5 7.5 rhel linux-kernelmacos macos microsoft 2mo ago Important: .NET 10.0 security update
CVE-2026-32203 high 7.5 7.5 rhel linux-kernelmacos macos microsoft 2mo ago Important: .NET 10.0 security update
CVE-2026-32178 high 7.5 7.5 rhel linux-kernelmacos macos microsoft 2mo ago Important: .NET 10.0 security update
CVE-2026-26171 high 7.5 7.5 rhel linux-kernelmacos macos microsoft 2mo ago Important: .NET 10.0 security update
CVE-2026-33120 high 8.8 8.8 microsoft 2mo ago Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.
CVE-2026-33115 high 8.4 8.4 microsoft 2mo ago Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-33114 high 8.4 8.4 microsoft 2mo ago Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-33095 high 7.8 7.8 microsoft 2mo ago Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-32200 high 7.8 7.8 microsoft 2mo ago Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
CVE-2026-32199 high 7.8 7.8 microsoft 2mo ago Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-32198 high 7.8 7.8 microsoft 2mo ago Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-32197 high 7.8 7.8 microsoft 2mo ago Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-32192 high 7.8 7.8 microsoft 2mo ago Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-32190 high 8.4 8.4 microsoft 2mo ago Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-32189 high 7.8 7.8 microsoft 2mo ago Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-32188 high 7.1 7.1 microsoft 2mo ago Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-32184 high 7.8 7.8 microsoft 2mo ago Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an authorized attacker to elevate privileges locally.
CVE-2026-32171 high 8.8 8.8 microsoft 2mo ago Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.
CVE-2026-32168 high 7.8 7.8 microsoft 2mo ago Improper input validation in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-32157 high 8.8 8.8 FIX windows windows microsoft 2mo ago Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-26143 high 7.8 7.8 microsoft 2mo ago Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-23666 high 7.5 7.5 windows windows microsoft 2mo ago Improper input validation in .NET Framework allows an unauthorized attacker to deny service over a network.
CVE-2026-23657 high 7.8 7.8 microsoft 2mo ago Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-26134 high 7.8 7.8 microsoft 3mo ago Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileges locally.
CVE-2026-26110 high 7.8 7.8 microsoft 3mo ago Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-24285 high 7.0 7.0 FIX windows windows microsoft 3mo ago Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally.
CVE-2025-62557 high 7.8 7.8 microsoft 6mo ago Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-62554 high 7.8 7.8 microsoft 6mo ago Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-62199 high 7.8 7.8 microsoft 7mo ago Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-59234 high 7.8 7.8 microsoft 8mo ago Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-59227 high 7.8 7.8 microsoft 8mo ago Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-53732 high 7.8 7.8 microsoft 10mo ago Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-49702 high 7.8 7.8 microsoft 11mo ago Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-49697 high 8.4 8.4 microsoft 11mo ago Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-49696 high 8.4 8.4 microsoft 11mo ago Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-49695 high 8.4 8.4 microsoft 11mo ago Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-47953 high 8.4 8.4 microsoft 1y ago Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-47167 high 8.4 8.4 microsoft 1y ago Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-47164 high 8.4 8.4 microsoft 1y ago Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-47162 high 8.4 8.4 microsoft 1y ago Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-30388 high 7.8 7.8 FIX windows windows microsoft 1y ago Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.
CVE-2025-30386 high 7.8 7.8 microsoft 1y ago Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.