CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-47638
Medium

Microsoft Office SharePoint has improper neutralization of input during web page generation, leading to a cross-site scripting vulnerability. An authorized attacker can exploit this flaw to perform spoofing over a network.

CVE-2026-47637
Medium

Microsoft Office SharePoint has an improper neutralization of input during web page generation, leading to a cross-site scripting vulnerability. An authorized attacker can exploit this flaw to perform spoofing over a network.

CVE-2026-47636
Medium

A Cross-Site Scripting (XSS) vulnerability in Microsoft Office SharePoint allows an unauthorized attacker to inject malicious script into a web page. This can lead to spoofing attacks and session hijacking.

CVE-2026-47287
Medium

Visual Studio Code has a relative path traversal vulnerability that allows an unauthorized attacker to tamper with data over a network.

CVE-2026-47284
Medium

Visual Studio Code has a vulnerability that allows an unauthorized attacker to disclose sensitive information over a network.

CVE-2026-45655
Medium

A protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

CVE-2026-45650
Medium

The user interface misrepresentation of critical information in Microsoft Bing allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-45647
Medium

A time-of-check time-of-use (TOCTOU) race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.

CVE-2026-45634
Medium

An out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.

CVE-2026-45608
Medium

An out-of-bounds read vulnerability in the Windows DHCP Client allows an unauthorized attacker to disclose information locally. This flaw can be exploited to leak sensitive data from system memory.

CVE-2026-45606
Medium

An out-of-bounds read in the Microsoft UxTheme Library (uxtheme.dll) allows an authorized attacker to locally deny service.

CVE-2026-45604
Medium

An out-of-bounds read in the Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally.

CVE-2026-45595
Medium

Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network.

CVE-2026-45594
Medium

A vulnerability in the Windows Application Identity (AppID) Subsystem allows an unauthorized attacker to disclose sensitive information locally.

CVE-2026-45502
Medium

A server-side request forgery (SSRF) vulnerability in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.

CVE-2026-45501
Medium

A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Exchange Server allows an authorized attacker to perform spoofing over a network. This flaw can be exploited to send unauthorized requests to internal network resources.

CVE-2026-45500
Medium

Microsoft Exchange Server has improper neutralization of input during web page generation, leading to cross-site scripting (XSS) vulnerabilities. An attacker can exploit this flaw to perform spoofing over a network.

CVE-2026-45491
Medium

Improper link resolution before file access in .NET allows an unauthorized attacker to perform tampering locally.

CVE-2026-45483
Medium

Microsoft Office Project Server has improper neutralization of input during web page generation, leading to cross-site scripting (XSS) vulnerabilities. This allows an authorized attacker to perform spoofing over a network.

CVE-2026-45479
Medium

Microsoft Office SharePoint has improper neutralization of input during web page generation, leading to a cross-site scripting vulnerability. An authorized attacker can exploit this flaw to perform spoofing over a network.

PreviousPage 150 of 560Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS