CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.10)
Microsoft Office SharePoint has an improper neutralization of input during web page generation, leading to a cross-site scripting vulnerability. An authorized attacker can exploit this flaw to perform spoofing over a network.
Microsoft Office SharePoint has improper neutralization of input during web page generation, leading to a cross-site scripting vulnerability. An authorized attacker can exploit this flaw to perform spoofing over a network.
A cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint allows an unauthorized attacker to inject malicious script into a web page. The attack can lead to spoofing or session hijacking.
A cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. The flaw is due to improper neutralization of input during web page generation.
Microsoft Office SharePoint has improper neutralization of input during web page generation, leading to a cross-site scripting (XSS) vulnerability. An authorized attacker can exploit this flaw to perform spoofing over a network.
A buffer over-read vulnerability in Microsoft Office allows an unauthorized attacker to disclose information locally. The issue occurs when reading data beyond the allowed memory region.
Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
A cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint allows an unauthorized attacker to inject malicious script into a generated web page. The attack can lead to spoofing or session hijacking.
The implementations of AES-SIV (RFC 5297) and AES-GCM-SIV (RFC 8452) mishandle the authentication of AAD (Additional Authenticated Data) with an empty ciphertext allowing a forgery of such messages.
An out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
An out-of-bounds read in the Windows DWM Core Library allows an authorized attacker to disclose information locally.
Use after free in Windows Network Controller (NC) Host Agent allows an authorized attacker to locally deny service.
A vulnerability in Windows Push Notifications allows an authorized attacker to disclose sensitive information to an unauthorized actor locally.
A vulnerability in Windows Hyper-V allows an authorized attacker to disclose sensitive information locally. This issue involves the exposure of sensitive data to an unauthorized actor.
A vulnerability in Windows Push Notifications allows an authorized attacker to disclose sensitive information to an unauthorized actor locally.
A vulnerability in Windows Push Notifications allows an authorized attacker to disclose sensitive information to an unauthorized actor locally.
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
An out-of-bounds read in Windows Telephony Service allows an authorized attacker to disclose information locally.
Incorrect calculation of buffer size in Windows VMSwitch allows an authorized attacker to locally deny service.
An out-of-bounds read vulnerability in Windows Kerberos allows an authorized attacker to cause a denial of service over the network.

