CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-45468
Medium

Microsoft Office SharePoint has an improper neutralization of input during web page generation, leading to a cross-site scripting vulnerability. An authorized attacker can exploit this flaw to perform spoofing over a network.

CVE-2026-45467
Medium

Microsoft Office SharePoint has improper neutralization of input during web page generation, leading to a cross-site scripting vulnerability. An authorized attacker can exploit this flaw to perform spoofing over a network.

CVE-2026-45465
Medium

A cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint allows an unauthorized attacker to inject malicious script into a web page. The attack can lead to spoofing or session hijacking.

CVE-2026-45464
Medium

A cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. The flaw is due to improper neutralization of input during web page generation.

CVE-2026-45462
Medium

Microsoft Office SharePoint has improper neutralization of input during web page generation, leading to a cross-site scripting (XSS) vulnerability. An authorized attacker can exploit this flaw to perform spoofing over a network.

CVE-2026-45460
Medium

A buffer over-read vulnerability in Microsoft Office allows an unauthorized attacker to disclose information locally. The issue occurs when reading data beyond the allowed memory region.

CVE-2026-45454
Medium

Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVE-2026-45453
Medium

A cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint allows an unauthorized attacker to inject malicious script into a generated web page. The attack can lead to spoofing or session hijacking.

CVE-2026-45446
Medium

The implementations of AES-SIV (RFC 5297) and AES-GCM-SIV (RFC 8452) mishandle the authentication of AAD (Additional Authenticated Data) with an empty ciphertext allowing a forgery of such messages.

CVE-2026-44821
Medium

An out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

CVE-2026-44814
Medium

An out-of-bounds read in the Windows DWM Core Library allows an authorized attacker to disclose information locally.

CVE-2026-44805
Medium

Use after free in Windows Network Controller (NC) Host Agent allows an authorized attacker to locally deny service.

CVE-2026-42973
Medium

A vulnerability in Windows Push Notifications allows an authorized attacker to disclose sensitive information to an unauthorized actor locally.

CVE-2026-42972
Medium

A vulnerability in Windows Hyper-V allows an authorized attacker to disclose sensitive information locally. This issue involves the exposure of sensitive data to an unauthorized actor.

CVE-2026-42971
Medium

A vulnerability in Windows Push Notifications allows an authorized attacker to disclose sensitive information to an unauthorized actor locally.

CVE-2026-42970
Medium

A vulnerability in Windows Push Notifications allows an authorized attacker to disclose sensitive information to an unauthorized actor locally.

CVE-2026-42969
Medium

Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.

CVE-2026-42968
Medium

An out-of-bounds read in Windows Telephony Service allows an authorized attacker to disclose information locally.

CVE-2026-42915
Medium

Incorrect calculation of buffer size in Windows VMSwitch allows an authorized attacker to locally deny service.

CVE-2026-42914
MediumEPSS 52%

An out-of-bounds read vulnerability in Windows Kerberos allows an authorized attacker to cause a denial of service over the network.

PreviousPage 151 of 560Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS