CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-48565
High

Untrusted search path in Windows Narrator Braille allows an authorized attacker to elevate privileges locally.

CVE-2026-48563
High

A Use-After-Free vulnerability in the Remote Desktop Client allows an unauthorized attacker to execute code remotely over a network.

CVE-2026-47656
High

Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.

CVE-2026-47654
High

A Use-After-Free vulnerability in the Remote Desktop Client allows an unauthorized attacker to execute code remotely over a network.

CVE-2026-47653
High

A Use-After-Free vulnerability in the Remote Desktop Client allows an unauthorized attacker to execute code remotely over a network.

CVE-2026-47652
High

A heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally. The vulnerability affects the Windows virtualization component.

CVE-2026-47648
High

Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.

CVE-2026-47635
High

A heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-47634
High

A vulnerability in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. The issue is due to improper neutralization of special elements in output used by a downstream component.

CVE-2026-47631
High

Microsoft Exchange Server has an improper neutralization of input during web page generation, leading to a cross-site scripting vulnerability. This flaw allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-47298
High

Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVE-2026-47293
High

A use after free vulnerability in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

CVE-2026-47292
High

Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally.

CVE-2026-47289
High

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

CVE-2026-47288
HighEPSS 56%

Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network.

CVE-2026-46492
High

In the md-fileserver application prior to version 1.10.3, there is a cross-site scripting (XSS) vulnerability in the Markdown rendering logic. This allows arbitrary JavaScript execution in the context of the affected domain by injecting unescaped HTML, including <script> tags.

CVE-2026-45771
High

FreeSWITCH prior to version 1.11.0 contained an XML parser that did not limit the depth or count of nested <!ENTITY> declarations, leading to a potential 'billion laughs' attack. An attacker could exploit this flaw to force unbounded CPU and memory consumption with a single request.

CVE-2026-45658
High

A vulnerability in Windows BitLocker allows a locally authenticated attacker to bypass a security feature due to improper access control.

CVE-2026-45656
High

Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.

CVE-2026-45654
High

A vulnerability in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. The issue stems from improper access control in the Secure Boot mechanism.

PreviousPage 166 of 3362Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS