CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.10)
Untrusted search path in Windows Narrator Braille allows an authorized attacker to elevate privileges locally.
A Use-After-Free vulnerability in the Remote Desktop Client allows an unauthorized attacker to execute code remotely over a network.
Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.
A Use-After-Free vulnerability in the Remote Desktop Client allows an unauthorized attacker to execute code remotely over a network.
A Use-After-Free vulnerability in the Remote Desktop Client allows an unauthorized attacker to execute code remotely over a network.
A heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally. The vulnerability affects the Windows virtualization component.
Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.
A heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
A vulnerability in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. The issue is due to improper neutralization of special elements in output used by a downstream component.
Microsoft Exchange Server has an improper neutralization of input during web page generation, leading to a cross-site scripting vulnerability. This flaw allows an unauthorized attacker to perform spoofing over a network.
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
A use after free vulnerability in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally.
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network.
In the md-fileserver application prior to version 1.10.3, there is a cross-site scripting (XSS) vulnerability in the Markdown rendering logic. This allows arbitrary JavaScript execution in the context of the affected domain by injecting unescaped HTML, including <script> tags.
FreeSWITCH prior to version 1.11.0 contained an XML parser that did not limit the depth or count of nested <!ENTITY> declarations, leading to a potential 'billion laughs' attack. An attacker could exploit this flaw to force unbounded CPU and memory consumption with a single request.
A vulnerability in Windows BitLocker allows a locally authenticated attacker to bypass a security feature due to improper access control.
Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.
A vulnerability in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. The issue stems from improper access control in the Secure Boot mechanism.

