CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.10)
A heap-based buffer overflow in the Windows kernel allows an authorized attacker to elevate privileges locally.
Improper access control in Office for Android allows an unauthorized attacker to perform spoofing locally.
Stack-based buffer overflow in Active Directory Domain Services allows an authorized attacker to execute code over a network.
A vulnerability in Microsoft Office allows an unauthorized attacker to execute code locally via an untrusted pointer dereference. The issue stems from improper pointer validation in memory.
The Microsoft Live Share Canvas SDK has improper neutralization of input during web page generation, leading to a cross-site scripting vulnerability. An authorized attacker can exploit this flaw to elevate their privileges over a network.
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
A type confusion vulnerability in Windows Hyper-V allows an unauthorized attacker to execute code locally. The flaw arises from accessing a resource using an incompatible type.
Use after free in Windows Bluetooth Port Driver allows an authorized attacker to elevate privileges locally.
An out-of-bounds read vulnerability in Windows RDP allows an unauthorized attacker to disclose information over a network.
A heap-based buffer overflow in the Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
A use after free vulnerability in the Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
A type confusion vulnerability in the upnp.dll library allows an unauthorized attacker to execute code remotely over the network. The issue affects the Universal Plug and Play (UPnP) component.
Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
A use after free vulnerability in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
A race condition vulnerability exists in the Windows Ancillary Function Driver for WinSock due to improper synchronization of shared resources. This flaw allows an authorized attacker to locally elevate privileges.
A race condition in the Windows Ancillary Function Driver for WinSock (AFD.sys) allows an authorized attacker to elevate privileges locally. The vulnerability stems from improper synchronization when accessing shared resources concurrently.
In Windows, a vulnerability in kernel-mode drivers allows access to resources using an incompatible type ('type confusion'). This enables an authorized attacker to elevate privileges locally.
The 'Use after free' vulnerability in the upnp.dll library of Universal Plug and Play allows an unauthorized attacker to execute code remotely over a network.
A race condition in the Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally due to improper synchronization of shared resources.

