CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-45597
High

A race condition in UI Automation Manager (uiamanager.dll) allows an authorized attacker to locally elevate privileges due to improper synchronization during concurrent execution using shared resources.

CVE-2026-45596
High

There is a 'use after free' vulnerability in the Windows Ancillary Function Driver for WinSock that allows an authorized attacker to locally elevate privileges.

CVE-2026-45593
High

Use after free in Windows SDK allows an authorized attacker to elevate privileges locally.

CVE-2026-45592
High

Integer overflow or wraparound in the wininet.dll library in Windows allows an authorized attacker to elevate privileges locally.

CVE-2026-45591
HighEPSS 82%

An uncontrolled resource consumption vulnerability in ASP.NET Core allows an unauthorized attacker to perform a denial of service (DoS) attack over a network.

CVE-2026-45588
High

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

CVE-2026-45586
High

Improper link resolution before file access in Windows Collaborative Translation Framework allows an authorized attacker to elevate privileges locally.

CVE-2026-45583
High

Improper control of generation of code ('code injection') in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network.

CVE-2026-45504
High

A server-side request forgery (SSRF) vulnerability in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.

CVE-2026-45503
High

An improper authorization vulnerability in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.

CVE-2026-45490
High

An improper authorization vulnerability in .NET allows a local attacker to elevate privileges. An attacker with existing access can gain higher system privileges.

CVE-2026-45487
High

A TOCTOU race condition in Program Compatibility Assistant Service allows an authorized attacker to elevate privileges locally.

CVE-2026-45486
High

A Use-After-Free vulnerability in Microsoft Office Word allows an unauthorized attacker to execute code locally. The issue stems from improper memory management when processing specially crafted documents.

CVE-2026-45484
HighEPSS 72%

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.

CVE-2026-45482
High

A path traversal vulnerability in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.

CVE-2026-45481
High

Microsoft Office SharePoint has improper neutralization of input during web page generation, leading to a cross-site scripting (XSS) vulnerability. An authorized attacker can exploit this flaw to perform spoofing over a network.

CVE-2026-45476
High

Use after free in Linux MANA Driver allows an authorized attacker to elevate privileges locally.

CVE-2026-45475
High

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-45474
High

A Use-After-Free vulnerability in Microsoft Office allows an unauthorized attacker to execute code locally. The issue stems from improper memory management when processing specially crafted files.

CVE-2026-45472
High

A Use-After-Free vulnerability in Microsoft Office allows an unauthorized attacker to execute code locally. The issue stems from improper memory management when processing specially crafted files.

PreviousPage 168 of 3362Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS