CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.10)
A race condition in UI Automation Manager (uiamanager.dll) allows an authorized attacker to locally elevate privileges due to improper synchronization during concurrent execution using shared resources.
There is a 'use after free' vulnerability in the Windows Ancillary Function Driver for WinSock that allows an authorized attacker to locally elevate privileges.
Use after free in Windows SDK allows an authorized attacker to elevate privileges locally.
Integer overflow or wraparound in the wininet.dll library in Windows allows an authorized attacker to elevate privileges locally.
An uncontrolled resource consumption vulnerability in ASP.NET Core allows an unauthorized attacker to perform a denial of service (DoS) attack over a network.
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
Improper link resolution before file access in Windows Collaborative Translation Framework allows an authorized attacker to elevate privileges locally.
Improper control of generation of code ('code injection') in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network.
A server-side request forgery (SSRF) vulnerability in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.
An improper authorization vulnerability in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.
An improper authorization vulnerability in .NET allows a local attacker to elevate privileges. An attacker with existing access can gain higher system privileges.
A TOCTOU race condition in Program Compatibility Assistant Service allows an authorized attacker to elevate privileges locally.
A Use-After-Free vulnerability in Microsoft Office Word allows an unauthorized attacker to execute code locally. The issue stems from improper memory management when processing specially crafted documents.
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.
A path traversal vulnerability in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
Microsoft Office SharePoint has improper neutralization of input during web page generation, leading to a cross-site scripting (XSS) vulnerability. An authorized attacker can exploit this flaw to perform spoofing over a network.
Use after free in Linux MANA Driver allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
A Use-After-Free vulnerability in Microsoft Office allows an unauthorized attacker to execute code locally. The issue stems from improper memory management when processing specially crafted files.
A Use-After-Free vulnerability in Microsoft Office allows an unauthorized attacker to execute code locally. The issue stems from improper memory management when processing specially crafted files.

