CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.10)
Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network.
A vulnerability in the Windows Application Identity (AppID) Subsystem allows an unauthorized attacker to disclose sensitive information locally.
A server-side request forgery (SSRF) vulnerability in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.
A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Exchange Server allows an authorized attacker to perform spoofing over a network. This flaw can be exploited to send unauthorized requests to internal network resources.
Microsoft Exchange Server has improper neutralization of input during web page generation, leading to cross-site scripting (XSS) vulnerabilities. An attacker can exploit this flaw to perform spoofing over a network.
Improper link resolution before file access in .NET allows an unauthorized attacker to perform tampering locally.
Microsoft Office Project Server has improper neutralization of input during web page generation, leading to cross-site scripting (XSS) vulnerabilities. This allows an authorized attacker to perform spoofing over a network.
Microsoft Office SharePoint has improper neutralization of input during web page generation, leading to a cross-site scripting vulnerability. An authorized attacker can exploit this flaw to perform spoofing over a network.
Microsoft Office SharePoint has an improper neutralization of input during web page generation, leading to a cross-site scripting vulnerability. An authorized attacker can exploit this flaw to perform spoofing over a network.
Microsoft Office SharePoint has improper neutralization of input during web page generation, leading to a cross-site scripting vulnerability. An authorized attacker can exploit this flaw to perform spoofing over a network.
A cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint allows an unauthorized attacker to inject malicious script into a web page. The attack can lead to spoofing or session hijacking.
A cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. The flaw is due to improper neutralization of input during web page generation.
Microsoft Office SharePoint has improper neutralization of input during web page generation, leading to a cross-site scripting (XSS) vulnerability. An authorized attacker can exploit this flaw to perform spoofing over a network.
A buffer over-read vulnerability in Microsoft Office allows an unauthorized attacker to disclose information locally. The issue occurs when reading data beyond the allowed memory region.
Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
A cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint allows an unauthorized attacker to inject malicious script into a generated web page. The attack can lead to spoofing or session hijacking.
The implementations of AES-SIV (RFC 5297) and AES-GCM-SIV (RFC 8452) mishandle the authentication of AAD (Additional Authenticated Data) with an empty ciphertext allowing a forgery of such messages.
An out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
An out-of-bounds read in the Windows DWM Core Library allows an authorized attacker to disclose information locally.
Use after free in Windows Network Controller (NC) Host Agent allows an authorized attacker to locally deny service.

