CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-45595
Medium

Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network.

CVE-2026-45594
Medium

A vulnerability in the Windows Application Identity (AppID) Subsystem allows an unauthorized attacker to disclose sensitive information locally.

CVE-2026-45502
Medium

A server-side request forgery (SSRF) vulnerability in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.

CVE-2026-45501
Medium

A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Exchange Server allows an authorized attacker to perform spoofing over a network. This flaw can be exploited to send unauthorized requests to internal network resources.

CVE-2026-45500
Medium

Microsoft Exchange Server has improper neutralization of input during web page generation, leading to cross-site scripting (XSS) vulnerabilities. An attacker can exploit this flaw to perform spoofing over a network.

CVE-2026-45491
Medium

Improper link resolution before file access in .NET allows an unauthorized attacker to perform tampering locally.

CVE-2026-45483
Medium

Microsoft Office Project Server has improper neutralization of input during web page generation, leading to cross-site scripting (XSS) vulnerabilities. This allows an authorized attacker to perform spoofing over a network.

CVE-2026-45479
Medium

Microsoft Office SharePoint has improper neutralization of input during web page generation, leading to a cross-site scripting vulnerability. An authorized attacker can exploit this flaw to perform spoofing over a network.

CVE-2026-45468
Medium

Microsoft Office SharePoint has an improper neutralization of input during web page generation, leading to a cross-site scripting vulnerability. An authorized attacker can exploit this flaw to perform spoofing over a network.

CVE-2026-45467
Medium

Microsoft Office SharePoint has improper neutralization of input during web page generation, leading to a cross-site scripting vulnerability. An authorized attacker can exploit this flaw to perform spoofing over a network.

CVE-2026-45465
Medium

A cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint allows an unauthorized attacker to inject malicious script into a web page. The attack can lead to spoofing or session hijacking.

CVE-2026-45464
Medium

A cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. The flaw is due to improper neutralization of input during web page generation.

CVE-2026-45462
Medium

Microsoft Office SharePoint has improper neutralization of input during web page generation, leading to a cross-site scripting (XSS) vulnerability. An authorized attacker can exploit this flaw to perform spoofing over a network.

CVE-2026-45460
Medium

A buffer over-read vulnerability in Microsoft Office allows an unauthorized attacker to disclose information locally. The issue occurs when reading data beyond the allowed memory region.

CVE-2026-45454
Medium

Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVE-2026-45453
Medium

A cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint allows an unauthorized attacker to inject malicious script into a generated web page. The attack can lead to spoofing or session hijacking.

CVE-2026-45446
Medium

The implementations of AES-SIV (RFC 5297) and AES-GCM-SIV (RFC 8452) mishandle the authentication of AAD (Additional Authenticated Data) with an empty ciphertext allowing a forgery of such messages.

CVE-2026-44821
Medium

An out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

CVE-2026-44814
Medium

An out-of-bounds read in the Windows DWM Core Library allows an authorized attacker to disclose information locally.

CVE-2026-44805
Medium

Use after free in Windows Network Controller (NC) Host Agent allows an authorized attacker to locally deny service.

PreviousPage 144 of 553Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS