Common Vulnerabilities and Exposures (CVE)
CVE-2026-35593
Trilium Notes is an open-source, cross-platform hierarchical note taking application for building large personal knowledge bases. Versions 0.102.1 and prior are vulnerable to Local File Inclusion, allowing an authenticated attacker to read ...
CVE-2026-45585
Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices. We ...
CVE-2026-32177
Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.
CVE-2026-42822
Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-41105
Server-side request forgery (ssrf) in Azure Notification Service allows an authorized attacker to elevate privileges over a network.
CVE-2026-42826
Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose information over a network.
CVE-2026-35435
Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-35428
Improper neutralization of special elements used in a command ('command injection') in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-34327
Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-33844
Improper input validation in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.
CVE-2026-33823
Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network.
CVE-2026-26164
Improper neutralization of special elements in output used by a downstream component ('injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-33111
Improper neutralization of special elements used in a command ('command injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network.
CVE-2026-26129
Improper neutralization of special elements in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-45495
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability