Common Vulnerabilities and Exposures (CVE)

CVE-2026-45599

Jul 1, 2026 20:14:23 UTC

Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.

CVE-2026-45597

Jul 1, 2026 20:14:22 UTC

Concurrent execution using shared resource with improper synchronization ('race condition') in UI Automation Manager (uiamanager.dll) allows an authorized attacker to elevate privileges locally.

CVE-2026-45595

Jul 1, 2026 20:14:22 UTC

Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network.

CVE-2026-45604

Jul 1, 2026 20:14:21 UTC

Out-of-bounds read in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally.

CVE-2026-45594

Jul 1, 2026 20:14:21 UTC

Exposure of sensitive information to an unauthorized actor in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally.

CVE-2026-45593

Jul 1, 2026 20:14:20 UTC

Use after free in Windows SDK allows an authorized attacker to elevate privileges locally.

CVE-2026-45592

Jul 1, 2026 20:14:19 UTC

Integer overflow or wraparound in Windows Internet (wininet.dll) allows an authorized attacker to elevate privileges locally.

CVE-2026-45591

Jul 1, 2026 20:14:19 UTC

Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network.

CVE-2026-45586

Jul 1, 2026 20:14:18 UTC

Improper link resolution before file access ('link following') in Windows Collaborative Translation Framework allows an authorized attacker to elevate privileges locally.

CVE-2026-45482

Jul 1, 2026 20:14:18 UTC

Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information over a network.

CVE-2026-45476

Jul 1, 2026 20:14:17 UTC

Use after free in Linux MANA Driver allows an authorized attacker to elevate privileges locally.

CVE-2026-45465

Jul 1, 2026 20:14:16 UTC

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

CVE-2026-45464

Jul 1, 2026 20:14:16 UTC

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

CVE-2026-45463

Jul 1, 2026 20:14:15 UTC

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-45462

Jul 1, 2026 20:14:15 UTC

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.