Common Vulnerabilities and Exposures (CVE)

CVE-2026-47639

Jul 1, 2026 20:13:57 UTC

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

CVE-2026-47638

Jul 1, 2026 20:13:56 UTC

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

CVE-2026-47637

Jul 1, 2026 20:13:56 UTC

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

CVE-2026-47636

Jul 1, 2026 20:13:55 UTC

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

CVE-2026-47635

Jul 1, 2026 20:13:55 UTC

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-41098

Jul 1, 2026 20:13:54 UTC

Improper neutralization of input during web page generation ('cross-site scripting') in Azure Stack Edge allows an authorized attacker to perform spoofing over a network.

CVE-2026-47631

Jul 1, 2026 20:13:54 UTC

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-47298

Jul 1, 2026 20:13:53 UTC

Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVE-2026-32193

Jul 1, 2026 20:13:52 UTC

Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Azure Kubernetes Service allows an authorized attacker to execute code locally.

CVE-2026-41092

Jul 1, 2026 20:13:52 UTC

Improper access control in Microsoft Kinect allows an authorized attacker to elevate privileges locally.

CVE-2026-47292

Jul 1, 2026 20:13:51 UTC

Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally.

CVE-2026-47291

Jul 1, 2026 20:13:51 UTC

Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.

CVE-2026-47289

Jul 1, 2026 20:13:50 UTC

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

CVE-2026-47288

Jul 1, 2026 20:13:50 UTC

Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network.

CVE-2026-47287

Jul 1, 2026 20:13:49 UTC

Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform tampering over a network.