Common Vulnerabilities and Exposures (CVE)

CVE-2026-40404

Jun 10, 2026 10:31:48 UTC

Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability

CVE-2026-33828

Jun 10, 2026 10:31:34 UTC

Trust boundary violation in Windows Attestation allows an authorized attacker to elevate privileges locally.

CVE-2026-42902

Jun 10, 2026 10:31:20 UTC

Improper authorization in Microsoft PowerToys allows an authorized attacker to elevate privileges locally.

CVE-2026-44817

Jun 10, 2026 10:31:06 UTC

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-44818

Jun 10, 2026 10:30:51 UTC

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-44820

Jun 10, 2026 10:30:37 UTC

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-44823

Jun 10, 2026 10:30:23 UTC

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-44824

Jun 10, 2026 10:30:09 UTC

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-45456

Jun 10, 2026 10:29:52 UTC

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-45461

Jun 10, 2026 10:29:38 UTC

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-45487

Jun 10, 2026 10:29:24 UTC

Time-of-check time-of-use (TOCTOU) race condition in Program Compatibility Assistant Service allows an authorized attacker to elevate privileges locally.

CVE-2026-45490

Jun 10, 2026 10:29:11 UTC

Improper authorization in .NET allows an authorized attacker to elevate privileges locally.

CVE-2026-45504

Jun 10, 2026 10:28:57 UTC

Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.

CVE-2026-45583

Jun 10, 2026 10:28:44 UTC

Improper control of generation of code ('code injection') in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network.

CVE-2026-45605

Jun 10, 2026 10:28:30 UTC

Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.