Common Vulnerabilities and Exposures (CVE)

CVE-2026-45640

Jun 18, 2026 22:01:19 UTC

Use after free in Windows Bluetooth Port Driver allows an authorized attacker to elevate privileges locally.

CVE-2026-45605

Jun 18, 2026 21:59:38 UTC

Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.

CVE-2026-45583

Jun 18, 2026 21:59:38 UTC

Improper control of generation of code ('code injection') in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network.

CVE-2026-45503

Jun 18, 2026 21:57:57 UTC

Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.

CVE-2026-45502

Jun 18, 2026 21:57:56 UTC

Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.

CVE-2026-45500

Jun 18, 2026 21:56:15 UTC

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-45491

Jun 18, 2026 21:56:13 UTC

Improper link resolution before file access ('link following') in .NET allows an unauthorized attacker to perform tampering locally.

CVE-2026-45490

Jun 18, 2026 21:56:12 UTC

Improper authorization in .NET allows an authorized attacker to elevate privileges locally.

CVE-2026-45487

Jun 18, 2026 21:56:11 UTC

Time-of-check time-of-use (TOCTOU) race condition in Program Compatibility Assistant Service allows an authorized attacker to elevate privileges locally.

CVE-2026-45466

Jun 18, 2026 21:56:11 UTC

Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

CVE-2026-45458

Jun 18, 2026 21:52:49 UTC

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-45456

Jun 18, 2026 21:52:49 UTC

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-45453

Jun 18, 2026 21:52:48 UTC

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

CVE-2026-44824

Jun 18, 2026 21:52:47 UTC

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-44823

Jun 18, 2026 21:52:46 UTC

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.