Common Vulnerabilities and Exposures (CVE)

CVE-2026-41091

Jun 2, 2026 23:16:57 UTC

Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally.

CVE-2026-45498

Jun 2, 2026 23:16:57 UTC

Microsoft Defender Denial of Service Vulnerability

CVE-2026-41615

Jun 2, 2026 23:16:56 UTC

Exposure of sensitive information to an unauthorized actor in Microsoft Authenticator allows an unauthorized attacker to disclose information over a network.

CVE-2026-42897

Jun 2, 2026 23:16:56 UTC

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-42899

Jun 2, 2026 23:16:55 UTC

Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.

CVE-2026-42898

Jun 2, 2026 23:16:55 UTC

Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.

CVE-2026-42896

Jun 2, 2026 23:16:54 UTC

Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

CVE-2026-35429

Jun 2, 2026 23:16:54 UTC

User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-42891

Jun 2, 2026 23:16:53 UTC

User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-41107

Jun 2, 2026 23:16:53 UTC

External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.

CVE-2026-32175

Jun 2, 2026 23:16:52 UTC

A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. H...

CVE-2026-42831

Jun 2, 2026 23:16:52 UTC

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-32185

Jun 2, 2026 23:16:51 UTC

Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.

CVE-2026-32170

Jun 2, 2026 23:16:51 UTC

Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally.

CVE-2026-32161

Jun 2, 2026 23:16:50 UTC

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Native WiFi Miniport Driver allows an unauthorized attacker to execute code over an adjacent network.