Common Vulnerabilities and Exposures (CVE)

CVE-2026-45607

Jun 15, 2026 23:19:16 UTC

Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.

CVE-2026-45606

Jun 15, 2026 23:19:16 UTC

Out-of-bounds read in Microsoft UxTheme Library (uxtheme.dll) allows an authorized attacker to deny service locally.

CVE-2026-45640

Jun 15, 2026 23:19:15 UTC

Use after free in Windows Bluetooth Port Driver allows an authorized attacker to elevate privileges locally.

CVE-2026-45639

Jun 15, 2026 23:19:15 UTC

Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.

CVE-2026-45605

Jun 15, 2026 23:19:14 UTC

Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.

CVE-2026-45583

Jun 15, 2026 23:19:13 UTC

Improper control of generation of code ('code injection') in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network.

CVE-2026-45504

Jun 15, 2026 23:19:13 UTC

Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.

CVE-2026-45503

Jun 15, 2026 23:19:12 UTC

Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.

CVE-2026-45502

Jun 15, 2026 23:19:12 UTC

Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.

CVE-2026-45501

Jun 15, 2026 23:19:11 UTC

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-45500

Jun 15, 2026 23:19:11 UTC

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-45491

Jun 15, 2026 23:19:10 UTC

Improper link resolution before file access ('link following') in .NET allows an unauthorized attacker to perform tampering locally.

CVE-2026-45490

Jun 15, 2026 23:19:10 UTC

Improper authorization in .NET allows an authorized attacker to elevate privileges locally.

CVE-2026-45487

Jun 15, 2026 23:19:09 UTC

Time-of-check time-of-use (TOCTOU) race condition in Program Compatibility Assistant Service allows an authorized attacker to elevate privileges locally.

CVE-2026-45466

Jun 15, 2026 23:19:09 UTC

Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to disclose information locally.