Common Vulnerabilities and Exposures (CVE)

CVE-2026-47655

Jun 23, 2026 17:43:50 UTC

Exposure of sensitive information to an unauthorized actor in Microsoft Graph allows an authorized attacker to disclose information over a network.

CVE-2026-47644

Jun 23, 2026 17:43:50 UTC

Improper neutralization of special elements in output used by a downstream component ('injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network.

CVE-2026-45483

Jun 23, 2026 17:43:49 UTC

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Project Server allows an authorized attacker to perform spoofing over a network.

CVE-2026-45485

Jun 23, 2026 17:43:49 UTC

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

CVE-2026-45486

Jun 23, 2026 17:43:48 UTC

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-45479

Jun 23, 2026 17:43:47 UTC

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

CVE-2026-45474

Jun 23, 2026 17:43:47 UTC

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-45471

Jun 23, 2026 17:43:46 UTC

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-45472

Jun 23, 2026 17:43:46 UTC

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-45475

Jun 23, 2026 17:43:45 UTC

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-45469

Jun 23, 2026 17:43:44 UTC

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-32589

Jun 23, 2026 17:43:43 UTC

A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do...

CVE-2026-45468

Jun 23, 2026 17:43:43 UTC

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

CVE-2026-45467

Jun 23, 2026 17:43:42 UTC

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

CVE-2026-41108

Jun 23, 2026 17:43:41 UTC

Heap-based buffer overflow in Microsoft Windows DNS allows an authorized attacker to elevate privileges locally.