Common Vulnerabilities and Exposures (CVE)

CVE-2026-50520

Jul 15, 2026 22:22:58 UTC

Improper neutralization of special elements used in a command ('command injection') in Visual Studio Code allows an unauthorized attacker to execute code locally.

CVE-2026-55144

Jul 15, 2026 22:22:58 UTC

Missing cryptographic step in Windows CryptoAPI allows an authorized attacker to perform tampering locally.

CVE-2026-55002

Jul 15, 2026 22:22:57 UTC

External control of file name or path in SQL Server allows an authorized attacker to elevate privileges locally.

CVE-2026-54118

Jul 15, 2026 22:22:56 UTC

Deserialization of untrusted data in SQL Server allows an authorized attacker to execute code over a network.

CVE-2026-54117

Jul 15, 2026 22:22:55 UTC

Deserialization of untrusted data in SQL Server allows an authorized attacker to execute code over a network.

CVE-2026-50524

Jul 15, 2026 22:22:54 UTC

Improper validation of specified type of input in .NET Framework allows an unauthorized attacker to deny service over a network.

CVE-2026-55012

Jul 15, 2026 22:22:53 UTC

Integer overflow or wraparound in Microsoft Defender allows an unauthorized attacker to execute code locally.

CVE-2026-55011

Jul 15, 2026 22:22:52 UTC

Integer underflow (wrap or wraparound) in Microsoft Defender allows an unauthorized attacker to execute code locally.

CVE-2026-50338

Jul 15, 2026 22:22:51 UTC

Improper authentication in Azure Spring Apps allows an authorized attacker to elevate privileges over a network.

CVE-2026-55009

Jul 15, 2026 22:22:49 UTC

Deserialization of untrusted data in Microsoft Exchange Server allows an authorized attacker to elevate privileges locally.

CVE-2026-55008

Jul 15, 2026 22:22:49 UTC

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-55006

Jul 15, 2026 22:22:49 UTC

Insufficient granularity of access control in Microsoft Exchange Server allows an authorized attacker to elevate privileges locally.

CVE-2026-55005

Jul 15, 2026 22:22:48 UTC

Heap-based buffer overflow in Microsoft Exchange Server allows an authorized attacker to execute code over a network.

CVE-2026-54122

Jul 15, 2026 22:22:47 UTC

Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code locally.

CVE-2026-54995

Jul 15, 2026 22:22:47 UTC

Use after free in Reliable Multicast Transport Driver (RMCAST) allows an unauthorized attacker to execute code over a network.