Common Vulnerabilities and Exposures (CVE)

CVE-2026-34338

Jun 19, 2026 16:12:46 UTC

Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

CVE-2026-34337

Jun 19, 2026 16:12:46 UTC

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

CVE-2026-34336

Jun 19, 2026 16:12:45 UTC

Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

CVE-2026-34334

Jun 19, 2026 16:12:45 UTC

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

CVE-2026-34332

Jun 19, 2026 16:12:44 UTC

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network.

CVE-2026-33838

Jun 19, 2026 16:12:43 UTC

Double free in Windows Message Queuing allows an authorized attacker to elevate privileges locally.

CVE-2026-33837

Jun 19, 2026 16:12:43 UTC

Heap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

CVE-2026-33835

Jun 19, 2026 16:12:42 UTC

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

CVE-2026-33833

Jun 19, 2026 16:12:42 UTC

Improper neutralization of special elements in output used by a downstream component ('injection') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-33112

Jun 19, 2026 16:12:41 UTC

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVE-2026-33110

Jun 19, 2026 16:12:41 UTC

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVE-2026-45498

Jun 19, 2026 16:12:40 UTC

Microsoft Defender Denial of Service Vulnerability

CVE-2026-41615

Jun 19, 2026 16:12:40 UTC

Exposure of sensitive information to an unauthorized actor in Microsoft Authenticator allows an unauthorized attacker to disclose information over a network.

CVE-2026-42897

Jun 19, 2026 16:12:39 UTC

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-42899

Jun 19, 2026 16:12:39 UTC

Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.