Common Vulnerabilities and Exposures (CVE)

CVE-2026-42823

Jun 5, 2026 16:39:36 UTC

Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.

CVE-2026-41613

Jun 5, 2026 16:39:35 UTC

Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-41103

Jun 5, 2026 16:39:35 UTC

Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-40381

Jun 5, 2026 16:39:34 UTC

Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.

CVE-2026-41097

Jun 5, 2026 16:39:33 UTC

Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

CVE-2026-41086

Jun 5, 2026 16:39:33 UTC

Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

CVE-2026-40420

Jun 5, 2026 16:39:32 UTC

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

CVE-2026-35436

Jun 5, 2026 16:39:32 UTC

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

CVE-2026-40418

Jun 5, 2026 16:39:31 UTC

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

CVE-2026-40413

Jun 5, 2026 16:39:30 UTC

Windows TCP/IP Denial of Service Vulnerability

CVE-2026-40403

Jun 5, 2026 16:39:30 UTC

Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally.

CVE-2026-40402

Jun 5, 2026 16:39:29 UTC

Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.

CVE-2026-40401

Jun 5, 2026 16:39:29 UTC

Windows TCP/IP Denial of Service Vulnerability

CVE-2026-40398

Jun 5, 2026 16:39:28 UTC

Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

CVE-2026-32209

Jun 5, 2026 16:39:27 UTC

Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally.