Common Vulnerabilities and Exposures (CVE)

CVE-2026-41091

Jun 9, 2026 19:33:50 UTC

Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally.

CVE-2026-45659

Jun 9, 2026 19:33:49 UTC

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVE-2026-42834

Jun 9, 2026 19:33:49 UTC

Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

CVE-2026-45584

Jun 9, 2026 19:33:48 UTC

Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network.

CVE-2026-42822

Jun 9, 2026 19:33:48 UTC

Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-45495

Jun 9, 2026 19:33:47 UTC

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

CVE-2026-45494

Jun 9, 2026 19:33:47 UTC

Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE-2026-45492

Jun 9, 2026 19:33:46 UTC

Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.

CVE-2026-33821

Jun 9, 2026 19:33:45 UTC

Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network.

CVE-2026-42893

Jun 9, 2026 19:33:45 UTC

Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to perform tampering over a network.

CVE-2026-42838

Jun 9, 2026 19:33:44 UTC

Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-40416

Jun 9, 2026 19:33:43 UTC

User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-42833

Jun 9, 2026 19:33:43 UTC

Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.

CVE-2026-44275

Jun 9, 2026 19:33:43 UTC

Dell/Alienware Purchased Apps, versions prior to 1.1.32.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, le...

CVE-2026-42832

Jun 9, 2026 19:33:42 UTC

Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.