CVE Database
Comprehensive vulnerability intelligence with advanced analytics
CVE-2026-21265
MediumWindows Secure Boot stores Microsoft certificates in the UEFI KEK and DB. These original certificates are approaching expiration, and devices containing affected certificate versions must update them to maintain Secure Boot functionality and avoid compromising security by losing security fixes related to Windows boot manager or Secure Boot. The operating…
CVE-2026-21224
HighStack-based buffer overflow in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-21221
HighConcurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally.
CVE-2026-21219
HighUse after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
CVE-2026-20965
HighImproper verification of cryptographic signature in Windows Admin Center allows an authorized attacker to elevate privileges locally.
CVE-2026-20963
HighDeserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-20962
MediumUse of uninitialized resource in Dynamic Root of Trust for Measurement (DRTM) allows an authorized attacker to disclose information locally.
CVE-2026-20959
MediumImproper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-20958
MediumServer-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network.
CVE-2026-20957
HighInteger underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-20956
HighUntrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-20955
HighUntrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-20953
HighUse after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-20952
HighUse after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-20951
HighImproper input validation in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.
CVE-2026-20950
HighUse after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-20949
HighImproper access control in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-20948
HighUntrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-20947
HighImproper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-20946
HighOut-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-20944
HighOut-of-bounds read in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-20943
HighUntrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-20941
HighImproper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.
CVE-2026-20940
HighHeap-based buffer overflow in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.