|
1001
|
7.5 |
HIGH
Network
|
-
|
-
|
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
New
|
CWE-362
CWE-416
Race Condition
Use After Free
|
CVE-2026-42909
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1002
|
7.5 |
HIGH
Network
|
-
|
-
|
Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-42908
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1003
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.
New
|
CWE-200
Information Exposure
|
CVE-2026-42907
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1004
|
7.8 |
HIGH
Local
|
-
|
-
|
Improper authorization in Microsoft PowerToys allows an authorized attacker to elevate privileges locally.
New
|
CWE-285
Improper Authorization
|
CVE-2026-42902
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1005
|
8.1 |
HIGH
Network
|
-
|
-
|
Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Teams for Android allows an authorized attacker to disclose information over a network.
New
|
CWE-74
Injection
|
CVE-2026-42835
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1006
|
8.4 |
HIGH
Network
|
-
|
-
|
Improper neutralization of input during web page generation ('cross-site scripting') in Azure Stack Edge allows an authorized attacker to perform spoofing over a network.
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-41098
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1007
|
8.8 |
HIGH
Network
|
-
|
-
|
Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to elevate privileges over a network.
New
|
CWE-280
Improper Handling of Insufficient Permissions or Privileges
|
CVE-2026-40371
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1008
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the D…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-34692
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1009
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-33113
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1010
|
8.8 |
HIGH
Local
|
-
|
-
|
Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Azure Kubernetes Service allows an authorized attacker to execute code locally.
New
|
CWE-22
Path Traversal
|
CVE-2026-32193
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
