NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2026-47656 | Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally. | 7.9 | 0.08% | 2026-06-09 | 2026-06-10 |
| CVE-2026-47654 | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | 7.5 | 0.07% | 2026-06-09 | 2026-06-09 |
| CVE-2026-47653 | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | 8.8 | 0.08% | 2026-06-09 | 2026-06-09 |
| CVE-2026-47652 | Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally. | 8.2 | 0.07% | 2026-06-09 | 2026-06-10 |
| CVE-2026-47648 | Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally. | 7.0 | 0.11% | 2026-06-09 | 2026-06-10 |
| CVE-2026-47643 | External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network. | 9.8 | 0.12% | 2026-06-09 | 2026-06-09 |
| CVE-2026-47641 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | 4.6 | 0.09% | 2026-06-09 | 2026-06-10 |
| CVE-2026-47640 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | 4.6 | 0.06% | 2026-06-09 | 2026-06-10 |
| CVE-2026-47639 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | 5.4 | 0.06% | 2026-06-09 | 2026-06-10 |
| CVE-2026-47638 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | 4.6 | 0.06% | 2026-06-09 | 2026-06-10 |
| CVE-2026-47637 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | 4.6 | 0.06% | 2026-06-09 | 2026-06-10 |
| CVE-2026-47636 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | 5.4 | 0.06% | 2026-06-09 | 2026-06-10 |
| CVE-2026-47635 | Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. | 8.4 | 0.06% | 2026-06-09 | 2026-06-11 |
| CVE-2026-47634 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | 7.3 | 0.06% | 2026-06-09 | 2026-06-10 |
| CVE-2026-47631 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | 8.1 | 0.07% | 2026-06-09 | 2026-06-09 |
| CVE-2026-47298 | Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | 8.0 | 0.07% | 2026-06-09 | 2026-06-09 |
| CVE-2026-47293 | Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally. | 7.0 | 0.06% | 2026-06-09 | 2026-06-09 |
| CVE-2026-47292 | Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally. | 7.8 | 0.16% | 2026-06-09 | 2026-06-09 |
| CVE-2026-47291 | Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network. | 9.8 | 0.18% | 2026-06-09 | 2026-06-10 |
| CVE-2026-47289 | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | 8.8 | 0.08% | 2026-06-09 | 2026-06-09 |