Aggregates CVE and security vulnerability intelligence across all Microsoft-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk memory corruption, vendor risk path handling, and vendor risk input validation, with potential vendor impact file overwrite across vendor surface server deployment use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-48576 | Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. | [email protected] | 7.9 | 1.03% | 2026-06-09 | 2026-06-17 |
| CVE-2026-48575 | Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. | [email protected] | 7.9 | 0.30% | 2026-06-09 | 2026-06-17 |
| CVE-2026-48574 | Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally. | [email protected] | 7.8 | 0.36% | 2026-06-09 | 2026-06-17 |
| CVE-2026-48573 | Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. | [email protected] | 7.9 | 1.03% | 2026-06-09 | 2026-06-17 |
| CVE-2026-48570 | Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. | [email protected] | 7.9 | 0.30% | 2026-06-09 | 2026-06-17 |
| CVE-2026-48569 | Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally. | [email protected] | 7.1 | 0.35% | 2026-06-09 | 2026-06-17 |
| CVE-2026-48568 | Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. | [email protected] | 7.9 | 0.30% | 2026-06-09 | 2026-06-17 |
| CVE-2026-48566 | Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally. | [email protected] | 5.5 | 0.36% | 2026-06-09 | 2026-06-17 |
| CVE-2026-48565 | Untrusted search path in Windows Narrator Braille allows an authorized attacker to elevate privileges locally. | [email protected] | 7.8 | 0.43% | 2026-06-09 | 2026-06-17 |
| CVE-2026-48563 | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | [email protected] | 7.5 | 0.46% | 2026-06-09 | 2026-06-17 |
| CVE-2026-48562 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | [email protected] | 4.6 | 0.51% | 2026-06-09 | 2026-06-17 |
| CVE-2026-48560 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | [email protected] | 5.4 | 0.94% | 2026-06-09 | 2026-06-17 |
| CVE-2026-47656 | Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally. | [email protected] | 7.9 | 0.30% | 2026-06-09 | 2026-06-17 |
| CVE-2026-47654 | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | [email protected] | 7.5 | 0.46% | 2026-06-09 | 2026-06-17 |
| CVE-2026-47653 | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | [email protected] | 8.8 | 0.60% | 2026-06-09 | 2026-06-17 |
| CVE-2026-47652 | Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally. | [email protected] | 8.2 | 0.25% | 2026-06-09 | 2026-06-17 |
| CVE-2026-47648 | Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally. | [email protected] | 7.0 | 0.18% | 2026-06-09 | 2026-06-17 |
| CVE-2026-47643 | External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network. | [email protected] | 9.8 | 0.75% | 2026-06-09 | 2026-06-17 |
| CVE-2026-47641 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | [email protected] | 4.6 | 0.51% | 2026-06-09 | 2026-06-17 |
| CVE-2026-47640 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | [email protected] | 4.6 | 0.51% | 2026-06-09 | 2026-06-17 |