Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2017-0096 | Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users to obtain sensitive information from host OS memory via a crafted application, aka "Hyper-V Information Disclosure Vulnerability." | 2.6 | 1.92% | 2017-03-16 | 2026-06-16 |
| CVE-2015-2476 | The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka "WebDAV Client Information Disclosure Vulnerability." | 2.6 | 11.15% | 2015-08-14 | 2026-06-16 |
| CVE-2015-1648 | ASP.NET in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, when the customErrors configuration is disabled, allows remote attackers to obtain sensitive configuration-file information via a crafted request, aka "ASP.NET Information Disclosure Vulnerability." | 2.6 | 34.86% | 2015-04-14 | 2026-06-16 |
| CVE-2010-0808 | Microsoft Internet Explorer 6 and 7 on Windows XP and Vista does not prevent script from simulating user interaction with the AutoComplete feature, which allows remote attackers to obtain sensitive form information via a crafted web site, aka "AutoComplete Information Disclosure Vulnerability." | 2.6 | 9.71% | 2010-10-13 | 2026-06-16 |
| CVE-2009-1536 | ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability." | 2.6 | 51.32% | 2009-08-12 | 2026-06-16 |
| CVE-2006-5578 | Microsoft Internet Explorer 6 and earlier allows remote attackers to read Temporary Internet Files (TIF) and obtain sensitive information via unspecified vectors involving certain drag and drop operations, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5577. | 2.6 | 21.15% | 2006-12-12 | 2026-06-16 |
| CVE-2006-4685 | The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains. | 2.6 | 19.70% | 2006-10-10 | 2026-06-16 |
| CVE-2006-1193 | Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing." | 2.6 | 39.17% | 2006-06-13 | 2026-06-16 |
| CVE-2006-1192 | Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to another site, aka the "Address Bar Spoofing Vulnerability." NOTE: this is a different vulnerability than CVE-2006-1626. | 2.6 | 31.47% | 2006-04-11 | 2026-06-16 |
| CVE-2005-2126 | The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FTP Sites" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite files in arbitrary locations via crafted filenames. | 2.6 | 13.83% | 2005-10-21 | 2026-06-16 |
| CVE-2016-3272 | The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles page-fault system calls, which allows local users to obtain sensitive information from an arbitrary process via a crafted application, aka "Windows Kernel Information Disclosure Vulnerability." | 2.8 | 43.28% | 2016-07-12 | 2026-06-16 |
| CVE-2016-3251 | The GDI component in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to obtain sensitive kernel-address information via a crafted application, aka "Win32k Information Disclosure Vulnerability." | 2.8 | 58.07% | 2016-07-12 | 2026-06-16 |
| CVE-2023-32024 | Microsoft Power Apps Spoofing Vulnerability | 3.0 | 1.49% | 2023-06-14 | 2026-06-17 |
| CVE-2026-0102 | Under specific conditions, a malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent. This could result in disclosure of stored autofill data such as addresses, email, or phone number metadata. | 3.1 | 0.46% | 2026-02-17 | 2026-06-17 |
| CVE-2025-65046 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | 3.1 | 0.23% | 2025-12-18 | 2026-06-17 |
| CVE-2025-59280 | Improper authentication in Windows SMB Client allows an unauthorized attacker to perform tampering over a network. | 3.1 | 0.41% | 2025-10-14 | 2026-06-17 |
| CVE-2025-49731 | Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network. | 3.1 | 0.37% | 2025-07-08 | 2026-06-17 |
| CVE-2023-38158 | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | 3.1 | 1.20% | 2023-08-21 | 2026-06-17 |
| CVE-2023-23395 | Microsoft SharePoint Server Spoofing Vulnerability | 3.1 | 0.60% | 2023-03-14 | 2026-06-17 |
| CVE-2022-29147 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | 3.1 | 0.61% | 2023-06-28 | 2026-06-17 |