Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-57092 | Use after free in Windows VMSwitch allows an authorized attacker to elevate privileges over a network. | 9.9 | 0.99% | 2026-07-14 | 2026-07-17 |
| CVE-2026-56190 | Use of uninitialized resource in Windows RDP allows an unauthorized attacker to execute code over a network. | 9.8 | 0.93% | 2026-07-14 | 2026-07-15 |
| CVE-2026-56188 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Server Network driver allows an unauthorized attacker to execute code over a network. | 9.8 | 1.00% | 2026-07-14 | 2026-07-14 |
| CVE-2026-56159 | Heap-based buffer overflow in Windows DHCP Server allows an unauthorized attacker to execute code over a network. | 9.8 | 0.85% | 2026-07-14 | 2026-07-15 |
| CVE-2026-55944 | Deserialization of untrusted data in Microsoft Dynamics NAV allows an unauthorized attacker to execute code over a network. | 9.8 | 1.31% | 2026-07-14 | 2026-07-14 |
| CVE-2026-55040 | Weak authentication in Microsoft Office SharePoint allows an unauthorized attacker to bypass a security feature over a network. | 9.1 | 0.68% | 2026-07-14 | 2026-07-15 |
| CVE-2026-55010 | Heap-based buffer overflow in Minecraft Bedrock Dedicated Server allows an unauthorized attacker to execute code over a network. | 9.8 | 0.76% | 2026-07-14 | 2026-07-14 |
| CVE-2026-50518 | Heap-based buffer overflow in Windows DHCP Server allows an unauthorized attacker to execute code over a network. | 9.8 | 7.36% | 2026-07-14 | 2026-07-15 |
| CVE-2026-50447 | Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over a network. | 9.8 | 0.93% | 2026-07-14 | 2026-07-15 |
| CVE-2026-50380 | Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network. | 9.6 | 0.62% | 2026-07-14 | 2026-07-15 |
| CVE-2026-58644 KEV | Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network. | 9.8 | 1.47% | 2026-07-14 | 2026-07-17 |
| CVE-2026-55008 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | 9.6 | 0.73% | 2026-07-14 | 2026-07-15 |
| CVE-2026-54990 | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | 9.8 | 0.67% | 2026-07-14 | 2026-07-15 |
| CVE-2026-50522 | Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network. | 9.8 | 20.35% | 2026-07-14 | 2026-07-15 |
| CVE-2026-49798 | Use after free in Windows Kernel allows an unauthorized attacker to elevate privileges locally. | 9.3 | 2.29% | 2026-07-14 | 2026-07-16 |
| CVE-2026-49172 | Heap-based buffer overflow in Windows FTP Service allows an unauthorized attacker to execute code over a network. | 9.8 | 0.67% | 2026-07-14 | 2026-07-14 |
| CVE-2026-48561 | Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to execute code over a network. | 9.6 | 0.75% | 2026-07-14 | 2026-07-16 |
| CVE-2026-42990 | Heap-based buffer overflow in SQL Server ODBC driver allows an unauthorized attacker to execute code over a network. | 9.8 | 0.67% | 2026-07-14 | 2026-07-16 |
| CVE-2026-47646 | Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Customer Voice allows an unauthorized attacker to perform spoofing over a network. | 9.3 | 0.27% | 2026-07-08 | 2026-07-09 |
| CVE-2026-58289 | Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | 9.0 | 0.44% | 2026-07-03 | 2026-07-07 |