聚合 NVD、CVE 及多源情报,深度解析 RCE 等高危风险。系统集成 CVSS 与 EPSS 模型,动态追踪 Exploit 资源与 PoC 公开状态,研判可利用性。结合官方补丁与修复方案,优化漏洞管理优先级,缩短响应周期,保障资产安全。
分配机构(CNA / 来源):[email protected] 移除此筛选
| CVE | 描述 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|
| CVE-2026-45597 | Concurrent execution using shared resource with improper synchronization ('race condition') in UI Automation Manager (uiamanager.dll) allows an authorized attacker to elevate privileges locally. | 7.0 | 0.05% | 2026-06-09 | 2026-06-11 |
| CVE-2026-45598 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | 7.0 | 0.05% | 2026-06-09 | 2026-06-11 |
| CVE-2026-45599 | Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network. | 8.1 | 0.09% | 2026-06-09 | 2026-06-11 |
| CVE-2026-45468 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | 4.6 | 0.06% | 2026-06-09 | 2026-06-11 |
| CVE-2026-45602 | No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network. | 9.1 | 0.07% | 2026-06-09 | 2026-06-10 |
| CVE-2026-45658 | Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | 7.8 | 0.06% | 2026-06-09 | 2026-06-10 |
| CVE-2026-47288 | Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network. | 7.1 | 0.32% | 2026-06-09 | 2026-06-10 |
| CVE-2026-47291 | Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network. | 9.8 | 0.18% | 2026-06-09 | 2026-06-10 |
| CVE-2026-47634 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | 7.3 | 0.06% | 2026-06-09 | 2026-06-10 |
| CVE-2026-47636 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | 5.4 | 0.06% | 2026-06-09 | 2026-06-10 |
| CVE-2026-45657 | Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network. | 9.8 | 0.12% | 2026-06-09 | 2026-06-10 |
| CVE-2026-45656 | Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally. | 7.8 | 0.08% | 2026-06-09 | 2026-06-10 |
| CVE-2026-45453 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | 5.4 | 0.06% | 2026-06-09 | 2026-06-10 |
| CVE-2026-45454 | Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | 6.5 | 0.15% | 2026-06-09 | 2026-06-10 |
| CVE-2026-45462 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | 4.6 | 0.06% | 2026-06-09 | 2026-06-10 |
| CVE-2026-45464 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | 5.4 | 0.06% | 2026-06-09 | 2026-06-10 |
| CVE-2026-45465 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | 5.4 | 0.06% | 2026-06-09 | 2026-06-10 |
| CVE-2026-45600 | Access of resource using incompatible type ('type confusion') in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally. | 7.8 | 0.15% | 2026-06-09 | 2026-06-10 |
| CVE-2026-33828 | Trust boundary violation in Windows Attestation allows an authorized attacker to elevate privileges locally. | 7.8 | 0.15% | 2026-06-09 | 2026-06-10 |
| CVE-2026-34335 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | 7.0 | 0.06% | 2026-06-09 | 2026-06-10 |