CRITICALZero Day
Global

Patch Tuesday - June 2026

·Source: Rapid7

Updated:

Executive Summary

Microsoft is publishing 200 vulnerabilities on June 2026 Patch Tuesday . Microsoft is not aware of exploitation in the wild for any of these vulnerabilities, and is aware of public disclosure for three. This is similar to last month’s Patch Tuesday, however several of last month’s vulnerabilities ended up on CISA KEV in the days following their publication. So far this month, Microsoft has provide

Analysis

Microsoft is publishing 200 vulnerabilities on June 2026 Patch Tuesday . Microsoft is not aware of exploitation in the wild for any of these vulnerabilities, and is aware of public disclosure for three. This is similar to last month’s Patch Tuesday, however several of last month’s vulnerabilities ended up on CISA KEV in the days following their publication. So far this month, Microsoft has provided patches to address 360 browser vulnerabilities, which is an order of magnitude more than has been typical in any given month over the past few years. As usual, browser vulns are not included in the Patch Tuesday count above. Indeed, the vast, and presumably sustained, uptick in the number of browser vulnerabilities has led to Microsoft no longer enumerating Chromium CVEs in the Security Update Guide. Other vulnerability categories, especially Linux kernel vulnerabilities, are seeing a similar increase in AI-assisted vulnerability reports. What's the opposite of coordinated disclosure? In recent weeks, an independent vulnerability researcher going by the pseudonym Nightmare Eclipse has attracted significant attention by publishing details of six Microsoft vulnerabilities, including elevation of privilege vulnerabilities in Defender, and a Secure Boot disk encryption bypass. The researcher provided full proof-of-concept code for some, and provided significant-but-incomplete detail around the path to exploitation for others. Microsoft has confirmed that these disclosures were not coordinated, and it is clear that the relationship between this researcher and Microsoft is less than cordial. Two of the disclosures emerged in the hours after last month’s Patch Tuesday, which provides maximum visibility, while limiting Microsoft’s ability to respond without out-of-cycle patches. At time of writing, Microsoft has provided mitigation advice and patches for CVE-2026-33825 , CVE-2026-45585 , CVE-2026-45498 , and CVE-2026-41091 , leaving only two elevation of privilege vulnerabilities unpatched, known as MiniPlasma and GreenPlasma. However, a recent blog post by Nightmare Eclipse with the title “7” has been widely interpreted to mean that there is at least one more vulnerability to come. The post contained no content other than an image of Albert Vesker, a character from the Resident Evil video game series who formerly worked as a researcher for a technology corporation before going rogue. Any inference around the possible meaning of the image is left as an exercise for the reader. Given the timing of last month’s disclosures in the hours following Patch Tuesday, a further high-friction disclosure today would perhaps be unsurprising. Indeed, a new blog post and a new GitHub account from the same researcher have emerged in the hours following Microsoft’s publication of the June 2026 Patch Tuesday updates. The apparent seventh disclosure is nicknamed RoguePlanet, and appears to describe another elevation of privilege to SYSTEM in Defender. It is not at all difficult to understand why Microsoft and many blue team practitioners are deeply alarmed by the partial or even full disclosure of proof-of-concept code for an ongoing series of vulnerabilities affecting fully-patched Windows systems. However, multiple leading voices in the broader vulnerability disclosure community have expressed concern that Microsoft’s invocation of the Digital Crimes Unit in a May 27, 2026 blog post may yet prove counterproductive, especially if it causes other researchers to back away from mutually beneficial engagements with MSRC. A few days later, MSRC issued a further statement clarifying that they have no intention of pursuing action against security researchers, but only those who break the law or engage in malicious activity causing real harm. For now, one safe conclusion is that this unusually sensational Microsoft vulnerability management story arc is far from over. HTTP/2: denial of service Every so often, a new round of denial of service vulnerabilities emerge which affect web servers implementing HTTP/2 and HTTP/3 standards. This class of vulnerabilities is likely to expand further as researchers, including the discoverers of CVE-2026-49160 , use advances in LLM capability to probe not just specific software, but also the standards on which software rests. Microsoft warns that exploitation leads to uncontrolled resource consumption over a network, and expects that exploitation is more likely. The advisory credits both a third-party research firm and OpenAI’s Codex. Microsoft has not yet directly addressed another HTTP/2 vulnerability which allows trivial denial-of-service against the default HTTP/2 configuration of multiple web server platforms, including Microsoft IIS. CVE-2026-49975, also known as HTTP/2 Bomb, became public knowledge a week ago. This denial of service works by exhausting memory on the target server, and unlike a distributed denial of service attack, there is no requirement that an attacker control a large amount of bandwidth. Patches are available for NGINX and Apache, with IIS presumably to follow at some point. If practically possible, disabling HTTP/2 is a valid mitigation. PowerToys: SYSTEM EoP The Microsoft PowerToys utility provides a wide variety of useful control and configuration options for Windows power users which aren’t otherwise easily accessible. It turns out that PowerToys also offers an undocumented extra: local elevation of privilege to SYSTEM via successful exploitation of CVE-2026-42902 . It is worth noting that the fix was included in PowerToys v0.99.1 on April 29, 2026, without any apparent mention in the release notes . Attackers with patch-diffing toolkits may well take note of this discrepancy. Microsoft lifecycle update There are no significant Microsoft product lifecycle changes this month. SQL Server 2016 moves beyond regular extended support and into the pay-to-play Extended Security Updates (ESU) phase after July 14, 2026. On that same date, SharePoint 2016 and 2019 will also move past extended support, but since there’s no ESU available, the only remaining option for fully-supported self-hosted SharePoint after the middle of next month will be SharePoint Subscription Edition. Summary charts Vulnerabilities by Product Family Apps vulnerabilities CVE Title Exploitation status Publicly disclosed? CVSS v3 base score CVE-2026-45650 Microsoft Bing Search Spoofing Vulnerability Exploitation Less Likely No 4.3 CVE-2026-49161 Microsoft PC Manager Security Feature Bypass Vulnerability Exploitation Unlikely No 7.8 CVE-2026-42902 Microsoft PowerToys Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-45649 Office for Android Spoofing Vulnerability Exploitation Unlikely No 7.1 CVE-2026-44803 Windows Graphics Component Remote Code Execution Vulnerability Exploitation More Likely No 7.8 CVE-2026-44812 Windows Graphics Component Remote Code Execution Vulnerability Exploitation More Likely No 7.8 Azure vulnerabilities CVE Title Exploitation status Publicly disclosed? CVSS v3 base score CVE-2026-32193 Azure Kubernetes Service (AKS) Remote Code Execution Vulnerability Exploitation Unlikely No 8.8 CVE-2026-47643 Azure Stack Edge Remote Code Execution Vulnerability Exploitation Unlikely No 9.8 CVE-2026-41098 Azure Stack Edge Spoofing Vulnerability Exploitation Less Likely No 8.4 Developer Tools vulnerabilities CVE Title Exploitation status Publicly disclosed? CVSS v3 base score CVE-2026-45490 .NET SDK Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-45491 .NET Tampering Vulnerability Exploitation Unlikely No 6.2 CVE-2026-45591 ASP.NET Core Denial of Service Vulnerability Exploitation Less Likely No 7.5 CVE-2026-45644 Microsoft Live Share Canvas SDK Elevation of Privilege Vulnerability Exploitation Less Likely No 8.0 CVE-2026-45482 Microsoft Visual Studio Code CoPilot Chat Extension Security Feature Bypass Vulnerability Exploitation Less Likely No 8.4 CVE-2026-40376 Visual Studio Code Elevation of Privilege Vulnerability Exploitation Less Likely No 7.5 CVE-2026-47281 Visual Studio Code Elevation of Privilege Vulnerability Exploitation Unlikely No 9.6 CVE-2026-47284 Visual Studio Code Information Disclosure Vulnerability Exploitation Less Likely No 6.5 CVE-2026-47292 Visual Studio Code MSSQL Extension Remote Code Execution Vulnerability Exploitation Less Likely No 7.8 CVE-2026-48569 Visual Studio Code Security Feature Bypass Vulnerability Exploitation Less Likely No 7.1 CVE-2026-47287 Visual Studio Code Tampering Vulnerability Exploitation Less Likely No 6.5 ESU vulnerabilities CVE Title Exploitation status Publicly disclosed? CVSS v3 base score CVE-2025-10263 ARM: CVE-2025-10263 Completion of affected memory accesses might not be guaranteed by completion of a TLBI [kernel] Exploitation Less Likely No 9.3 CVE-2026-44815 DHCP Client Service Remote Code Execution Vulnerability Exploitation Less Likely No 9.8 CVE-2026-49160 HTTP.sys Denial of Service Vulnerability Exploitation More Likely Yes 7.5 CVE-2026-47291 HTTP.sys Remote Code Execution Vulnerability Exploitation More Likely No 9.8 CVE-2026-45642 Microsoft Azure Attestation service and Device Health Attestation Service Spoofing Vulnerability Exploitation Less Likely No 3.9 CVE-2026-45637 Microsoft DWM Core Library Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-45504 Microsoft Exchange Server Elevation of Privilege Vulnerability Exploitation Unlikely No 8.8 CVE-2026-45502 Microsoft Exchange Server Information Disclosure Vulnerability Exploitation Unlikely No 5.0 CVE-2026-45503 Microsoft Exchange Server Information Disclosure Vulnerability Exploitation Unlikely No 8.1 CVE-2026-45583 Microsoft Exchange Server Remote Code Execution Vulnerability Exploitation Less Likely No 7.5 CVE-2026-45500 Microsoft Exchange Server Spoofing Vulnerability Exploitation Less Likely No 6.1 CVE-2026-45501 Microsoft Exchange Server Spoofing Vulnerability Exploitation Less Likely No 6.5 CVE-2026-47631 Microsoft Exchange Server Spoofing Vulnerability Exploitation Less Likely No 8.1 CVE-2026-42986 Microsoft Graphics Component Elevation of Privilege Vulnerability Exploitation More Likely No 7.8 CVE-2026-41092 Microsoft Kinect Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-45606 Microsoft UxTheme Library (uxtheme.dll) Denial of Service Vulnerability Exploitation Less Likely No 5.5 CVE-2026-42980 NT OS Kernel Elevation of Privilege Vulnerability Exploitation More Likely No 7.8 CVE-2026-42916 NT OS Kernel Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-47289 Remote Desktop Client Remote Code Execution Vulnerability Exploitation Less Likely No 8.8 CVE-2026-47653 Remote Desktop Client Remote Code Execution Vulnerability Exploitation Unlikely No 8.8 CVE-2026-48563 Remote Desktop Client Remote Code Execution Vulnerability Exploitation Less Likely No 7.5 CVE-2026-42909 Remote Desktop Client Remote Code Execution Vulnerability Exploitation Unlikely No 7.5 CVE-2026-42992 Remote Desktop Client Remote Code Execution Vulnerability Exploitation Less Likely No 7.5 CVE-2026-44799 Remote Desktop Client Remote Code Execution Vulnerability Exploitation Less Likely No 7.5 CVE-2026-44801 Remote Desktop Client Remote Code Execution Vulnerability Exploitation Less Likely No 7.5 CVE-2026-42985 Remote Desktop Client Remote Code Execution Vulnerability Exploitation More Likely No 8.8 CVE-2026-42993 Remote Desktop Client Remote Code Execution Vulnerability Exploitation Less Likely No 7.5 CVE-2026-45588 Secure Boot Security Feature Bypass Vulnerability Exploitation Less Likely No 7.9 CVE-2026-48568 Secure Boot Security Feature Bypass Vulnerability Exploitation Less Likely No 7.9 CVE-2026-48570 Secure Boot Security Feature Bypass Vulnerability Exploitation Less Likely No 7.9 CVE-2026-48573 Secure Boot Security Feature Bypass Vulnerability Exploitation Less Likely No 7.9 CVE-2026-48575 Secure Boot Security Feature Bypass Vulnerability Exploitation Less Likely No 7.9 CVE-2026-48576 Secure Boot Security Feature Bypass Vulnerability Exploitation Less Likely No 7.9 CVE-2026-48578 Secure Boot Security Feature Bypass Vulnerability Exploitation Less Likely No 7.9 CVE-2026-45656 UEFI Secure Boot Security Feature Bypass Vulnerability Exploitation Less Likely No 7.8 CVE-2026-8863 UEFI Secure Boot Security Feature Bypass Vulnerability Exploitation Less Likely No 7.8 CVE-2026-34335 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Exploitation Unlikely No 7.0 CVE-2026-45601 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-45598 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-45596 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-45638 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-45603 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-42911 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-45594 Windows Application Identity (AppID) Information Disclosure Vulnerability Exploitation Less Likely No 5.5 CVE-2026-45655 Windows BitLocker Security Feature Bypass Vulnerability Exploitation Less Likely No 5.3 CVE-2026-45658 Windows BitLocker Security Feature Bypass Vulnerability Exploitation More Likely No 7.8 CVE-2026-50507 Windows BitLocker Security Feature Bypass Vulnerability Exploitation More Likely Yes 6.8 CVE-2026-45640 Windows Bluetooth Port Driver Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-45605 Windows Bluetooth Service Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-47656 Windows Boot Manager Security Feature Bypass Vulnerability Exploitation Less Likely No 7.9 CVE-2026-45586 Windows Collaborative Translation Framework (CTFMON) Elevation of Privilege Vulnerability Exploitation More Likely Yes 7.8 CVE-2026-42987 Windows Deployment Services (WDS) Remote Code Execution Exploitation Less Likely No 8.1 CVE-2026-33828 Windows Device Health Attestation (DHA) Elevation of Privilege Vulnerability Exploitation Unlikely No 7.8 CVE-2026-45634 Windows DHCP Client Information Disclosure Vulnerability Exploitation Unlikely No 5.5 CVE-2026-45608 Windows DHCP Client Information Disclosure Vulnerability Exploitation Unlikely No 6.8 CVE-2026-41108 Windows DNS Client Elevation of Privilege Vulnerability Exploitation Unlikely No 7.0 CVE-2026-42905 Windows DWM Core Library Elevation of Privilege Vulnerability Exploitation More Likely No 7.8 CVE-2026-42983 Windows DWM Core Library Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-44802 Windows DWM Core Library Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-45602 Windows Dynamic Host Configuration Protocol (DHCP) Tampering Vulnerability Exploitation Less Likely No 9.1 CVE-2026-42836 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-44803 Windows Graphics Component Remote Code Execution Vulnerability Exploitation More Likely No 7.8 CVE-2026-44812 Windows Graphics Component Remote Code Execution Vulnerability Exploitation More Likely No 7.8 CVE-2026-42972 Windows Hyper-V Information Disclosure Vulnerability Exploitation Less Likely No 5.5 CVE-2026-45607 Windows Hyper-V Remote Code Execution Vulnerability Exploitation Less Likely No 8.4 CVE-2026-45641 Windows Hyper-V Remote Code Execution Vulnerability Exploitation Less Likely No 8.4 CVE-2026-45592 Windows Internet (wininet.dll) Elevation of Privilege Vulnerability Exploitation Unlikely No 7.8 CVE-2026-42903 Windows Kerberos Denial of Service Vulnerability Exploitation Unlikely No 6.5 CVE-2026-42914 Windows Kerberos Denial of Service Vulnerability Exploitation Less Likely No 5.3 CVE-2026-47288 Windows Kerberos Key Distribution Center (KDC) Remote Code Execution Exploitation Unlikely No 7.1 CVE-2026-48583 Windows Kernel Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-45653 Windows Kernel Elevation of Privilege Vulnerability Exploitation Unlikely No 7.0 CVE-2026-42984 Windows Kernel Elevation of Privilege Vulnerability Exploitation Unlikely No 7.0 CVE-2026-45595 Windows Mark of the Web Security Feature Bypass Vulnerability Exploitation Less Likely No 5.4 CVE-2026-48574 Windows Media Remote Code Execution Vulnerability Exploitation Less Likely No 7.8 CVE-2026-45636 Windows NTFS Remote Code Execution Vulnerability Exploitation Less Likely No 7.8 CVE-2026-50508 Windows NTLM Spoofing Vulnerability Exploitation More Likely No 6.5 CVE-2026-45487 Windows Program Compatibility Assistant Service Elevation of Privilege Vulnerability Exploitation Unlikely No 7.8 CVE-2026-42828 Windows Projected File System Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-42837 Windows Projected File System Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-42969 Windows Push Notification Information Disclosure Vulnerability Exploitation Unlikely No 5.5 CVE-2026-42971 Windows Push Notification Information Disclosure Vulnerability Exploitation Less Likely No 5.5 CVE-2026-42970 Windows Push Notification Information Disclosure Vulnerability Exploitation Less Likely No 5.5 CVE-2026-42973 Windows Push Notification Information Disclosure Vulnerability Exploitation Less Likely No 5.5 CVE-2026-42978 Windows Push Notifications Elevation of Privilege Vulnerability Exploitation Unlikely No 7.8 CVE-2026-42977 Windows Push Notifications Elevation of Privilege Vulnerability Exploitation Unlikely No 7.8 CVE-2026-42979 Windows Push Notifications Elevation of Privilege Vulnerability Exploitation Unlikely No 7.8 CVE-2026-42991 Windows Push Notifications Elevation of Privilege Vulnerability Exploitation Unlikely No 7.8 CVE-2026-45639 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability Exploitation Less Likely No 7.5 CVE-2026-42908 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability Exploitation Less Likely No 7.5 CVE-2026-45593 Windows SDK Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-42906 Windows Shell Information Disclosure Vulnerability Exploitation Less Likely No 5.5 CVE-2026-42907 Windows Shell Information Disclosure Vulnerability Exploitation Less Likely No 6.5 CVE-2026-47648 Windows Storage Elevation of Privilege Vulnerability Exploitation Unlikely No 7.0 CVE-2026-42915 Windows TCP/IP Denial of Service Vulnerability Exploitation Less Likely No 5.7 CVE-2026-42904 Windows TCP/IP Elevation of Privilege Vulnerability Exploitation Unlikely No 9.6 CVE-2026-42968 Windows Telephony Server Information Disclosure Vulnerability Exploitation Less Likely No 5.5 CVE-2026-42912 Windows Telephony Service Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-40409 Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-40404 Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-45599 Windows UPnP Device Host Remote Code Execution Vulnerability Exploitation Less Likely No 8.1 CVE-2026-45635 Windows UPnP Device Host Remote Code Execution Vulnerability Exploitation Less Likely No 8.1 CVE-2026-42989 Winlogon Elevation of Privilege Vulnerability Exploitation More Likely No 7.8 Mariner vulnerabilities CVE Title Exploitation status Publicly disclosed? CVSS v3 base score CVE-2026-40930 LIBPNG: Chunk smuggling in push-mode APNG parser via unconsumed chunk body n/a No 5.4 Microsoft Dynamics vulnerabilities CVE Title Exploitation status Publicly disclosed? CVSS v3 base score CVE-2026-40371 Microsoft Dynamics 365 (on-premises) Elevation of Privilege Vulnerability Exploitation Less Likely No 8.8 Microsoft Office vulnerabilities CVE Title Exploitation status Publicly disclosed? CVSS v3 base score CVE-2026-44822 Microsoft Excel Information Disclosure Vulnerability Exploitation Unlikely No 8.2 CVE-2026-45455 Microsoft Excel Information Disclosure Vulnerability Exploitation Less Likely No 3.3 CVE-2026-45469 Microsoft Excel Remote Code Execution Vulnerability Exploitation Less Likely No 7.8 CVE-2026-44817 Microsoft Excel Remote Code Execution Vulnerability Exploitation Unlikely No 7.8 CVE-2026-44818 Microsoft Excel Remote Code Execution Vulnerability Exploitation Less Likely No 7.0 CVE-2026-44820 Microsoft Excel Remote Code Execution Vulnerability Exploitation Less Likely No 7.8 CVE-2026-44823 Microsoft Excel Remote Code Execution Vulnerability Exploitation Less Likely No 7.8 CVE-2026-45459 Microsoft Excel Security Feature Bypass Vulnerability Exploitation Less Likely No 3.3 CVE-2026-47293 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-45485 Microsoft Office Information Disclosure Vulnerability Exploitation Less Likely No 3.3 CVE-2026-44821 Microsoft Office Information Disclosure Vulnerability Exploitation Less Likely No 5.5 CVE-2026-45460 Microsoft Office Information Disclosure Vulnerability Exploitation Unlikely No 4.7 CVE-2026-45483 Microsoft Office Project Server Spoofing Vulnerability Exploitation Less Likely No 4.6 CVE-2026-45475 Microsoft Office Remote Code Execution Vulnerability Exploitation Less Likely No 7.8 CVE-2026-45472 Microsoft Office Remote Code Execution Vulnerability Exploitation Less Likely No 8.4 CVE-2026-45474 Microsoft Office Remote Code Execution Vulnerability Exploitation Less Likely No 8.4 CVE-2026-44819 Microsoft Office Remote Code Execution Vulnerability Exploitation Less Likely No 7.8 CVE-2026-44824 Microsoft Office Remote Code Execution Vulnerability Exploitation Less Likely No 7.8 CVE-2026-45461 Microsoft Office Remote Code Execution Vulnerability Exploitation Less Likely No 8.4 CVE-2026-45645 Microsoft Office Remote Code Execution Vulnerability Exploitation Less Likely No 7.8 CVE-2026-45463 Microsoft Office Remote Code Execution Vulnerability Exploitation Less Likely No 8.4 CVE-2026-45456 Microsoft Outlook and Word Remote Code Execution Vulnerability Exploitation Less Likely No 8.4 CVE-2026-45458 Microsoft Outlook and Word Remote Code Execution Vulnerability Exploitation Less Likely No 8.4 CVE-2026-47635 Microsoft Outlook and Word Remote Code Execution Vulnerability Exploitation Less Likely No 8.4 CVE-2026-45484 Microsoft SharePoint Elevation of Privilege Vulnerability Exploitation Less Likely No 8.8 CVE-2026-45454 Microsoft SharePoint Remote Code Execution Vulnerability Exploitation Less Likely No 6.5 CVE-2026-47298 Microsoft SharePoint Server Remote Code Execution Vulnerability Exploitation Less Likely No 8.0 CVE-2026-45467 Microsoft SharePoint Server Spoofing Vulnerability Exploitation Less Likely No 4.6 CVE-2026-45468 Microsoft SharePoint Server Spoofing Vulnerability Exploitation Less Likely No 4.6 CVE-2026-45479 Microsoft SharePoint Server Spoofing Vulnerability Exploitation Less Likely No 4.6 CVE-2026-45453 Microsoft SharePoint Server Spoofing Vulnerability Exploitation Less Likely No 5.4 CVE-2026-47636 Microsoft SharePoint Server Spoofing Vulnerability Exploitation Less Likely No 5.4 CVE-2026-47637 Microsoft SharePoint Server Spoofing Vulnerability Exploitation Less Likely No 4.6 CVE-2026-47638 Microsoft SharePoint Server Spoofing Vulnerability Exploitation Less Likely No 4.6 CVE-2026-47639 Microsoft SharePoint Server Spoofing Vulnerability Exploitation Unlikely No 5.4 CVE-2026-47641 Microsoft SharePoint Server Spoofing Vulnerability Exploitation Less Likely No 4.6 CVE-2026-33113 Microsoft SharePoint Server Spoofing Vulnerability Exploitation Less Likely No 5.4 CVE-2026-45462 Microsoft SharePoint Server Spoofing Vulnerability Exploitation Less Likely No 4.6 CVE-2026-45464 Microsoft SharePoint Server Spoofing Vulnerability Exploitation Less Likely No 5.4 CVE-2026-45465 Microsoft SharePoint Server Spoofing Vulnerability Exploitation Less Likely No 5.4 CVE-2026-47634 Microsoft SharePoint Server Spoofing Vulnerability Exploitation More Likely No 7.3 CVE-2026-47640 Microsoft SharePoint Server Spoofing Vulnerability Exploitation Unlikely No 4.6 CVE-2026-45481 Microsoft SharePoint Server Spoofing Vulnerability Exploitation More Likely No 7.3 CVE-2026-48560 Microsoft SharePoint Server Spoofing Vulnerability Exploitation Less Likely No 5.4 CVE-2026-48562 Microsoft SharePoint Server Spoofing Vulnerability Exploitation Less Likely No 4.6 CVE-2026-42835 Microsoft Teams for Android Information Disclosure Vulnerability Exploitation Less Likely No 8.1 CVE-2026-45466 Microsoft Word Information Disclosure Vulnerability Exploitation Unlikely No 3.3 CVE-2026-45471 Microsoft Word Remote Code Execution Vulnerability Exploitation Less Likely No 7.8 CVE-2026-45486 Microsoft Word Remote Code Execution Vulnerability Exploitation Less Likely No 7.8 CVE-2026-45643 Microsoft Word Remote Code Execution Vulnerability Exploitation Less Likely No 7.8 CVE-2026-45457 Microsoft Word Remote Code Execution Vulnerability Exploitation Less Likely No 7.8 CVE-2026-45649 Office for Android Spoofing Vulnerability Exploitation Unlikely No 7.1 CVE-2026-44803 Windows Graphics Component Remote Code Execution Vulnerability Exploitation More Likely No 7.8 CVE-2026-44812 Windows Graphics Component Remote Code Execution Vulnerability Exploitation More Likely No 7.8 Open Source Software vulnerabilities CVE Title Exploitation status Publicly disclosed? CVSS v3 base score CVE-2026-11463 USCiLab Cereal Shared Pointer type confusion n/a No 7.3 CVE-2026-49975 Apache HTTP Server: mod_http2 denial of service n/a No 7.5 CVE-2026-50265 Rejected reason: This CVE ID was assigned as a duplicate of CVE-2026-50292 n/a No 5.3 CVE-2026-40930 LIBPNG: Chunk smuggling in push-mode APNG parser via unconsumed chunk body n/a No 5.4 CVE-2026-10879 DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders n/a No 8.6 CVE-2026-50261 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in syncchangecounter() n/a No 7.8 CVE-2026-50256 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libxfont2 name length mismatch n/a No 7.8 CVE-2026-50262 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: out-of-bounds read/write in glx changedrawableattributes n/a No 5.5 CVE-2026-50260 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in freecounter() n/a No 6.6 CVE-2026-50259 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in xkb setmap request via mapwidths indexing n/a No 7.8 CVE-2026-50257 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in misyncdestroyfence() n/a No 6.6 CVE-2026-50258 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in xkb key types due to unchecked shift levels n/a No 7.8 CVE-2026-50263 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free information disclosure in createsaverwindow() n/a No 5.5 Other vulnerabilities CVE Title Exploitation status Publicly disclosed? CVSS v3 base score CVE-2026-45476 Microsoft Azure Network Adapter Elevation of Privilege Vulnerability Exploitation Less Likely No 8.2 CVE-2026-26142 Nuance PowerScribe Remote Code Execution Vulnerability Exploitation Less Likely No 9.8 Server Software vulnerabilities CVE Title Exploitation status Publicly disclosed? CVSS v3 base score CVE-2026-45504 Microsoft Exchange Server Elevation of Privilege Vulnerability Exploitation Unlikely No 8.8 CVE-2026-45502 Microsoft Exchange Server Information Disclosure Vulnerability Exploitation Unlikely No 5.0 CVE-2026-45503 Microsoft Exchange Server Information Disclosure Vulnerability Exploitation Unlikely No 8.1 CVE-2026-45583 Microsoft Exchange Server Remote Code Execution Vulnerability Exploitation Less Likely No 7.5 CVE-2026-45500 Microsoft Exchange Server Spoofing Vulnerability Exploitation Less Likely No 6.1 CVE-2026-45501 Microsoft Exchange Server Spoofing Vulnerability Exploitation Less Likely No 6.5 CVE-2026-47631 Microsoft Exchange Server Spoofing Vulnerability Exploitation Less Likely No 8.1 System Center vulnerabilities CVE Title Exploitation status Publicly disclosed? CVSS v3 base score CVE-2026-45647 Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability Exploitation Less Likely No 5.5 Windows vulnerabilities CVE Title Exploitation status Publicly disclosed? CVSS v3 base score CVE-2025-10263 ARM: CVE-2025-10263 Completion of affected memory accesses might not be guaranteed by completion of a TLBI [kernel] Exploitation Less Likely No 9.3 CVE-2026-44815 DHCP Client Service Remote Code Execution Vulnerability Exploitation Less Likely No 9.8 CVE-2026-49160 HTTP.sys Denial of Service Vulnerability Exploitation More Likely Yes 7.5 CVE-2026-47291 HTTP.sys Remote Code Execution Vulnerability Exploitation More Likely No 9.8 CVE-2026-45642 Microsoft Azure Attestation service and Device Health Attestation Service Spoofing Vulnerability Exploitation Less Likely No 3.9 CVE-2026-44810 Microsoft Cryptographic Services Elevation of Privilege Vulnerability Exploitation Less Likely No 8.4 CVE-2026-45637 Microsoft DWM Core Library Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-42986 Microsoft Graphics Component Elevation of Privilege Vulnerability Exploitation More Likely No 7.8 CVE-2026-41092 Microsoft Kinect Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-45606 Microsoft UxTheme Library (uxtheme.dll) Denial of Service Vulnerability Exploitation Less Likely No 5.5 CVE-2026-42980 NT OS Kernel Elevation of Privilege Vulnerability Exploitation More Likely No 7.8 CVE-2026-42916 NT OS Kernel Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-47289 Remote Desktop Client Remote Code Execution Vulnerability Exploitation Less Likely No 8.8 CVE-2026-47653 Remote Desktop Client Remote Code Execution Vulnerability Exploitation Unlikely No 8.8 CVE-2026-47654 Remote Desktop Client Remote Code Execution Vulnerability Exploitation Unlikely No 7.5 CVE-2026-48563 Remote Desktop Client Remote Code Execution Vulnerability Exploitation Less Likely No 7.5 CVE-2026-42909 Remote Desktop Client Remote Code Execution Vulnerability Exploitation Unlikely No 7.5 CVE-2026-42913 Remote Desktop Client Remote Code Execution Vulnerability Exploitation Unlikely No 7.5 CVE-2026-42992 Remote Desktop Client Remote Code Execution Vulnerability Exploitation Less Likely No 7.5 CVE-2026-44799 Remote Desktop Client Remote Code Execution Vulnerability Exploitation Less Likely No 7.5 CVE-2026-44801 Remote Desktop Client Remote Code Execution Vulnerability Exploitation Less Likely No 7.5 CVE-2026-42985 Remote Desktop Client Remote Code Execution Vulnerability Exploitation More Likely No 8.8 CVE-2026-42993 Remote Desktop Client Remote Code Execution Vulnerability Exploitation Less Likely No 7.5 CVE-2026-45588 Secure Boot Security Feature Bypass Vulnerability Exploitation Less Likely No 7.9 CVE-2026-48568 Secure Boot Security Feature Bypass Vulnerability Exploitation Less Likely No 7.9 CVE-2026-48570 Secure Boot Security Feature Bypass Vulnerability Exploitation Less Likely No 7.9 CVE-2026-48573 Secure Boot Security Feature Bypass Vulnerability Exploitation Less Likely No 7.9 CVE-2026-48575 Secure Boot Security Feature Bypass Vulnerability Exploitation Less Likely No 7.9 CVE-2026-48576 Secure Boot Security Feature Bypass Vulnerability Exploitation Less Likely No 7.9 CVE-2026-48578 Secure Boot Security Feature Bypass Vulnerability Exploitation Less Likely No 7.9 CVE-2026-45654 Secure Boot Security Feature Bypass Vulnerability Exploitation Less Likely No 7.9 CVE-2026-45656 UEFI Secure Boot Security Feature Bypass Vulnerability Exploitation Less Likely No 7.8 CVE-2026-8863 UEFI Secure Boot Security Feature Bypass Vulnerability Exploitation Less Likely No 7.8 CVE-2026-45648 Windows Active Directory Domain Services Remote Code Execution Vulnerability Exploitation Unlikely No 8.8 CVE-2026-42829 Windows Administrator Protection Secure Feature Bypass Vulnerability Exploitation Less Likely No 7.8 CVE-2026-34335 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Exploitation Unlikely No 7.0 CVE-2026-45601 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-45598 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-45596 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-45638 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-45603 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-42911 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-45594 Windows Application Identity (AppID) Information Disclosure Vulnerability Exploitation Less Likely No 5.5 CVE-2026-45655 Windows BitLocker Security Feature Bypass Vulnerability Exploitation Less Likely No 5.3 CVE-2026-45658 Windows BitLocker Security Feature Bypass Vulnerability Exploitation More Likely No 7.8 CVE-2026-50507 Windows BitLocker Security Feature Bypass Vulnerability Exploitation More Likely Yes 6.8 CVE-2026-45640 Windows Bluetooth Port Driver Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-45605 Windows Bluetooth Service Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-47656 Windows Boot Manager Security Feature Bypass Vulnerability Exploitation Less Likely No 7.9 CVE-2026-45586 Windows Collaborative Translation Framework (CTFMON) Elevation of Privilege Vulnerability Exploitation More Likely Yes 7.8 CVE-2026-44809 Windows Common Log File System Driver Elevation of Privilege Vulnerability Exploitation Unlikely No 7.8 CVE-2026-42987 Windows Deployment Services (WDS) Remote Code Execution Exploitation Less Likely No 8.1 CVE-2026-33828 Windows Device Health Attestation (DHA) Elevation of Privilege Vulnerability Exploitation Unlikely No 7.8 CVE-2026-45634 Windows DHCP Client Information Disclosure Vulnerability Exploitation Unlikely No 5.5 CVE-2026-45608 Windows DHCP Client Information Disclosure Vulnerability Exploitation Unlikely No 6.8 CVE-2026-41108 Windows DNS Client Elevation of Privilege Vulnerability Exploitation Unlikely No 7.0 CVE-2026-42905 Windows DWM Core Library Elevation of Privilege Vulnerability Exploitation More Likely No 7.8 CVE-2026-44811 Windows DWM Core Library Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-44808 Windows DWM Core Library Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-44807 Windows DWM Core Library Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-42983 Windows DWM Core Library Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-44802 Windows DWM Core Library Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-44813 Windows DWM Core Library Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-44804 Windows DWM Core Library Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-48566 Windows DWM Core Library Information Disclosure Vulnerability Exploitation Less Likely No 5.5 CVE-2026-44814 Windows DWM Core Library Information Disclosure Vulnerability Exploitation Less Likely No 5.5 CVE-2026-45602 Windows Dynamic Host Configuration Protocol (DHCP) Tampering Vulnerability Exploitation Less Likely No 9.1 CVE-2026-42836 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-44803 Windows Graphics Component Remote Code Execution Vulnerability Exploitation More Likely No 7.8 CVE-2026-44812 Windows Graphics Component Remote Code Execution Vulnerability Exploitation More Likely No 7.8 CVE-2026-42910 Windows Hotpatch Monitoring Service Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-42972 Windows Hyper-V Information Disclosure Vulnerability Exploitation Less Likely No 5.5 CVE-2026-45607 Windows Hyper-V Remote Code Execution Vulnerability Exploitation Less Likely No 8.4 CVE-2026-45641 Windows Hyper-V Remote Code Execution Vulnerability Exploitation Less Likely No 8.4 CVE-2026-47652 Windows Hyper-V Remote Code Execution Vulnerability Exploitation Less Likely No 8.2 CVE-2026-45592 Windows Internet (wininet.dll) Elevation of Privilege Vulnerability Exploitation Unlikely No 7.8 CVE-2026-42903 Windows Kerberos Denial of Service Vulnerability Exploitation Unlikely No 6.5 CVE-2026-42914 Windows Kerberos Denial of Service Vulnerability Exploitation Less Likely No 5.3 CVE-2026-47288 Windows Kerberos Key Distribution Center (KDC) Remote Code Execution Exploitation Unlikely No 7.1 CVE-2026-48583 Windows Kernel Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-45653 Windows Kernel Elevation of Privilege Vulnerability Exploitation Unlikely No 7.0 CVE-2026-42984 Windows Kernel Elevation of Privilege Vulnerability Exploitation Unlikely No 7.0 CVE-2026-45657 Windows Kernel Remote Code Execution Vulnerability Exploitation Less Likely No 9.8 CVE-2026-45600 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Exploitation Unlikely No 7.8 CVE-2026-45604 Windows Managed Installer Information Disclosure Vulnerability Exploitation Less Likely No 5.5 CVE-2026-45595 Windows Mark of the Web Security Feature Bypass Vulnerability Exploitation Less Likely No 5.4 CVE-2026-48574 Windows Media Remote Code Execution Vulnerability Exploitation Less Likely No 7.8 CVE-2026-48565 Windows Narrator Braille Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-44805 Windows Network Controller (NC) Host Agent Denial of Service Vulnerability Exploitation Unlikely No 5.5 CVE-2026-45636 Windows NTFS Remote Code Execution Vulnerability Exploitation Less Likely No 7.8 CVE-2026-50508 Windows NTLM Spoofing Vulnerability Exploitation More Likely No 6.5 CVE-2026-42981 Windows Performance Monitor Remote Code Execution Vulnerability Exploitation Less Likely No 8.1 CVE-2026-42974 Windows Performance Monitor Remote Code Execution Vulnerability Exploitation Less Likely No 8.1 CVE-2026-45487 Windows Program Compatibility Assistant Service Elevation of Privilege Vulnerability Exploitation Unlikely No 7.8 CVE-2026-42828 Windows Projected File System Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-42837 Windows Projected File System Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-42969 Windows Push Notification Information Disclosure Vulnerability Exploitation Unlikely No 5.5 CVE-2026-42971 Windows Push Notification Information Disclosure Vulnerability Exploitation Less Likely No 5.5 CVE-2026-42970 Windows Push Notification Information Disclosure Vulnerability Exploitation Less Likely No 5.5 CVE-2026-42973 Windows Push Notification Information Disclosure Vulnerability Exploitation Less Likely No 5.5 CVE-2026-42978 Windows Push Notifications Elevation of Privilege Vulnerability Exploitation Unlikely No 7.8 CVE-2026-42977 Windows Push Notifications Elevation of Privilege Vulnerability Exploitation Unlikely No 7.8 CVE-2026-42979 Windows Push Notifications Elevation of Privilege Vulnerability Exploitation Unlikely No 7.8 CVE-2026-42991 Windows Push Notifications Elevation of Privilege Vulnerability Exploitation Unlikely No 7.8 CVE-2026-45639 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability Exploitation Less Likely No 7.5 CVE-2026-42908 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability Exploitation Less Likely No 7.5 CVE-2026-45593 Windows SDK Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-42906 Windows Shell Information Disclosure Vulnerability Exploitation Less Likely No 5.5 CVE-2026-42907 Windows Shell Information Disclosure Vulnerability Exploitation Less Likely No 6.5 CVE-2026-47648 Windows Storage Elevation of Privilege Vulnerability Exploitation Unlikely No 7.0 CVE-2026-42915 Windows TCP/IP Denial of Service Vulnerability Exploitation Less Likely No 5.7 CVE-2026-42904 Windows TCP/IP Elevation of Privilege Vulnerability Exploitation Unlikely No 9.6 CVE-2026-42968 Windows Telephony Server Information Disclosure Vulnerability Exploitation Less Likely No 5.5 CVE-2026-42912 Windows Telephony Service Elevation of Privilege Vulnerability Exploitation Less Likely No 7.0 CVE-2026-45597 Windows UI Automation Manager (uiamanager.dll) Elevation of Privilege Vulnerability Exploitation Unlikely No 7.0 CVE-2026-40409 Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-40404 Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability Exploitation Less Likely No 7.8 CVE-2026-45599 Windows UPnP Device Host Remote Code Execution Vulnerability Exploitation Less Likely No 8.1 CVE-2026-45635 Windows UPnP Device Host Remote Code Execution Vulnerability Exploitation Less Likely No 8.1 CVE-2026-42989 Winlogon Elevation of Privilege Vulnerability Exploitation More Likely No 7.8 Zero-Day Vulnerabilities: Publicly Disclosed (No known exploitation) CVE Title Exploitation status Publicly disclosed? CVSS v3 base score CVE-2026-49160 HTTP.sys Denial of Service Vulnerability Exploitation More Likely Yes 7.5 CVE-2026-50507 Windows BitLocker Security Feature Bypass Vulnerability Exploitation More Likely Yes 6.8 CVE-2026-45586 Windows Collaborative Translation Framework (CTFMON) Elevation of Privilege Vulnerability Exploitation More Likely Yes 7.8 Critical RCEs CVE Title Exploitation status Publicly disclosed? CVSS v3 base score CVE-2025-10263 ARM: CVE-2025-10263 Completion of affected memory accesses might not be guaranteed by completion of a TLBI [kernel] Exploitation Less Likely No 9.3 CVE-2026-47643 Azure Stack Edge Remote Code Execution Vulnerability Exploitation Unlikely No 9.8 CVE-2026-44815 DHCP Client Service Remote Code Execution Vulnerability Exploitation Less Likely No 9.8 CVE-2026-47291 HTTP.sys Remote Code Execution Vulnerability Exploitation More Likely No 9.8 CVE-2026-26142 Nuance PowerScribe Remote Code Execution Vulnerability Exploitation Less Likely No 9.8 CVE-2026-47281 Visual Studio Code Elevation of Privilege Vulnerability Exploitation Unlikely No 9.6 CVE-2026-45602 Windows Dynamic Host Configuration Protocol (DHCP) Tampering Vulnerability Exploitation Less Likely No 9.1 CVE-2026-45657 Windows Kernel Remote Code Execution Vulnerability Exploitation Less Likely No 9.8 CVE-2026-42904 Windows TCP/IP Elevation of Privilege Vulnerability Exploitation Unlikely No 9.6

Indicators of Compromise (218)

CVE (218)
CVE-2026-33825
NVDMITRE CVE
CVE-2026-45585
NVDMITRE CVE
CVE-2026-45498
NVDMITRE CVE
CVE-2026-41091
NVDMITRE CVE
CVE-2026-49160
NVDMITRE CVE
CVE-2026-49975
NVDMITRE CVE
CVE-2026-42902
NVDMITRE CVE
CVE-2026-45650
NVDMITRE CVE
CVE-2026-49161
NVDMITRE CVE
CVE-2026-45649
NVDMITRE CVE
CVE-2026-44803
NVDMITRE CVE
CVE-2026-44812
NVDMITRE CVE
CVE-2026-32193
NVDMITRE CVE
CVE-2026-47643
NVDMITRE CVE
CVE-2026-41098
NVDMITRE CVE
CVE-2026-45490
NVDMITRE CVE
CVE-2026-45491
NVDMITRE CVE
CVE-2026-45591
NVDMITRE CVE
CVE-2026-45644
NVDMITRE CVE
CVE-2026-45482
NVDMITRE CVE
CVE-2026-40376
NVDMITRE CVE
CVE-2026-47281
NVDMITRE CVE
CVE-2026-47284
NVDMITRE CVE
CVE-2026-47292
NVDMITRE CVE
CVE-2026-48569
NVDMITRE CVE
CVE-2026-47287
NVDMITRE CVE
CVE-2025-10263
NVDMITRE CVE
CVE-2026-44815
NVDMITRE CVE
CVE-2026-47291
NVDMITRE CVE
CVE-2026-45642
NVDMITRE CVE
CVE-2026-45637
NVDMITRE CVE
CVE-2026-45504
NVDMITRE CVE
CVE-2026-45502
NVDMITRE CVE
CVE-2026-45503
NVDMITRE CVE
CVE-2026-45583
NVDMITRE CVE
CVE-2026-45500
NVDMITRE CVE
CVE-2026-45501
NVDMITRE CVE
CVE-2026-47631
NVDMITRE CVE
CVE-2026-42986
NVDMITRE CVE
CVE-2026-41092
NVDMITRE CVE
CVE-2026-45606
NVDMITRE CVE
CVE-2026-42980
NVDMITRE CVE
CVE-2026-42916
NVDMITRE CVE
CVE-2026-47289
NVDMITRE CVE
CVE-2026-47653
NVDMITRE CVE
CVE-2026-48563
NVDMITRE CVE
CVE-2026-42909
NVDMITRE CVE
CVE-2026-42992
NVDMITRE CVE
CVE-2026-44799
NVDMITRE CVE
CVE-2026-44801
NVDMITRE CVE
CVE-2026-42985
NVDMITRE CVE
CVE-2026-42993
NVDMITRE CVE
CVE-2026-45588
NVDMITRE CVE
CVE-2026-48568
NVDMITRE CVE
CVE-2026-48570
NVDMITRE CVE
CVE-2026-48573
NVDMITRE CVE
CVE-2026-48575
NVDMITRE CVE
CVE-2026-48576
NVDMITRE CVE
CVE-2026-48578
NVDMITRE CVE
CVE-2026-45656
NVDMITRE CVE
CVE-2026-8863
NVDMITRE CVE
CVE-2026-34335
NVDMITRE CVE
CVE-2026-45601
NVDMITRE CVE
CVE-2026-45598
NVDMITRE CVE
CVE-2026-45596
NVDMITRE CVE
CVE-2026-45638
NVDMITRE CVE
CVE-2026-45603
NVDMITRE CVE
CVE-2026-42911
NVDMITRE CVE
CVE-2026-45594
NVDMITRE CVE
CVE-2026-45655
NVDMITRE CVE
CVE-2026-45658
NVDMITRE CVE
CVE-2026-50507
NVDMITRE CVE
CVE-2026-45640
NVDMITRE CVE
CVE-2026-45605
NVDMITRE CVE
CVE-2026-47656
NVDMITRE CVE
CVE-2026-45586
NVDMITRE CVE
CVE-2026-42987
NVDMITRE CVE
CVE-2026-33828
NVDMITRE CVE
CVE-2026-45634
NVDMITRE CVE
CVE-2026-45608
NVDMITRE CVE
CVE-2026-41108
NVDMITRE CVE
CVE-2026-42905
NVDMITRE CVE
CVE-2026-42983
NVDMITRE CVE
CVE-2026-44802
NVDMITRE CVE
CVE-2026-45602
NVDMITRE CVE
CVE-2026-42836
NVDMITRE CVE
CVE-2026-42972
NVDMITRE CVE
CVE-2026-45607
NVDMITRE CVE
CVE-2026-45641
NVDMITRE CVE
CVE-2026-45592
NVDMITRE CVE
CVE-2026-42903
NVDMITRE CVE
CVE-2026-42914
NVDMITRE CVE
CVE-2026-47288
NVDMITRE CVE
CVE-2026-48583
NVDMITRE CVE
CVE-2026-45653
NVDMITRE CVE
CVE-2026-42984
NVDMITRE CVE
CVE-2026-45595
NVDMITRE CVE
CVE-2026-48574
NVDMITRE CVE
CVE-2026-45636
NVDMITRE CVE
CVE-2026-50508
NVDMITRE CVE
CVE-2026-45487
NVDMITRE CVE
CVE-2026-42828
NVDMITRE CVE
CVE-2026-42837
NVDMITRE CVE
CVE-2026-42969
NVDMITRE CVE
CVE-2026-42971
NVDMITRE CVE
CVE-2026-42970
NVDMITRE CVE
CVE-2026-42973
NVDMITRE CVE
CVE-2026-42978
NVDMITRE CVE
CVE-2026-42977
NVDMITRE CVE
CVE-2026-42979
NVDMITRE CVE
CVE-2026-42991
NVDMITRE CVE
CVE-2026-45639
NVDMITRE CVE
CVE-2026-42908
NVDMITRE CVE
CVE-2026-45593
NVDMITRE CVE
CVE-2026-42906
NVDMITRE CVE
CVE-2026-42907
NVDMITRE CVE
CVE-2026-47648
NVDMITRE CVE
CVE-2026-42915
NVDMITRE CVE
CVE-2026-42904
NVDMITRE CVE
CVE-2026-42968
NVDMITRE CVE
CVE-2026-42912
NVDMITRE CVE
CVE-2026-40409
NVDMITRE CVE
CVE-2026-40404
NVDMITRE CVE
CVE-2026-45599
NVDMITRE CVE
CVE-2026-45635
NVDMITRE CVE
CVE-2026-42989
NVDMITRE CVE
CVE-2026-40930
NVDMITRE CVE
CVE-2026-40371
NVDMITRE CVE
CVE-2026-44822
NVDMITRE CVE
CVE-2026-45455
NVDMITRE CVE
CVE-2026-45469
NVDMITRE CVE
CVE-2026-44817
NVDMITRE CVE
CVE-2026-44818
NVDMITRE CVE
CVE-2026-44820
NVDMITRE CVE
CVE-2026-44823
NVDMITRE CVE
CVE-2026-45459
NVDMITRE CVE
CVE-2026-47293
NVDMITRE CVE
CVE-2026-45485
NVDMITRE CVE
CVE-2026-44821
NVDMITRE CVE
CVE-2026-45460
NVDMITRE CVE
CVE-2026-45483
NVDMITRE CVE
CVE-2026-45475
NVDMITRE CVE
CVE-2026-45472
NVDMITRE CVE
CVE-2026-45474
NVDMITRE CVE
CVE-2026-44819
NVDMITRE CVE
CVE-2026-44824
NVDMITRE CVE
CVE-2026-45461
NVDMITRE CVE
CVE-2026-45645
NVDMITRE CVE
CVE-2026-45463
NVDMITRE CVE
CVE-2026-45456
NVDMITRE CVE
CVE-2026-45458
NVDMITRE CVE
CVE-2026-47635
NVDMITRE CVE
CVE-2026-45484
NVDMITRE CVE
CVE-2026-45454
NVDMITRE CVE
CVE-2026-47298
NVDMITRE CVE
CVE-2026-45467
NVDMITRE CVE
CVE-2026-45468
NVDMITRE CVE
CVE-2026-45479
NVDMITRE CVE
CVE-2026-45453
NVDMITRE CVE
CVE-2026-47636
NVDMITRE CVE
CVE-2026-47637
NVDMITRE CVE
CVE-2026-47638
NVDMITRE CVE
CVE-2026-47639
NVDMITRE CVE
CVE-2026-47641
NVDMITRE CVE
CVE-2026-33113
NVDMITRE CVE
CVE-2026-45462
NVDMITRE CVE
CVE-2026-45464
NVDMITRE CVE
CVE-2026-45465
NVDMITRE CVE
CVE-2026-47634
NVDMITRE CVE
CVE-2026-47640
NVDMITRE CVE
CVE-2026-45481
NVDMITRE CVE
CVE-2026-48560
NVDMITRE CVE
CVE-2026-48562
NVDMITRE CVE
CVE-2026-42835
NVDMITRE CVE
CVE-2026-45466
NVDMITRE CVE
CVE-2026-45471
NVDMITRE CVE
CVE-2026-45486
NVDMITRE CVE
CVE-2026-45643
NVDMITRE CVE
CVE-2026-45457
NVDMITRE CVE
CVE-2026-11463
NVDMITRE CVE
CVE-2026-50265
NVDMITRE CVE
CVE-2026-50292
NVDMITRE CVE
CVE-2026-10879
NVDMITRE CVE
CVE-2026-50261
NVDMITRE CVE
CVE-2026-50256
NVDMITRE CVE
CVE-2026-50262
NVDMITRE CVE
CVE-2026-50260
NVDMITRE CVE
CVE-2026-50259
NVDMITRE CVE
CVE-2026-50257
NVDMITRE CVE
CVE-2026-50258
NVDMITRE CVE
CVE-2026-50263
NVDMITRE CVE
CVE-2026-45476
NVDMITRE CVE
CVE-2026-26142
NVDMITRE CVE
CVE-2026-45647
NVDMITRE CVE
CVE-2026-44810
NVDMITRE CVE
CVE-2026-47654
NVDMITRE CVE
CVE-2026-42913
NVDMITRE CVE
CVE-2026-45654
NVDMITRE CVE
CVE-2026-45648
NVDMITRE CVE
CVE-2026-42829
NVDMITRE CVE
CVE-2026-44809
NVDMITRE CVE
CVE-2026-44811
NVDMITRE CVE
CVE-2026-44808
NVDMITRE CVE
CVE-2026-44807
NVDMITRE CVE
CVE-2026-44813
NVDMITRE CVE
CVE-2026-44804
NVDMITRE CVE
CVE-2026-48566
NVDMITRE CVE
CVE-2026-44814
NVDMITRE CVE
CVE-2026-42910
NVDMITRE CVE
CVE-2026-47652
NVDMITRE CVE
CVE-2026-45657
NVDMITRE CVE
CVE-2026-45600
NVDMITRE CVE
CVE-2026-45604
NVDMITRE CVE
CVE-2026-48565
NVDMITRE CVE
CVE-2026-44805
NVDMITRE CVE
CVE-2026-42981
NVDMITRE CVE
CVE-2026-42974
NVDMITRE CVE
CVE-2026-45597
NVDMITRE CVE
Source Attribution

Originally published by Rapid7 on Jun 9, 2026.

Related Threats

CRITICALZero Day

GreatXML zero-day BitLocker bypass doesn’t seem to work, yet

A disgruntled researcher who has been publishing zero-day Microsoft Windows vulnerabilities for the past several months released a new exploit Thursday that promises to bypass BitLocker encryption on locked devices. A well respected security expert reported that the exploit doesn’t work as initially described, but the researcher is looking for ways to fix it. Dubbed GreatXML, the exploit is suppos

CSO Online
CRITICALZero Day

ShinyHunters Uses Oracle Zero-Day to Rampage Higher Ed

A major bug in Oracle's ERP software disproportionately affected American universities, and hackers have capitalized by stealing gobs of data.

Dark Reading
MEDIUMVulnerability

In Other News: Google Security Layoffs, AudiA6 Takedown, $400 Million Coupang Fine

Other noteworthy stories that might have slipped under the radar: ICS device exposure remains flat as attack surface widens, Microsoft issues incident response playbook for AI, IBM and AT&T accused of hack cover-ups. The post In Other News: Google Security Layoffs, AudiA6 Takedown, $400 Million Coupang Fine appeared first on SecurityWeek .

SecurityWeek