Microsoft

A critical missing authorization vulnerability, CVE-2026-48582, in Microsoft Exchange Online allows an already authenticated attacker to elevate their privileges over the network, potentially leading to unauthorized access to sensitive data or configuration changes within affected organizations.

CVE-2026-47647 describes a critical improper access control vulnerability in Microsoft Dynamics 365 that allows an authorized attacker to elevate privileges over a network, potentially leading to full compromise of the affected system.

Multiple vulnerabilities, CVE-2026-45491 and CVE-2026-45591, have been discovered in Microsoft .Net and ASP.NET Core versions, allowing a remote attacker to cause a denial of service and compromise data integrity across Windows, Linux, and macOS platforms.

CVE-2026-46107 is a reported vulnerability in dm-thin, leading to a metadata refcount underflow.

CVE-2026-45842 is an unspecified vulnerability affecting Microsoft products, requiring further investigation to determine the specific attack vector, impact, and affected systems.

CVE-2026-45843 is a Microsoft vulnerability with unspecified details at the time of this brief.

CVE-2026-45932 is a vulnerability affecting the bpf component, related to tcx/netkit detach permissions when the prog fd isn't given, requiring a security update from Microsoft.

CVE-2026-41090 is a command injection vulnerability in Microsoft Copilot, allowing an unauthorized attacker to perform tampering over a network.

CVE-2026-23652 is a critical command injection vulnerability in Microsoft Power Pages, allowing an unauthorized attacker to execute arbitrary code over the network by injecting commands.

CVE-2026-45736 is an uninitialized memory disclosure vulnerability affecting Microsoft products, potentially allowing an attacker to read sensitive information from process memory.

CVE-2026-6429 is a credential leak vulnerability affecting Microsoft products.

CVE-2026-41615 describes a vulnerability in Microsoft Authenticator where sensitive information exposure to an unauthorized actor could lead to information disclosure over a network.

CVE-2026-42257 is a command injection vulnerability in net-imap that could allow an attacker to execute arbitrary commands on a vulnerable system.

Microsoft released details for CVE-2024-26756, an unspecified vulnerability affecting Microsoft products, but provided no further information.

CVE-2024-26757 is an unspecified vulnerability in a Microsoft product, potentially allowing an attacker to perform unauthorized actions.

Microsoft published CVE-2026-25833, a security vulnerability for which details are currently unavailable, impacting systems and requiring further investigation upon release of additional information.

Microsoft has published information regarding the vulnerability CVE-2025-66442; details are currently unavailable, limiting specific analysis and detection strategies.

Microsoft has published information regarding the vulnerability CVE-2026-25835, but details about the vulnerability, affected products, and exploitation are currently unavailable.

CVE-2026-37457 is a vulnerability affecting a Microsoft product, for which details are currently unavailable.

CVE-2026-37555 is a vulnerability affecting a Microsoft product, requiring further investigation upon patch release.

Microsoft published information regarding CVE-2026-30656, but the details of the vulnerability are not available.

CVE-2026-41526 is a vulnerability affecting an unspecified Microsoft product, requiring further investigation upon patch release for exploitation details.

CVE-2026-41080 is a vulnerability affecting a Microsoft product; the specific product, impact, and exploitation details are currently undisclosed.

CVE-2026-22005 is a newly published vulnerability affecting a Microsoft product, requiring further investigation to determine the specific product, attack vector, and potential impact.

Microsoft has released information regarding the vulnerability CVE-2026-22004, but details about the vulnerability and its exploitation are currently unavailable.

Microsoft has published information regarding CVE-2026-35236, but no details about the vulnerability or its exploitation are currently available.

CVE-2026-34303 is a vulnerability affecting an unspecified Microsoft product, requiring further investigation upon disclosure of details.

Microsoft released a security update for CVE-2026-41254, a vulnerability with unspecified details.

An unauthenticated attacker can cause a denial of service by crashing Microsoft VPN Browser+ 1.1.0.0 via oversized input to the search functionality, leading to application termination.

CVE-2026-34293 is an unspecified vulnerability affecting a Microsoft product, for which details are currently unavailable, posing a potential risk to affected systems.

CVE-2017-3736 is a vulnerability tracked by Microsoft, potentially leading to exploitation of affected systems.

CVE-2017-3735 is a vulnerability impacting Microsoft products, potentially allowing unauthorized access or code execution.