Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a netwo
CVE-2026-42833
CRITICAL CVSS 9.1
Find Similar
Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.
CVE-2026-42823
CRITICAL CVSS 9.9
Find Similar
Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.
Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally.
Improper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthorized attacker to execute code locally.
Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over
External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.
CVE-2026-41103
CRITICAL CVSS 9.1
Find Similar
Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network.
Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally.
Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-41096
CRITICAL CVSS 9.8
Find Similar
Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.