These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-50519 is a medium-severity vulnerability (CVSS score of 6.5) affecting GitHub Copilot and Visual Studio Code. The vulnerability allows an unauthorized attacker to disclose information over a network due to the initialization of a resource with an insecure default. This CVE was published on June 19, 2026, and has not been modified since its publication. The affected product and vendor are not expl [truncated]
CVE-2026-48582 is a critical vulnerability in Microsoft Exchange Online that allows an authorized attacker to elevate privileges over a network. The vulnerability has a CVSS score of 9.6 and is classified as CRITICAL. The issue was published on June 19, 2026, and defenders should prioritize patching to limit exposure. This vulnerability affects Microsoft Exchange Online, and defenders should verify the af [truncated]
CVE-2026-47645 is a high-severity open redirect vulnerability in Microsoft 365 Copilot's Business Chat. The CVSS score is 8.8, indicating a significant risk. The vulnerability allows an unauthorized attacker to elevate privileges over a network. Microsoft 365 Copilot users are potentially exposed. The CVE was published on June 19, 2026, and no changes have been made since then. Defenders should prioritize [truncated]
CVE-2026-42895 is a medium-severity vulnerability in Microsoft Copilot, allowing unauthorized attackers to perform tampering over a network via command injection. The vulnerability has a CVSS score of 6.5. Microsoft Copilot users may be exposed if they haven't applied mitigations. The priority posture for defenders is to verify and apply official patches promptly.
CVE-2026-47647 is a critical vulnerability in Microsoft Dynamics 365 that allows an authorized attacker to elevate privileges over a network. This improper access control vulnerability has a CVSS score of 9.9 and is considered critical. The vulnerability was published on June 18, 2026, and has not been modified since. Microsoft Dynamics 365 users should take immediate action to mitigate this vulnerability [truncated]
CVE-2026-47633 is a HIGH-severity vulnerability (CVSS score 7.5) that allows unauthorized disclosure of sensitive information over a network in Cost Management Interactive Experiences. Published on June 18, 2026, by the CVE Program, this vulnerability is attributed to an unknown vendor, possibly Microsoft, based on limited evidence. The vulnerability enables attackers to access sensitive data without auth [truncated]
CVE-2026-32174 is a HIGH-severity vulnerability in Azure Bot Service, allowing authorized attackers to elevate privileges over a network due to improper authentication. This issue was published on June 18, 2026. Organizations using Azure Bot Service should review and update their configurations to prevent potential exploitation. Microsoft is the likely vendor, although confirmation is needed. The CVE reco [truncated]
CVE-2026-50656 is an elevation of privilege vulnerability in the Microsoft Malware Protection Engine in Microsoft Defender, publicly referred to as 'RoguePlanet'. Microsoft is aware of this vulnerability and is working to provide a high-quality security update to address it. The vulnerability has a CVSS score of 7.8 and is classified as HIGH severity.
CVE-2026-8863 is a HIGH severity vulnerability with a CVSS score of 7.8. Multiple Microsoft-signed UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerable shim bootloaders to bypass Secure Boot protections and execute arbitrary code before the operating system loads. A specific UEFI DBX [truncated]
CVE-2026-50512 is a HIGH-severity vulnerability with a CVSS score of 7.8. It involves improper link resolution before file access, also known as 'link following,' in Microsoft PC Manager. This vulnerability allows an authorized attacker to elevate privileges locally.
CVE-2026-50511 is a HIGH-severity vulnerability (CVSS Score: 7.8) affecting Microsoft PC Manager. The vulnerability is caused by improper link resolution before file access, also known as 'link following.' An authorized attacker can exploit this vulnerability to elevate privileges locally.
CVE-2026-50508 is a vulnerability in Windows NTLM that allows an unauthorized attacker to perform spoofing over a network. The vulnerability has a CVSS score of 6.5 and a severity of MEDIUM. It was published on 2026-06-09T17:17:50.027Z and last modified on 2026-06-09T19:32:51.440Z.
CVE-2026-50507 is a protection mechanism failure in Windows BitLocker that allows an unauthorized attacker to bypass a security feature with a physical attack. The vulnerability has a CVSS score of 6.8 and a severity of MEDIUM. It was published on 2026-06-09T17:17:49.857Z and modified on 2026-06-10T16:33:09.777Z.
CVE-2026-49161 is a high-severity vulnerability in Microsoft PC Manager, with a CVSS score of 7.8. The vulnerability is caused by improper access control, allowing an authorized attacker to bypass a security feature locally. The vulnerability was published on [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-49161) and details can be found on [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-49161).
CVE-2026-49160 is a HIGH severity vulnerability with a CVSS score of 7.5. The vulnerability is caused by uncontrolled resource consumption in HTTP/2, which allows an unauthorized attacker to deny service over a network. The vulnerability affects multiple Microsoft products, including Windows 10, Windows 11, and Windows Server.
CVE-2026-48583 is a use-after-free vulnerability in the Windows Kernel. An authorized attacker can exploit this vulnerability to elevate privileges locally. The vulnerability has a CVSS score of 7.8 and is classified as HIGH severity.
CVE-2026-48578 is a protection mechanism failure in Windows Secure Boot, enabling an authorized attacker to bypass a security feature locally. The vulnerability has a CVSS score of 7.9 and is classified as HIGH severity. It was published on 2026-06-09T17:17:46.550Z and modified on 2026-06-10T15:13:10.440Z.
CVE-2026-48576 is a protection mechanism failure in Windows Secure Boot, enabling an authorized attacker to bypass a security feature locally. The vulnerability has a CVSS score of 7.9 and is classified as HIGH severity. It was published on 2026-06-09T17:17:46.373Z and modified on 2026-06-10T15:14:17.117Z.
A protection mechanism failure in Windows Secure Boot, tracked as CVE-2026-48575, allows an authorized attacker to bypass a security feature locally. This vulnerability has a CVSS score of 7.9, indicating a high severity level. The vulnerability was published on 2026-06-09T17:17:46.200Z and modified on 2026-06-10T15:15:32.757Z.
CVE-2026-48574 is a heap-based buffer overflow vulnerability in Windows Media. The vulnerability has a CVSS score of 7.8 and is classified as HIGH severity. An unauthorized attacker can exploit this vulnerability to execute code locally.
CVE-2026-48573 is a protection mechanism failure in Windows Secure Boot, which allows an authorized attacker to bypass a security feature locally. The vulnerability has a CVSS score of 7.9 and is classified as HIGH severity. Microsoft is the affected vendor.
CVE-2026-48570 is a protection mechanism failure in Windows Secure Boot, enabling an authorized attacker to bypass a security feature locally. The vulnerability has a CVSS score of 7.9 and is classified as HIGH severity. It was published on 2026-06-09T17:17:45.657Z and modified on 2026-06-10T17:17:05.100Z.
CVE-2026-48569 is a HIGH-severity vulnerability in Microsoft Visual Studio Code. The vulnerability, which has a CVSS score of 7.1, is caused by improper input validation, allowing an unauthorized attacker to bypass a security feature locally. The CVE was published on 2026-06-09T17:17:45.527Z and last modified on 2026-06-12T16:57:37.930Z.
CVE-2026-48562 is a MEDIUM severity vulnerability in Microsoft Office SharePoint, with a CVSS score of 4.6. The vulnerability is caused by improper neutralization of input during web page generation, allowing an authorized attacker to perform spoofing over a network. The vulnerability was published on [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-48562) and details can be found on [nvd](https://nvd. [truncated]
CVE-2026-48560 is a MEDIUM-severity vulnerability (CVSS Score: 5.4) affecting Microsoft Office SharePoint. The vulnerability involves improper neutralization of input during web page generation, allowing an authorized attacker to perform spoofing over a network. The vulnerability was published on 2026-06-09T17:17:44.633Z and last modified on 2026-06-12T15:41:27.713Z.
CVE-2026-47654 is a high-severity vulnerability in the Remote Desktop Client that allows an unauthorized attacker to execute code over a network. The vulnerability has a CVSS score of 7.5 and is classified as HIGH. It was published on 2026-06-09T17:17:36.933Z and modified on 2026-06-12T17:27:29.240Z.
CVE-2026-47653 is a high-severity vulnerability in the Remote Desktop Client that allows an unauthorized attacker to execute code over a network. The vulnerability has a CVSS score of 8.8 and is classified as HIGH. It was published on 2026-06-09T17:17:36.753Z and modified on 2026-06-12T17:32:09.043Z.
CVE-2026-47298 is a HIGH severity vulnerability in Microsoft Office SharePoint. The vulnerability is caused by improper authorization, allowing an authorized attacker to execute code over a network. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 8. The vulnerability affects Microsoft SharePoint Server, specifically versions 2016, 2019, and Subscription.
CVE-2026-47289 is a high-severity vulnerability in the Remote Desktop Client, allowing unauthorized attackers to execute code over a network. The vulnerability has a CVSS score of 8.8 and is classified as HIGH. It was published on 2026-06-09T17:17:34.453Z and modified on 2026-06-12T17:39:08.270Z.
CVE-2026-45655 is a protection mechanism failure in Windows BitLocker that allows an unauthorized attacker to bypass a security feature with a physical attack. The vulnerability has a CVSS score of 5.3 and a severity of MEDIUM. It was published on 2026-06-09T17:17:32.587Z and modified on 2026-06-11T18:48:49.223Z.
CVE-2026-45654 is a HIGH-severity vulnerability in Windows Secure Boot, allowing an authorized attacker to bypass a security feature locally. The vulnerability has a CVSS score of 7.9 and was published on 2026-06-09T17:17:32.460Z. The CVE was modified on 2026-06-11T18:51:33.450Z. The vulnerability affects multiple versions of Windows 11 and Windows Server 2025.
CVE-2026-45653 is a HIGH severity vulnerability in the Windows Kernel. It is a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally. The vulnerability was published on 2026-06-09T17:17:32.287Z and modified on 2026-06-11T18:54:22.730Z. The CVSS score is 7. The vulnerability affects multiple versions of Windows 10, Windows 11, and Windows Server.
CVE-2026-45648 is a stack-based buffer overflow vulnerability in Active Directory Domain Services. This HIGH severity vulnerability has a CVSS score of 8.8 and allows an authorized attacker to execute code over a network. The vulnerability was published on [cvePublishedAt] and last modified on [cveModifiedAt].
CVE-2026-45645 is a heap-based buffer overflow vulnerability in Microsoft Office. The vulnerability has a CVSS score of 7.8 and is classified as HIGH severity. The vulnerability was published on 2026-06-09T17:17:31.667Z and last modified on 2026-06-09T19:32:51.440Z. The vendor of the affected product is currently listed as Unknown Vendor, but evidence suggests that the vendor may be Microsoft (see [refere [truncated]
CVE-2026-45644 is a HIGH severity vulnerability in Microsoft Live Share Canvas SDK with a CVSS score of 8. The vulnerability is caused by improper neutralization of input during web page generation, allowing an authorized attacker to elevate privileges over a network. The vulnerability was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-45644) and last modified on [cveModifiedAt](h [truncated]
CVE-2026-45642 is a LOW-severity vulnerability in Microsoft Azure Attestation service and Device Health Attestation Service. It allows an authorized attacker to perform spoofing with a physical attack due to improper input validation. The vulnerability was published on 2026-06-09 and modified on 2026-06-11.
CVE-2026-45641 is a HIGH severity vulnerability in Windows Hyper-V that allows an unauthorized attacker to execute code locally. The vulnerability has a CVSS score of 8.4 and was published on 2026-06-09T17:17:31.100Z. The vulnerability was modified on 2026-06-11T17:42:07.063Z.
CVE-2026-45640 is a high-severity vulnerability in the Windows Bluetooth Port Driver. It is caused by a use-after-free weakness, which allows an authorized attacker to elevate privileges locally. The vulnerability has a CVSS score of 7 and is classified as HIGH severity.
CVE-2026-45638 is a use-after-free vulnerability in the Windows Ancillary Function Driver for WinSock. This vulnerability has a CVSS score of 7.8 and is classified as HIGH severity. An authorized attacker can exploit this vulnerability to elevate privileges locally.
CVE-2026-45637 is a use-after-free vulnerability in the Windows DWM Core Library. An authorized attacker can exploit this vulnerability locally to elevate privileges. The vulnerability has a CVSS score of 7.8 and is classified as HIGH severity.
CVE-2026-45636 is a high-severity vulnerability in Windows NTFS that allows an unauthorized attacker to execute code locally. The vulnerability has a CVSS score of 7.8 and was published on 2026-06-09T17:17:30.270Z. It affects various versions of Windows 10, Windows 11, and Windows Server.
CVE-2026-45635 is a HIGH severity vulnerability in Microsoft Windows. A use after free vulnerability in Universal Plug and Play (upnp.dll) allows an attacker to execute code over a network. The vulnerability has a CVSS score of 8.1 and was published on 2026-06-09T17:17:30.100Z. The vulnerability affects multiple versions of Microsoft Windows, including Windows 10, Windows 11, and Windows Server.
CVE-2026-45607 is a HIGH severity vulnerability in Windows Hyper-V that allows an unauthorized attacker to execute code locally. The vulnerability has a CVSS score of 8.4 and was published on 2026-06-09T17:17:29.563Z. The vulnerability affects multiple versions of Windows 10, Windows 11, and Windows Server.
CVE-2026-45606 is a medium-severity vulnerability in the Microsoft UxTheme Library (uxtheme.dll). An authorized attacker can exploit this out-of-bounds read vulnerability to deny service locally. The vulnerability has a CVSS score of 5.5 and was published on 2026-06-09.
CVE-2026-45605 is a use-after-free vulnerability in the Windows Bluetooth Service. An authorized attacker can exploit this vulnerability locally to elevate privileges. The vulnerability has a CVSS score of 7.8 and is classified as HIGH severity.
CVE-2026-45604 is a MEDIUM severity vulnerability with a CVSS score of 5.5. It is an out-of-bounds read issue in the Windows Application Identity (AppID) Subsystem that allows an authorized attacker to disclose information locally. The vulnerability was published on [cvePublishedAt]2026-06-09T17:17:29.097Z[/cvePublishedAt] and last modified on [cveModifiedAt]2026-06-11T18:40:43.393Z[/cveModifiedAt].
CVE-2026-45603 is a HIGH severity vulnerability in Windows Ancillary Function Driver for WinSock. The vulnerability is caused by a use-after-free issue, which allows an authorized attacker to elevate privileges locally. The CVSS score for this vulnerability is 7.0, with a CVSS vector of CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H.
CVE-2026-45601 is a HIGH severity vulnerability in Windows Ancillary Function Driver for WinSock. The vulnerability is caused by a use-after-free issue, which allows an authorized attacker to elevate privileges locally. The CVSS score for this vulnerability is 7.0, with a CVSS vector of CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H.
CVE-2026-45599 is a HIGH severity vulnerability in Microsoft Windows. This use after free vulnerability in Universal Plug and Play (upnp.dll) allows an attacker to execute code over a network. The vulnerability was published on 2026-06-09 and modified on 2026-06-11.
CVE-2026-45598 is a HIGH severity vulnerability in Windows Ancillary Function Driver for WinSock. The vulnerability is caused by a use-after-free issue, which allows an authorized attacker to elevate privileges locally. The CVSS score for this vulnerability is 7.0, with a CVSS vector of CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H.
