Updated CVEs

IDDescriptionSeverityUpdated
CVE-2026-56173Use after free in Windows WebView allows an authorized attacker to elevate privileges locally.
high
2026-07-15
CVE-2026-56169Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
high
2026-07-15
CVE-2026-56159Heap-based buffer overflow in Windows DHCP Server allows an unauthorized attacker to execute code over a network.
critical
2026-07-15
CVE-2026-56156Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
high
2026-07-15
CVE-2026-56155Insufficient granularity of access control in Active Directory Federation Services (AD FS) allows an authorized attacker to elevate privileges locally.
high
2026-07-15
CVE-2026-56121Feast before 0.63.0 contains an unsafe deserialization vulnerability that allows unauthenticated or unauthorized attackers to achieve remote code execution by sending a crafted gRPC request to the registry server. The user_defined_function.body field of an OnDemandFeatureView spec is decoded from base64 and passed to dill.loads() before any authorization check is performed, enabling attackers to embed a malicious serialized Python object with an arbitrary __reduce__ method to execute OS commands as the feast service account.
critical
2026-07-15
CVE-2026-5598Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core modules). This vulnerability is associated with program files FrodoEngine.Java. This issue affects BC-JAVA: from 1.71 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84.
critical
2026-07-15
CVE-2026-55949Use of uninitialized resource in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
high
2026-07-15
CVE-2026-55948Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
high
2026-07-15
CVE-2026-55947Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
high
2026-07-15
CVE-2026-55899Stack-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
high
2026-07-15
CVE-2026-55884Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.20.8 through 0.37.3, the Tilt HUD HTTP server registers handlers on a gorilla/mux router with no authenticating middleware. When the HUD is bound to a non-loopback address, an unauthenticated network caller can trigger developer-defined resources, tamper with Tiltfile arguments, read full engine state including the session token, and invoke apiserver resources through the token-attaching /proxy handler. This issue is fixed in version 0.37.4.
critical
2026-07-15
CVE-2026-5588Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all (pkix modules), Legion of the Bouncy Castle Inc. BCPKIX-FIPS bcpkix on All (pkix modules), Legion of the Bouncy Castle Inc. BCPIX-LTS bcpkix on All (pkix modules). This vulnerability is associated with program files JcaContentVerifierProviderBuilder.Java, JcaContentVerfierProviderBuilder.Java. This issue affects BC-JAVA: from 1.67 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84; BCPKIX-FIPS: from 2.0.6 before 2.0.11, from 2.1.7 before 2.1.11; BCPIX-LTS: from 2.73.7 before 2.73.11.
medium
2026-07-15
CVE-2026-55827FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.27.1, FreeRDP clients launched with the non-default /cache:codec:rfx option pass desktop stride and height to RemoteFX decoding for Cache Bitmap V3 data while allocating bitmap->data only for the smaller DstWidth and DstHeight in gdi_Bitmap_Decompress, allowing a malicious RDP server to trigger a heap out-of-bounds write with attacker-controlled offset and content. This issue is fixed in version 3.27.1.
high
2026-07-15
CVE-2026-55175Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to versions 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4 on their respective release lines, Kustomize bake operations allow unsafe YAML tag processing in rosco manifests. This can lead to remote code execution on rosco pods when performing Kustomize bakes. This issue is fixed in versions 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4.
high
2026-07-15
CVE-2026-55141Stack-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
high
2026-07-15
CVE-2026-55140Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
high
2026-07-15
CVE-2026-55137Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
high
2026-07-15
CVE-2026-55136Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
high
2026-07-15
CVE-2026-55134Stack-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.
high
2026-07-15
CVE-2026-55132Double free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
high
2026-07-15
CVE-2026-55131Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
high
2026-07-15
CVE-2026-55129Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
high
2026-07-15
CVE-2026-55128Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
high
2026-07-15
CVE-2026-55127Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.
high
2026-07-15
CVE-2026-55126Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
high
2026-07-15
CVE-2026-55125Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
high
2026-07-15
CVE-2026-55123Heap-based buffer overflow in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
high
2026-07-15
CVE-2026-55120Heap-based buffer overflow in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
high
2026-07-15
CVE-2026-55058Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
high
2026-07-15
CVE-2026-55056Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
high
2026-07-15
CVE-2026-55055Stack-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.
high
2026-07-15
CVE-2026-55054Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.
medium
2026-07-15
CVE-2026-55053Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
high
2026-07-15
CVE-2026-55052Missing authorization in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.
high
2026-07-15
CVE-2026-55049Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
high
2026-07-15
CVE-2026-55048Integer overflow or wraparound in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
high
2026-07-15
CVE-2026-55046Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
medium
2026-07-15
CVE-2026-55045Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.
high
2026-07-15
CVE-2026-55044Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
high
2026-07-15
CVE-2026-55043Heap-based buffer overflow in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
high
2026-07-15
CVE-2026-55041Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
high
2026-07-15
CVE-2026-55040Weak authentication in Microsoft Office SharePoint allows an unauthorized attacker to bypass a security feature over a network.
critical
2026-07-15
CVE-2026-55039Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
high
2026-07-15
CVE-2026-55038Stack-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.
high
2026-07-15
CVE-2026-55037Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
high
2026-07-15
CVE-2026-55036Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
high
2026-07-15
CVE-2026-55034Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
high
2026-07-15
CVE-2026-55033Integer overflow or wraparound in Microsoft Office Word allows an unauthorized attacker to execute code locally.
high
2026-07-15
CVE-2026-55032Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
high
2026-07-15