| CVE-2026-56173 | Use after free in Windows WebView allows an authorized attacker to elevate privileges locally. | high | 2026-07-15 |
| CVE-2026-56169 | Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network. | high | 2026-07-15 |
| CVE-2026-56159 | Heap-based buffer overflow in Windows DHCP Server allows an unauthorized attacker to execute code over a network. | critical | 2026-07-15 |
| CVE-2026-56156 | Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | high | 2026-07-15 |
| CVE-2026-56155 | Insufficient granularity of access control in Active Directory Federation Services (AD FS) allows an authorized attacker to elevate privileges locally. | high | 2026-07-15 |
| CVE-2026-56121 | Feast before 0.63.0 contains an unsafe deserialization vulnerability that allows unauthenticated or unauthorized attackers to achieve remote code execution by sending a crafted gRPC request to the registry server. The user_defined_function.body field of an OnDemandFeatureView spec is decoded from base64 and passed to dill.loads() before any authorization check is performed, enabling attackers to embed a malicious serialized Python object with an arbitrary __reduce__ method to execute OS commands as the feast service account. | critical | 2026-07-15 |
| CVE-2026-5598 | Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core modules). This vulnerability is associated with program files FrodoEngine.Java. This issue affects BC-JAVA: from 1.71 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84. | critical | 2026-07-15 |
| CVE-2026-55949 | Use of uninitialized resource in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | high | 2026-07-15 |
| CVE-2026-55948 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | high | 2026-07-15 |
| CVE-2026-55947 | Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | high | 2026-07-15 |
| CVE-2026-55899 | Stack-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | high | 2026-07-15 |
| CVE-2026-55884 | Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.20.8 through 0.37.3, the Tilt HUD HTTP server registers handlers on a gorilla/mux router with no authenticating middleware. When the HUD is bound to a non-loopback address, an unauthenticated network caller can trigger developer-defined resources, tamper with Tiltfile arguments, read full engine state including the session token, and invoke apiserver resources through the token-attaching /proxy handler. This issue is fixed in version 0.37.4. | critical | 2026-07-15 |
| CVE-2026-5588 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all (pkix modules), Legion of the Bouncy Castle Inc. BCPKIX-FIPS bcpkix on All (pkix modules), Legion of the Bouncy Castle Inc. BCPIX-LTS bcpkix on All (pkix modules). This vulnerability is associated with program files JcaContentVerifierProviderBuilder.Java, JcaContentVerfierProviderBuilder.Java. This issue affects BC-JAVA: from 1.67 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84; BCPKIX-FIPS: from 2.0.6 before 2.0.11, from 2.1.7 before 2.1.11; BCPIX-LTS: from 2.73.7 before 2.73.11. | medium | 2026-07-15 |
| CVE-2026-55827 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.27.1, FreeRDP clients launched with the non-default /cache:codec:rfx option pass desktop stride and height to RemoteFX decoding for Cache Bitmap V3 data while allocating bitmap->data only for the smaller DstWidth and DstHeight in gdi_Bitmap_Decompress, allowing a malicious RDP server to trigger a heap out-of-bounds write with attacker-controlled offset and content. This issue is fixed in version 3.27.1. | high | 2026-07-15 |
| CVE-2026-55175 | Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to versions 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4 on their respective release lines, Kustomize bake operations allow unsafe YAML tag processing in rosco manifests. This can lead to remote code execution on rosco pods when performing Kustomize bakes. This issue is fixed in versions 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4. | high | 2026-07-15 |
| CVE-2026-55141 | Stack-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | high | 2026-07-15 |
| CVE-2026-55140 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | high | 2026-07-15 |
| CVE-2026-55137 | Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | high | 2026-07-15 |
| CVE-2026-55136 | Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | high | 2026-07-15 |
| CVE-2026-55134 | Stack-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally. | high | 2026-07-15 |
| CVE-2026-55132 | Double free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | high | 2026-07-15 |
| CVE-2026-55131 | Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | high | 2026-07-15 |
| CVE-2026-55129 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | high | 2026-07-15 |
| CVE-2026-55128 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | high | 2026-07-15 |
| CVE-2026-55127 | Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally. | high | 2026-07-15 |
| CVE-2026-55126 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | high | 2026-07-15 |
| CVE-2026-55125 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | high | 2026-07-15 |
| CVE-2026-55123 | Heap-based buffer overflow in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. | high | 2026-07-15 |
| CVE-2026-55120 | Heap-based buffer overflow in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. | high | 2026-07-15 |
| CVE-2026-55058 | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | high | 2026-07-15 |
| CVE-2026-55056 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | high | 2026-07-15 |
| CVE-2026-55055 | Stack-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally. | high | 2026-07-15 |
| CVE-2026-55054 | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network. | medium | 2026-07-15 |
| CVE-2026-55053 | Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | high | 2026-07-15 |
| CVE-2026-55052 | Missing authorization in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network. | high | 2026-07-15 |
| CVE-2026-55049 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | high | 2026-07-15 |
| CVE-2026-55048 | Integer overflow or wraparound in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | high | 2026-07-15 |
| CVE-2026-55046 | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | medium | 2026-07-15 |
| CVE-2026-55045 | Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally. | high | 2026-07-15 |
| CVE-2026-55044 | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | high | 2026-07-15 |
| CVE-2026-55043 | Heap-based buffer overflow in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. | high | 2026-07-15 |
| CVE-2026-55041 | Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | high | 2026-07-15 |
| CVE-2026-55040 | Weak authentication in Microsoft Office SharePoint allows an unauthorized attacker to bypass a security feature over a network. | critical | 2026-07-15 |
| CVE-2026-55039 | Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | high | 2026-07-15 |
| CVE-2026-55038 | Stack-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally. | high | 2026-07-15 |
| CVE-2026-55037 | Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | high | 2026-07-15 |
| CVE-2026-55036 | Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | high | 2026-07-15 |
| CVE-2026-55034 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | high | 2026-07-15 |
| CVE-2026-55033 | Integer overflow or wraparound in Microsoft Office Word allows an unauthorized attacker to execute code locally. | high | 2026-07-15 |
| CVE-2026-55032 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | high | 2026-07-15 |