{"resultsPerPage":28,"startIndex":0,"totalResults":28,"format":"NVD_CVE","version":"2.0","timestamp":"2026-07-17T13:44:31.792","vulnerabilities":[{"cve":{"id":"CVE-2026-39808","sourceIdentifier":"psirt@fortinet.com","published":"2026-04-14T16:16:44.860","lastModified":"2026-07-17T05:16:38.870","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via <insert attack vector here>"}],"affected":[{"source":"psirt@fortinet.com","affectedData":[{"vendor":"Fortinet","product":"FortiSandbox","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortisandbox:4.4.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:*"],"versions":[{"version":"4.4.0","lessThanOrEqual":"4.4.8","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiSandbox PaaS","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortisandboxpaas:23.4.4374:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandboxpaas:23.4.4350:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandboxpaas:23.3.4329:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandboxpaas:23.1.4245:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandboxpaas:22.2.4151:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandboxpaas:22.2.4134:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandboxpaas:22.1.4113:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandboxpaas:21.4.4072:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandboxpaas:21.3.4055:*:*:*:*:*:*:*"],"versions":[{"version":"23.4.4374","status":"affected"},{"version":"23.4.4350","status":"affected"},{"version":"23.3.4329","status":"affected"},{"version":"23.1.4245","status":"affected"},{"version":"22.2.4151","status":"affected"},{"version":"22.2.4134","status":"affected"},{"version":"22.1.4113","status":"affected"},{"version":"21.4.4072","status":"affected"},{"version":"21.3.4055","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-14T00:00:00+00:00","id":"CVE-2026-39808","options":[{"exploitation":"active"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"cisaExploitAdd":"2026-07-16","cisaActionDue":"2026-07-19","cisaRequiredAction":"Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.","cisaVulnerabilityName":"Fortinet FortiSandbox OS Command Injection Vulnerability","weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.0","versionEndIncluding":"4.4.9","matchCriteriaId":"94FFE14D-51FF-4D31-A0FD-5B0877081A04"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-26-100","source":"psirt@fortinet.com","tags":["Vendor Advisory"]},{"url":"https://github.com/samu-delucas/CVE-2026-39808","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-39808","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}},{"cve":{"id":"CVE-2026-25089","sourceIdentifier":"psirt@fortinet.com","published":"2026-06-09T16:16:39.943","lastModified":"2026-07-17T05:16:38.687","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may allow an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP requests"}],"affected":[{"source":"psirt@fortinet.com","affectedData":[{"vendor":"Fortinet","product":"FortiSandbox","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortisandbox:5.0.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:5.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:5.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:5.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.4.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.2.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.2.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.2.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.2.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.2.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.2.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.2.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.2.1:*:*:*:*:*:*:*"],"versions":[{"version":"5.0.0","lessThanOrEqual":"5.0.5","versionType":"semver","status":"affected"},{"version":"4.4.0","lessThanOrEqual":"4.4.8","versionType":"semver","status":"affected"},{"version":"4.2.1","lessThanOrEqual":"4.2.8","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiSandbox Cloud","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortisandboxcloud:5.0.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandboxcloud:5.0.4:*:*:*:*:*:*:*"],"versions":[{"version":"5.0.4","lessThanOrEqual":"5.0.5","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiSandbox PaaS","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortisandboxpaas:5.0.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandboxpaas:5.0.4:*:*:*:*:*:*:*"],"versions":[{"version":"5.0.4","lessThanOrEqual":"5.0.5","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-09T00:00:00+00:00","id":"CVE-2026-25089","options":[{"exploitation":"active"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"cisaExploitAdd":"2026-07-16","cisaActionDue":"2026-07-19","cisaRequiredAction":"Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.","cisaVulnerabilityName":"Fortinet FortiSandbox OS Command Injection Vulnerability","weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*","versionStartIncluding":"4.2.0","versionEndIncluding":"4.2.8","matchCriteriaId":"814D77BE-F536-42DE-B068-F92B95D68248"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.0","versionEndExcluding":"4.4.9","matchCriteriaId":"0025C9C0-8D61-4563-96F9-F4E09DD83B26"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"5.0.6","matchCriteriaId":"3AAEF316-2134-4398-911C-E7532CD3AFF2"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisandbox_cloud:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.4","versionEndExcluding":"5.0.6","matchCriteriaId":"D479507F-4DD8-4455-A8DB-138AD56C6822"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisandbox_paas:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.4","versionEndExcluding":"5.0.6","matchCriteriaId":"61A9A2E9-3086-4172-B3A3-212873B8C4A9"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-26-141","source":"psirt@fortinet.com","tags":["Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-25089","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}},{"cve":{"id":"CVE-2026-49800","sourceIdentifier":"secure@microsoft.com","published":"2026-07-14T17:16:56.193","lastModified":"2026-07-17T05:16:39.157","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Integer overflow or wraparound in Windows Web Proxy Auto-Discovery Protocol (WPAD) allows an authorized attacker to elevate privileges locally."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Windows 10 Version 1809","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 21H2","platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.19044.0","lessThan":"10.0.19044.7548","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 22H2","platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.19045.0","lessThan":"10.0.19045.7548","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 24H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 25H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26200.0","lessThan":"10.0.26200.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 version 26H1","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.28000.0","lessThan":"10.0.28000.2269","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2019","platforms":["x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2019 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2022","platforms":["x64-based Systems"],"versions":[{"version":"10.0.20348.0","lessThan":"10.0.20348.5386","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T00:00:00+00:00","id":"CVE-2026-49800","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"},{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.17763.9020","matchCriteriaId":"643F21D8-3A5B-477D-AFFC-2451DDC472CC"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.17763.9020","matchCriteriaId":"A68E51D8-C76C-4C9E-9CBD-C7D4D4BCDFAA"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.19044.7548","matchCriteriaId":"038B4A9C-95B9-440A-83A2-AF10BC24590C"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.19044.7548","matchCriteriaId":"FCA35115-58F4-4015-9CA2-C33F45605AA6"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.19044.7548","matchCriteriaId":"02C2F9D5-439A-45D2-98EB-08DB85673712"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.19045.7548","matchCriteriaId":"80F87C10-5D02-4EC9-B1A4-8FD7F6CFE758"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.19045.7548","matchCriteriaId":"048B08D3-1959-47C0-A592-FCF0DCCD65A4"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.19045.7548","matchCriteriaId":"A41562FD-04BC-4FC3-B847-D87D164A9C15"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.26100.8875","matchCriteriaId":"6D55C01A-5908-4CFC-BEB6-BBF3B6F0C5AF"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26100.8875","matchCriteriaId":"740B730D-AEC5-4735-A122-B1CF8B3C364C"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.26200.8875","matchCriteriaId":"E26E96B6-1469-46AE-9CB5-AB7A0372C398"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26200.8875","matchCriteriaId":"DDBCA9E4-7BFB-423A-B7A7-9CBF5625053D"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.28000.2269","matchCriteriaId":"8967AF79-CAD0-4F87-85A5-95D031C9FEFA"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.28000.2525","matchCriteriaId":"8E90830B-0BD1-4D01-9C7D-0F0E1828A0F5"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.17763.9020","matchCriteriaId":"D0E1AB94-0B38-4BB7-94EB-988EA266D6D5"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.20348.5386","matchCriteriaId":"9E9A0C18-3AD2-4E59-97AF-A2343E466929"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.26100.33158","matchCriteriaId":"22BE2FE9-37B9-4FF2-B43A-60A3518E0F08"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-49800","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-50311","sourceIdentifier":"secure@microsoft.com","published":"2026-07-14T17:16:59.090","lastModified":"2026-07-17T05:16:39.320","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper access control in Windows Server allows an authorized attacker to elevate privileges locally."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Windows 10 Version 1607","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"10.0.14393.0","lessThan":"10.0.14393.9339","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 1809","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 21H2","platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.19044.0","lessThan":"10.0.19044.7548","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 22H2","platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.19045.0","lessThan":"10.0.19045.7548","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 24H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 25H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26200.0","lessThan":"10.0.26200.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 version 26H1","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.28000.0","lessThan":"10.0.28000.2269","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2012","platforms":["x64-based Systems"],"versions":[{"version":"6.2.9200.0","lessThan":"6.2.9200.26226","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2012 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"6.2.9200.0","lessThan":"6.2.9200.26226","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2012 R2","platforms":["x64-based Systems"],"versions":[{"version":"6.3.9600.0","lessThan":"6.3.9600.23291","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2012 R2 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"6.3.9600.0","lessThan":"6.3.9600.23291","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2016","platforms":["x64-based Systems"],"versions":[{"version":"10.0.14393.0","lessThan":"10.0.14393.9339","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2016 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.14393.0","lessThan":"10.0.14393.9339","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2019","platforms":["x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2019 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2022","platforms":["x64-based Systems"],"versions":[{"version":"10.0.20348.0","lessThan":"10.0.20348.5386","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T00:00:00+00:00","id":"CVE-2026-50311","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.14393.9339","matchCriteriaId":"1A8DB50E-7571-4925-A293-CAB93ECD0EBF"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.14393.9339","matchCriteriaId":"A9DC4EC9-4E72-4CBC-BA0B-39CCC45DB8CE"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.17763.9020","matchCriteriaId":"643F21D8-3A5B-477D-AFFC-2451DDC472CC"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.17763.9020","matchCriteriaId":"A68E51D8-C76C-4C9E-9CBD-C7D4D4BCDFAA"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.19044.7548","matchCriteriaId":"038B4A9C-95B9-440A-83A2-AF10BC24590C"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.19044.7548","matchCriteriaId":"FCA35115-58F4-4015-9CA2-C33F45605AA6"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.19044.7548","matchCriteriaId":"02C2F9D5-439A-45D2-98EB-08DB85673712"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.19045.7548","matchCriteriaId":"80F87C10-5D02-4EC9-B1A4-8FD7F6CFE758"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.19045.7548","matchCriteriaId":"048B08D3-1959-47C0-A592-FCF0DCCD65A4"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.19045.7548","matchCriteriaId":"A41562FD-04BC-4FC3-B847-D87D164A9C15"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.26100.8875","matchCriteriaId":"6D55C01A-5908-4CFC-BEB6-BBF3B6F0C5AF"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26100.8875","matchCriteriaId":"740B730D-AEC5-4735-A122-B1CF8B3C364C"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.26200.8875","matchCriteriaId":"E26E96B6-1469-46AE-9CB5-AB7A0372C398"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26200.8875","matchCriteriaId":"DDBCA9E4-7BFB-423A-B7A7-9CBF5625053D"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.28000.2269","matchCriteriaId":"8967AF79-CAD0-4F87-85A5-95D031C9FEFA"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.28000.2525","matchCriteriaId":"8E90830B-0BD1-4D01-9C7D-0F0E1828A0F5"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*","matchCriteriaId":"A7DF96F8-BA6A-4780-9CA3-F719B3F81074"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*","matchCriteriaId":"DB18C4CE-5917-401E-ACF7-2747084FD36E"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.14393.9339","matchCriteriaId":"34D1270A-7D50-46CC-87EE-0A4E25F9C800"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.17763.9020","matchCriteriaId":"D0E1AB94-0B38-4BB7-94EB-988EA266D6D5"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.20348.5386","matchCriteriaId":"9E9A0C18-3AD2-4E59-97AF-A2343E466929"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.26100.33158","matchCriteriaId":"22BE2FE9-37B9-4FF2-B43A-60A3518E0F08"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50311","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-58644","sourceIdentifier":"secure@microsoft.com","published":"2026-07-14T17:17:14.257","lastModified":"2026-07-17T05:16:40.470","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft SharePoint Enterprise Server 2016","platforms":["x64-based Systems"],"versions":[{"version":"16.0.0","lessThan":"16.0.5556.1005","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft SharePoint Server 2019","platforms":["x64-based Systems"],"versions":[{"version":"16.0.0","lessThan":"16.0.10417.20153","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft SharePoint Server Subscription Edition","platforms":["x64-based Systems"],"versions":[{"version":"16.0.0","lessThan":"16.0.19725.20384","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T00:00:00+00:00","id":"CVE-2026-58644","options":[{"exploitation":"active"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"cisaExploitAdd":"2026-07-16","cisaActionDue":"2026-07-19","cisaRequiredAction":"Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.","cisaVulnerabilityName":"Microsoft SharePoint Deserialization of Untrusted Data Vulnerability","weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*","versionEndExcluding":"16.0.19725.20434","matchCriteriaId":"5FA63EA8-B225-4E35-A6A3-DBDECF5AC4C8"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*","matchCriteriaId":"F815EF1D-7B60-47BE-9AC2-2548F99F10E4"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*","matchCriteriaId":"6122D014-5BF1-4AF4-8B4D-80205ED7785E"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58644","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-58644","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}},{"cve":{"id":"CVE-2026-50321","sourceIdentifier":"secure@microsoft.com","published":"2026-07-14T18:17:30.903","lastModified":"2026-07-17T05:16:39.497","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Driver allows an authorized attacker to elevate privileges locally."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Windows 10 Version 1607","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"10.0.14393.0","lessThan":"10.0.14393.9339","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 1809","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 21H2","platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.19044.0","lessThan":"10.0.19044.7548","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 22H2","platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.19045.0","lessThan":"10.0.19045.7548","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 24H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 25H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26200.0","lessThan":"10.0.26200.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 version 26H1","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.28000.0","lessThan":"10.0.28000.2269","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2012","platforms":["x64-based Systems"],"versions":[{"version":"6.2.9200.0","lessThan":"6.2.9200.26226","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2012 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"6.2.9200.0","lessThan":"6.2.9200.26226","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2012 R2","platforms":["x64-based Systems"],"versions":[{"version":"6.3.9600.0","lessThan":"6.3.9600.23291","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2012 R2 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"6.3.9600.0","lessThan":"6.3.9600.23291","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2016","platforms":["x64-based Systems"],"versions":[{"version":"10.0.14393.0","lessThan":"10.0.14393.9339","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2016 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.14393.0","lessThan":"10.0.14393.9339","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2019","platforms":["x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2019 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2022","platforms":["x64-based Systems"],"versions":[{"version":"10.0.20348.0","lessThan":"10.0.20348.5386","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T00:00:00+00:00","id":"CVE-2026-50321","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-362"},{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.14393.9339","matchCriteriaId":"1A8DB50E-7571-4925-A293-CAB93ECD0EBF"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.14393.9339","matchCriteriaId":"A9DC4EC9-4E72-4CBC-BA0B-39CCC45DB8CE"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.17763.9020","matchCriteriaId":"643F21D8-3A5B-477D-AFFC-2451DDC472CC"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.17763.9020","matchCriteriaId":"A68E51D8-C76C-4C9E-9CBD-C7D4D4BCDFAA"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.19044.7548","matchCriteriaId":"038B4A9C-95B9-440A-83A2-AF10BC24590C"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.19044.7548","matchCriteriaId":"FCA35115-58F4-4015-9CA2-C33F45605AA6"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.19044.7548","matchCriteriaId":"02C2F9D5-439A-45D2-98EB-08DB85673712"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.19045.7548","matchCriteriaId":"80F87C10-5D02-4EC9-B1A4-8FD7F6CFE758"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.19045.7548","matchCriteriaId":"048B08D3-1959-47C0-A592-FCF0DCCD65A4"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.19045.7548","matchCriteriaId":"A41562FD-04BC-4FC3-B847-D87D164A9C15"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.26100.8875","matchCriteriaId":"6D55C01A-5908-4CFC-BEB6-BBF3B6F0C5AF"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26100.8875","matchCriteriaId":"740B730D-AEC5-4735-A122-B1CF8B3C364C"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.26200.8875","matchCriteriaId":"E26E96B6-1469-46AE-9CB5-AB7A0372C398"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26200.8875","matchCriteriaId":"DDBCA9E4-7BFB-423A-B7A7-9CBF5625053D"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.28000.2269","matchCriteriaId":"8967AF79-CAD0-4F87-85A5-95D031C9FEFA"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.28000.2525","matchCriteriaId":"8E90830B-0BD1-4D01-9C7D-0F0E1828A0F5"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*","matchCriteriaId":"A7DF96F8-BA6A-4780-9CA3-F719B3F81074"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*","matchCriteriaId":"DB18C4CE-5917-401E-ACF7-2747084FD36E"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.14393.9339","matchCriteriaId":"34D1270A-7D50-46CC-87EE-0A4E25F9C800"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.17763.9020","matchCriteriaId":"D0E1AB94-0B38-4BB7-94EB-988EA266D6D5"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.20348.5386","matchCriteriaId":"9E9A0C18-3AD2-4E59-97AF-A2343E466929"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.26100.33158","matchCriteriaId":"22BE2FE9-37B9-4FF2-B43A-60A3518E0F08"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50321","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-50454","sourceIdentifier":"secure@microsoft.com","published":"2026-07-14T18:17:50.290","lastModified":"2026-07-17T05:16:39.690","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Relative path traversal in Windows User Interface Core allows an authorized attacker to elevate privileges locally."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Windows 11 Version 24H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 25H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26200.0","lessThan":"10.0.26200.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 version 26H1","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.28000.0","lessThan":"10.0.28000.2269","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T00:00:00+00:00","id":"CVE-2026-50454","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-23"}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50454","source":"secure@microsoft.com"}]}},{"cve":{"id":"CVE-2026-50479","sourceIdentifier":"secure@microsoft.com","published":"2026-07-14T18:17:53.857","lastModified":"2026-07-17T05:16:39.800","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Untrusted pointer dereference in Windows USB Hub Driver allows an authorized attacker to elevate privileges locally."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Windows 10 Version 1809","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 21H2","platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.19044.0","lessThan":"10.0.19044.7548","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 22H2","platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.19045.0","lessThan":"10.0.19045.7548","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2019","platforms":["x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2019 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2022","platforms":["x64-based Systems"],"versions":[{"version":"10.0.20348.0","lessThan":"10.0.20348.5386","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T00:00:00+00:00","id":"CVE-2026-50479","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-822"}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50479","source":"secure@microsoft.com"}]}},{"cve":{"id":"CVE-2026-50480","sourceIdentifier":"secure@microsoft.com","published":"2026-07-14T18:17:53.990","lastModified":"2026-07-17T05:16:39.913","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Heap-based buffer overflow in Windows Web Proxy Auto-Discovery Protocol (WPAD) allows an authorized attacker to elevate privileges locally."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Windows 10 Version 1607","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"10.0.14393.0","lessThan":"10.0.14393.9339","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2012","platforms":["x64-based Systems"],"versions":[{"version":"6.2.9200.0","lessThan":"6.2.9200.26226","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2012 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"6.2.9200.0","lessThan":"6.2.9200.26226","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2012 R2","platforms":["x64-based Systems"],"versions":[{"version":"6.3.9600.0","lessThan":"6.3.9600.23291","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2012 R2 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"6.3.9600.0","lessThan":"6.3.9600.23291","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2016","platforms":["x64-based Systems"],"versions":[{"version":"10.0.14393.0","lessThan":"10.0.14393.9339","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2016 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.14393.0","lessThan":"10.0.14393.9339","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T00:00:00+00:00","id":"CVE-2026-50480","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50480","source":"secure@microsoft.com"}]}},{"cve":{"id":"CVE-2026-56173","sourceIdentifier":"secure@microsoft.com","published":"2026-07-14T18:18:23.310","lastModified":"2026-07-17T05:16:40.030","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in Windows WebView allows an authorized attacker to elevate privileges locally."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Windows 10 Version 1809","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 21H2","platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.19044.0","lessThan":"10.0.19044.7548","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 22H2","platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.19045.0","lessThan":"10.0.19045.7548","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 version 23H2","platforms":["ARM64-based Systems"],"versions":[{"version":"10.0.22631.0","lessThan":"10.0.22631.7376","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 23H2","platforms":["x64-based Systems"],"versions":[{"version":"10.0.22631.0","lessThan":"10.0.22631.7376","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 24H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 25H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26200.0","lessThan":"10.0.26200.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 version 26H1","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.28000.0","lessThan":"10.0.28000.2269","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2019","platforms":["x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2019 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2022","platforms":["x64-based Systems"],"versions":[{"version":"10.0.20348.0","lessThan":"10.0.20348.5386","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T00:00:00+00:00","id":"CVE-2026-56173","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-56173","source":"secure@microsoft.com"}]}},{"cve":{"id":"CVE-2026-58628","sourceIdentifier":"secure@microsoft.com","published":"2026-07-14T18:18:44.953","lastModified":"2026-07-17T05:16:40.320","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Wireless Networking allows an authorized attacker to elevate privileges locally."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Windows 10 Version 1809","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 21H2","platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.19044.0","lessThan":"10.0.19044.7548","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 22H2","platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.19045.0","lessThan":"10.0.19045.7548","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 24H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 25H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26200.0","lessThan":"10.0.26100.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 version 26H1","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.28000.0","lessThan":"10.0.28000.2525","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2019","platforms":["x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2019 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2022","platforms":["x64-based Systems"],"versions":[{"version":"10.0.20348.0","lessThan":"10.0.20348.5386","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T00:00:00+00:00","id":"CVE-2026-58628","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-362"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.17763.9020","matchCriteriaId":"643F21D8-3A5B-477D-AFFC-2451DDC472CC"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.17763.9020","matchCriteriaId":"A68E51D8-C76C-4C9E-9CBD-C7D4D4BCDFAA"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.19044.7548","matchCriteriaId":"038B4A9C-95B9-440A-83A2-AF10BC24590C"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.19044.7548","matchCriteriaId":"FCA35115-58F4-4015-9CA2-C33F45605AA6"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.19044.7548","matchCriteriaId":"02C2F9D5-439A-45D2-98EB-08DB85673712"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.19045.7548","matchCriteriaId":"80F87C10-5D02-4EC9-B1A4-8FD7F6CFE758"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.19045.7548","matchCriteriaId":"048B08D3-1959-47C0-A592-FCF0DCCD65A4"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.19045.7548","matchCriteriaId":"A41562FD-04BC-4FC3-B847-D87D164A9C15"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.26100.8875","matchCriteriaId":"6D55C01A-5908-4CFC-BEB6-BBF3B6F0C5AF"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26100.8875","matchCriteriaId":"740B730D-AEC5-4735-A122-B1CF8B3C364C"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.26200.8875","matchCriteriaId":"E26E96B6-1469-46AE-9CB5-AB7A0372C398"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26200.8875","matchCriteriaId":"DDBCA9E4-7BFB-423A-B7A7-9CBF5625053D"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.28000.2269","matchCriteriaId":"9C7AD7ED-307B-40B9-B706-45FB178C36D8"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.28000.2269","matchCriteriaId":"8967AF79-CAD0-4F87-85A5-95D031C9FEFA"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:-:*:x64:*","versionEndExcluding":"10.0.17763.9020","matchCriteriaId":"1E40816E-72E5-439A-887B-17EBF5E803FE"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.20348.5386","matchCriteriaId":"A152E6BF-9453-435F-A854-FA85D36922B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26100.33158","matchCriteriaId":"CB74F035-459D-4608-9A22-DEED9559A2A0"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58628","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-59859","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T15:16:35.167","lastModified":"2026-07-17T05:16:40.597","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.4, Kiota's PHP generator embedded OpenAPI description, default fields, property names, and other schema-derived strings into PHP double-quoted literals through SanitizeDoubleQuote() in Writers/StringExtensions.cs without escaping $, allowing attacker-controlled ${...}, $var, or {$obj->prop} interpolation constructs to inject arbitrary PHP code into generated model and request-builder classes. This issue is fixed in version 1.32.4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"microsoft","product":"kiota","versions":[{"version":"< 1.32.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T00:00:00+00:00","id":"CVE-2026-59859","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/microsoft/kiota/commit/5e2a211ac4261988fbdc72c3b268596ea8837b87","source":"security-advisories@github.com"},{"url":"https://github.com/microsoft/kiota/pull/7863","source":"security-advisories@github.com"},{"url":"https://github.com/microsoft/kiota/releases/tag/v1.32.4","source":"security-advisories@github.com"},{"url":"https://github.com/microsoft/kiota/security/advisories/GHSA-jqwh-526h-c92j","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-59860","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T15:16:35.310","lastModified":"2026-07-17T05:16:40.710","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.3, Kiota is affected by a code-generation injection vulnerability in the C# XML documentation-comment sink (the description, externalDocs label, and externalDocs link fields emitted as /// … comments). When text from an OpenAPI description is written into single-line XML doc comments without stripping newline and Unicode line-terminator characters, an attacker can break out of the /// comment line and inject additional code into generated C# clients. This issue is fixed in version 1.32.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"microsoft","product":"kiota","versions":[{"version":"< 1.32.3","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T00:00:00+00:00","id":"CVE-2026-59860","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/microsoft/kiota/commit/ebb632db90aa8e3c20949337d9faa2720d64ca44","source":"security-advisories@github.com"},{"url":"https://github.com/microsoft/kiota/pull/7831","source":"security-advisories@github.com"},{"url":"https://github.com/microsoft/kiota/releases/tag/v1.32.3","source":"security-advisories@github.com"},{"url":"https://github.com/microsoft/kiota/security/advisories/GHSA-3hrf-2gc2-mx32","source":"security-advisories@github.com"},{"url":"https://github.com/microsoft/kiota/security/advisories/GHSA-3hrf-2gc2-mx32","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-59861","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T15:16:35.440","lastModified":"2026-07-17T05:16:40.820","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.0, Kiota's Ruby generator embedded OpenAPI default fields, property names, and other schema-derived strings through CodeMethodWriter.cs and SanitizeForQuotedLiteral() in Writers/StringExtensions.cs into Ruby double-quoted literals without escaping #, allowing attacker-controlled #{expr}, #$var, or #@var interpolation markers to inject arbitrary Ruby code into generated model classes. This issue is fixed in version 1.32.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"microsoft","product":"kiota","versions":[{"version":"< 1.32.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T00:00:00+00:00","id":"CVE-2026-59861","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/microsoft/kiota/commit/fee1b648bb4394ba7ba72de9c0ce4f2a0bad0cb6","source":"security-advisories@github.com"},{"url":"https://github.com/microsoft/kiota/pull/7746","source":"security-advisories@github.com"},{"url":"https://github.com/microsoft/kiota/releases/tag/v1.32.0","source":"security-advisories@github.com"},{"url":"https://github.com/microsoft/kiota/security/advisories/GHSA-xg2h-5xr2-29jw","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-59862","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T15:16:35.570","lastModified":"2026-07-17T05:16:40.920","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.0, Kiota's Python generator let attacker-controlled enum value descriptions from x-ms-enum.values[].description flow through KiotaBuilder.SetEnumOptions into Documentation.DescriptionTemplate and PythonConventionService.RemoveInvalidDescriptionCharacters without newline sanitization, allowing generated inline comments to split and execute attacker-controlled Python code at module scope when generated modules were imported. This issue is fixed in version 1.32.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"microsoft","product":"kiota","versions":[{"version":"< 1.32.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T00:00:00+00:00","id":"CVE-2026-59862","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/microsoft/kiota/releases/tag/v1.32.0","source":"security-advisories@github.com"},{"url":"https://github.com/microsoft/kiota/security/advisories/GHSA-7f3j-j7jj-r3vr","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-59864","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T16:19:15.240","lastModified":"2026-07-17T05:16:41.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, `kiota plugin add` and `kiota plugin generate` (with `-t APIPlugin`) emitted attacker-controlled static_template.file values from x-ai-adaptive-card and x-ai-capabilities into generated Microsoft 365 Copilot and Teams plugin manifests without path validation, allowing ../, absolute, rooted, UNC, Windows drive, or URI paths in response_semantics.static_template.file to cause path traversal or out-of-package file inclusion when the generated plugin was deployed. This issue is fixed in version 1.32.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"microsoft","product":"kiota","versions":[{"version":"< 1.32.5","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T00:00:00+00:00","id":"CVE-2026-59864","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-829"}]}],"references":[{"url":"https://github.com/microsoft/kiota/commit/9a185994a4e549b7bba3cc2beffb9736aa902e79","source":"security-advisories@github.com"},{"url":"https://github.com/microsoft/kiota/pull/7892","source":"security-advisories@github.com"},{"url":"https://github.com/microsoft/kiota/releases/tag/v1.32.5","source":"security-advisories@github.com"},{"url":"https://github.com/microsoft/kiota/security/advisories/GHSA-4jwf-m4wg-8p66","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-59865","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T16:19:15.373","lastModified":"2026-07-17T05:16:41.137","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, `kiota info` read x-ms-kiota-info.languagesInformation.<language>.dependencyInstallCommand plus dependency name and version values from an OpenAPI description and presented the spec-supplied command as Kiota's recommended install command, allowing an attacker-controlled or compromised description to cause command injection when the suggested command was run manually or through the Kiota VS Code extension's kiota info --json dependency-install flow. This issue is fixed in version 1.32.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"microsoft","product":"kiota","versions":[{"version":"< 1.32.5","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T00:00:00+00:00","id":"CVE-2026-59865","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"},{"lang":"en","value":"CWE-829"}]}],"references":[{"url":"https://github.com/microsoft/kiota/commit/e1d6d76c6eecbe50785429166faaf8c831e036c6","source":"security-advisories@github.com"},{"url":"https://github.com/microsoft/kiota/pull/7883","source":"security-advisories@github.com"},{"url":"https://github.com/microsoft/kiota/releases/tag/v1.32.5","source":"security-advisories@github.com"},{"url":"https://github.com/microsoft/kiota/security/advisories/GHSA-hq9q-27g5-qwpj","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-59866","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T16:19:15.493","lastModified":"2026-07-17T05:16:41.243","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, Kiota emitted x-ms-kiota-info clientClassName and clientNamespaceName values without identifier or path sanitization as both generated client class or namespace names and generated output path components when `kiota generate` ran without -c/--class-name, allowing an attacker-controlled or compromised OpenAPI description to write generated source outside the -o output directory and inject arbitrary text into generated class or namespace declarations. This issue is fixed in version 1.32.5 by GenerationConfiguration.SanitizeClientClassName and SanitizeClientNamespaceName."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"microsoft","product":"kiota","versions":[{"version":"< 1.32.5","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T00:00:00+00:00","id":"CVE-2026-59866","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/microsoft/kiota/commit/dc812dbbf88ef7edf53a890d36b2f9d1460e947d","source":"security-advisories@github.com"},{"url":"https://github.com/microsoft/kiota/pull/7884","source":"security-advisories@github.com"},{"url":"https://github.com/microsoft/kiota/releases/tag/v1.32.5","source":"security-advisories@github.com"},{"url":"https://github.com/microsoft/kiota/security/advisories/GHSA-4vv7-jj25-4gh6","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-13352","sourceIdentifier":"security@wordfence.com","published":"2026-07-17T05:16:36.730","lastModified":"2026-07-17T05:16:36.730","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 4.16.18 via the allowed_mime_types function. This is due to the unconditional registration of an upload_mimes filter that adds executable file extensions (.exe, .apk, .msi) to the global WordPress MIME allowlist, without scoping the expansion to digital-product upload contexts. This makes it possible for authenticated attackers, with author-level access and above, to upload files that may be executable, which makes remote code execution possible. This filter is registered globally on every request regardless of whether the digital products feature is configured or in use, meaning the expanded MIME allowlist affects all WordPress upload contexts site-wide."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"properfraction","product":"Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.16.18","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/wp-user-avatar/tags/4.16.14/src/Membership/DigitalProducts/Init.php#L9","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-user-avatar/tags/4.16.14/src/Membership/DigitalProducts/UploadHandler.php#L18","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-user-avatar/tags/4.16.14/src/Membership/DigitalProducts/UploadHandler.php#L49","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-user-avatar/tags/4.16.18/src/Membership/DigitalProducts/Init.php#L9","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-user-avatar/tags/4.16.18/src/Membership/DigitalProducts/UploadHandler.php#L18","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-user-avatar/tags/4.16.18/src/Membership/DigitalProducts/UploadHandler.php#L49","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3599012%40wp-user-avatar&new=3599012%40wp-user-avatar","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9bb520df-e838-4335-bd4f-97026082a204?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-13765","sourceIdentifier":"security@wordfence.com","published":"2026-07-17T05:16:37.837","lastModified":"2026-07-17T05:16:37.837","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.1 via the check_answer. This makes it possible for unauthenticated attackers to extract the correct-answer markers, full option lists, explanations, and question content for any quiz question on the site — including questions belonging to paid courses the attacker is not enrolled in."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"thimpress","product":"LearnPress – WordPress LMS Plugin for Create and Sell Online Courses","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.4.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/learnpress/tags/4.3.6/inc/course/class-lp-course-no-required-enroll.php#L145","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/learnpress/tags/4.3.6/inc/lp-template-functions.php#L1422","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/learnpress/tags/4.3.6/inc/rest-api/v1/frontend/class-lp-rest-users-controller.php#L181","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/learnpress/tags/4.3.6/inc/rest-api/v1/frontend/class-lp-rest-users-controller.php#L434","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/learnpress/tags/4.3.6/inc/rest-api/v1/frontend/class-lp-rest-users-controller.php#L54","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/learnpress/tags/4.3.6/inc/rest-api/v1/frontend/class-lp-rest-users-controller.php#L80","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/learnpress/tags/4.4.1/inc/course/class-lp-course-no-required-enroll.php#L145","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/learnpress/tags/4.4.1/inc/lp-template-functions.php#L1422","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/learnpress/tags/4.4.1/inc/rest-api/v1/frontend/class-lp-rest-users-controller.php#L181","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/learnpress/tags/4.4.1/inc/rest-api/v1/frontend/class-lp-rest-users-controller.php#L434","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/learnpress/tags/4.4.1/inc/rest-api/v1/frontend/class-lp-rest-users-controller.php#L54","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/learnpress/tags/4.4.1/inc/rest-api/v1/frontend/class-lp-rest-users-controller.php#L80","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3603546%40learnpress&new=3603546%40learnpress","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ee3bbf20-43fd-4977-b0ba-b81e7a3810d0?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15349","sourceIdentifier":"security@wordfence.com","published":"2026-07-17T05:16:38.197","lastModified":"2026-07-17T05:16:38.197","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"The ERP: Complete HR, Accounting & CRM Suite Built for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.17.6. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary company locations in the ERP database."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wedevs","product":"ERP: Complete HR, Accounting & CRM Suite Built for WooCommerce","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.17.6","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/erp/tags/1.17.5/includes/Admin/AdminPage.php#L23","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/erp/tags/1.17.5/includes/Admin/Ajax.php#L23","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/erp/tags/1.17.5/includes/Admin/Ajax.php#L516","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/erp/tags/1.17.5/includes/Admin/views/address.php#L72","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/erp/tags/1.17.6/includes/Admin/AdminPage.php#L23","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/erp/tags/1.17.6/includes/Admin/Ajax.php#L23","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/erp/tags/1.17.6/includes/Admin/Ajax.php#L516","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/erp/tags/1.17.6/includes/Admin/views/address.php#L72","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3609754%40erp&new=3609754%40erp","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0c943b6b-9b54-4569-a027-11571f152b6c?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15457","sourceIdentifier":"security@wordfence.com","published":"2026-07-17T05:16:38.323","lastModified":"2026-07-17T05:16:38.323","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.0.13 via the 'family' parameter. This makes it possible for authenticated attackers, with editor-level access and above, to delete arbitrary directories on the server, which can result in loss of data and availability."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"themeum","product":"Kirki – Freeform Page Builder, Website Builder & Customizer","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.0.13","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/kirki/tags/6.0.12/app/Http/Controllers/Api/GlobalDataController.php#L105","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/kirki/tags/6.0.12/app/Services/FontService.php#L157","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/kirki/tags/6.0.12/includes/Ajax/Media.php#L996","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/kirki/tags/6.0.12/routes/api.php#L74","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/kirki/tags/6.0.13/app/Http/Controllers/Api/GlobalDataController.php#L105","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/kirki/tags/6.0.13/app/Services/FontService.php#L157","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/kirki/tags/6.0.13/includes/Ajax/Media.php#L996","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/kirki/tags/6.0.13/routes/api.php#L74","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3608888%40kirki&new=3608888%40kirki","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/01a52285-2d0c-4b29-8dab-18a3e3640e5c?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15759","sourceIdentifier":"security@wordfence.com","published":"2026-07-17T05:16:38.447","lastModified":"2026-07-17T05:16:38.447","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"The ChatHelp – Click to Chat Button, WooCommerce Chat to Order & Floating Chat Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'number' and 'group' Shortcode Attributes in all versions up to, and including, 3.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"themeatelier","product":"ChatHelp – Click to Chat Button, WooCommerce Chat to Order & Floating Chat Form","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.5.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/chat-help/tags/3.5.1/src/Frontend/Shortcode/CustomButtonsTemplates.php#L138","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/chat-help/tags/3.5.1/src/Frontend/Shortcode/CustomButtonsTemplates.php#L66","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/chat-help/tags/3.5.1/src/Frontend/Shortcode/CustomButtonsTemplates.php#L76","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/chat-help/tags/3.5.1/src/Frontend/Shortcode/CustomShortcode.php#L38","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/chat-help/tags/3.5.1/src/Includes/ChatHelp.php#L192","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3609732%40chat-help&new=3609732%40chat-help","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c3ec4978-0d51-4ca1-b0cf-81aaa4d43f7b?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-21770","sourceIdentifier":"psirt@hcl.com","published":"2026-07-17T05:16:38.567","lastModified":"2026-07-17T05:16:38.567","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a DLL hijacking vulnerability which could allow an attacker to modify or replace the application with malicious content."}],"affected":[{"source":"psirt@hcl.com","affectedData":[{"vendor":"HCLSoftware","product":"HCL Traveler for Microsoft Outlook (HTMO)","defaultStatus":"unaffected","versions":[{"version":"< 3.0.16","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.6,"impactScore":5.9}]},"weaknesses":[{"source":"psirt@hcl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-427"}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130919","source":"psirt@hcl.com"}]}},{"cve":{"id":"CVE-2026-41993","sourceIdentifier":"3ad20294-822c-4ebc-9301-f9a7cf62d46e","published":"2026-07-17T05:16:39.007","lastModified":"2026-07-17T05:16:39.007","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Access Control vulnerability in the Removable Media Validation function of TXOne Networks products allows a local attacker with administrator privileges to bypass the file lockdown mechanism, resulting in unauthorized file transfer to the victim device. The attacker needs to deploy unauthorized file on the removable media in advance. This issue affects SafePortAgent: before 3.2.5024; StellarProtect: from 3.2.4011 before 5.0.1083."}],"affected":[{"source":"3ad20294-822c-4ebc-9301-f9a7cf62d46e","affectedData":[{"vendor":"TXOne Networks","product":"SafePortAgent","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"3.2.5024","versionType":"custom","status":"affected"}]},{"vendor":"TXOne Networks","product":"StellarProtect","defaultStatus":"unaffected","versions":[{"version":"3.2.4011","lessThan":"5.0.1083","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"3ad20294-822c-4ebc-9301-f9a7cf62d46e","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"3ad20294-822c-4ebc-9301-f9a7cf62d46e","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.8,"impactScore":3.6}]},"references":[{"url":"https://www.txone.com/psirt/cve-2026-41993/","source":"3ad20294-822c-4ebc-9301-f9a7cf62d46e"}]}},{"cve":{"id":"CVE-2026-58317","sourceIdentifier":"vultures@jpcert.or.jp","published":"2026-07-17T05:16:40.180","lastModified":"2026-07-17T05:16:40.180","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Unsigned to Signed Conversion Error (CWE-196) vulnerability exists in TTSSH2 plugin of Tera Term provided by TeraTerm Project. When Tera Term attempts to establish an SSH connection to a server set up by an attacker, out-of-bounds read/write may occur. As a result, the contents of adjacent memory regions may be transmitted to the server, and Tera Term may behave unexpected or terminate abnormally."}],"affected":[{"source":"vultures@jpcert.or.jp","affectedData":[{"vendor":"TeraTerm Project","product":"TTSSH2","defaultStatus":"unaffected","versions":[{"version":"1.00 alpha1","lessThanOrEqual":"3.6.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"vultures@jpcert.or.jp","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV30":[{"source":"vultures@jpcert.or.jp","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}]},"weaknesses":[{"source":"vultures@jpcert.or.jp","type":"Primary","description":[{"lang":"en","value":"CWE-196"}]}],"references":[{"url":"https://jvn.jp/en/jp/JVN65294474/","source":"vultures@jpcert.or.jp"},{"url":"https://teratermproject.github.io/SA/JVN65294474-en.html","source":"vultures@jpcert.or.jp"},{"url":"https://teratermproject.github.io/SA/JVN65294474.html","source":"vultures@jpcert.or.jp"}]}},{"cve":{"id":"CVE-2026-60060","sourceIdentifier":"vultures@jpcert.or.jp","published":"2026-07-17T05:16:41.360","lastModified":"2026-07-17T05:16:41.360","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Handling of Length Parameter Inconsistency (CWE-130) vulnerability exists in TTSSH2 plugin of Tera Term provided by TeraTerm Project. When Tera Term attempts to establish an SSH connection to a server set up by an attacker, out-of-bounds read/write may occur. As a result, the contents of adjacent memory regions may be transmitted to the server, and Tera Term may behave unexpected or terminate abnormally."}],"affected":[{"source":"vultures@jpcert.or.jp","affectedData":[{"vendor":"TeraTerm Project","product":"TTSSH2","defaultStatus":"unaffected","versions":[{"version":"1.00 alpha1","lessThanOrEqual":"3.6.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"vultures@jpcert.or.jp","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV30":[{"source":"vultures@jpcert.or.jp","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}]},"weaknesses":[{"source":"vultures@jpcert.or.jp","type":"Primary","description":[{"lang":"en","value":"CWE-130"}]}],"references":[{"url":"https://jvn.jp/en/jp/JVN65294474/","source":"vultures@jpcert.or.jp"},{"url":"https://teratermproject.github.io/SA/JVN65294474-en.html","source":"vultures@jpcert.or.jp"},{"url":"https://teratermproject.github.io/SA/JVN65294474.html","source":"vultures@jpcert.or.jp"}]}},{"cve":{"id":"CVE-2026-15094","sourceIdentifier":"security@wordfence.com","published":"2026-07-17T06:16:36.367","lastModified":"2026-07-17T06:16:36.367","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"The WP Hotel Booking plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'check_in_date' parameter in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"thimpress","product":"WP Hotel Booking","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.3.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/wp-hotel-booking/tags/2.3.2/includes/TemplateHooks/ArchiveRoomTemplate.php#L262","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-hotel-booking/tags/2.3.2/includes/TemplateHooks/ArchiveRoomTemplate.php#L54","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-hotel-booking/tags/2.3.2/includes/class-wphb-helpers.php#L29","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-hotel-booking/tags/2.3.2/includes/wphb-functions.php#L733","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3609563%40wp-hotel-booking&new=3609563%40wp-hotel-booking","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8139f512-7bc9-45ae-83d7-bf496e1ad56d?source=cve","source":"security@wordfence.com"}]}}]}