|
4021
|
8.1 |
HIGH
Network
|
microsoft
|
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2022
windows_server_2025
|
Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-42974
|
2026-06-11 04:53 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4022
|
7.8 |
HIGH
Local
|
microsoft
|
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2019
windows_server_2022
windows_server_2025
|
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
|
CWE-362
Race Condition
|
CVE-2026-42977
|
2026-06-11 04:49 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4023
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption (QE) or Client-Side Field Level Encryption (CSFLE) results in literal values for encrypted fields w…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2026-9741
|
2026-06-11 04:43 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4024
|
7.5 |
HIGH
Network
|
-
|
-
|
When OIDC authentication is enabled in configuration, clients may set specific values in the "mechanism" parameter of the "authenticate" command that lead to server crash. The authenticate command is…
|
CWE-1287
Improper Validation of Specified Type of Input
|
CVE-2026-9742
|
2026-06-11 04:43 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4025
|
6.5 |
MEDIUM
Network
|
-
|
-
|
When using $changestreams and $_requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no special privileges needed. The user m…
|
CWE-617
Reachable Assertion
|
CVE-2026-9746
|
2026-06-11 04:43 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4026
|
6.5 |
MEDIUM
Network
|
-
|
-
|
This issue can occur when running an aggregation pipeline that uses the internal $exchange stage configured with key-range partitioning and order-preserving delivery. If a single key range produces e…
|
CWE-617
Reachable Assertion
|
CVE-2026-9749
|
2026-06-11 04:43 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4027
|
6.5 |
MEDIUM
Network
|
-
|
-
|
An authorized user could trigger a server crash by running a query with a 2dsphere index on a field that stores a GeoJSON GeometryCollection containing a Polygon with a strict-winding CRS.
Strict-wi…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-9752
|
2026-06-11 04:43 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4028
|
8.1 |
HIGH
Network
|
-
|
-
|
The $_internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff to return memory out-of-bounds or crash the server. $_internalApply…
|
CWE-1287
Improper Validation of Specified Type of Input
|
CVE-2026-9753
|
2026-06-11 04:43 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4029
|
6.5 |
MEDIUM
Network
|
-
|
-
|
An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command
|
CWE-457
Use of Uninitialized Variable
|
CVE-2026-9754
|
2026-06-11 04:43 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4030
|
5.4 |
MEDIUM
Network
|
microsoft
|
sharepoint_server
|
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
|
CWE-79
Cross-site Scripting
|
CVE-2026-45479
|
2026-06-11 04:42 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
