[TLP:CLEAR]
bollettino di sicurezza 111/2026
Aggiornamenti mensili Microsoft - Giugno 2026
10-06-2026
microsoft, patch-tuesday, remote-code-execution, privilege-escalation, zero-day, secure-boot
descrizione
Il bollettino corregge 206 vulnerabilità distribuite su un'ampia superficie Microsoft: Windows (kernel, TCP/IP, DHCP, RDP, Hyper-V, HTTP.sys, BitLocker, Secure Boot, UEFI, NTFS, DWM, Push Notifications, WinSock, Kerberos), Office (Excel, Word, Outlook), Exchange Server (on-premises e Online), SharePoint Server, Azure (Stack Edge, HorizonDB, AKS), Visual Studio Code, Remote Desktop Client, ASP.NET Core, .NET, M365 Copilot, Nuance PowerScribe e componenti ARM.Sono presenti tre zero-day: CVE-2026-49160 (HTTP.sys DoS, divulgazione pubblica), CVE-2026-45586 (Windows CTFMON EoP, exploit pubblico e sfruttamento attivo), CVE-2026-50507 (Windows BitLocker SFB, divulgazione pubblica).
Le vulnerabilità di tipo Remote Code Execution rappresentano la categoria più critica. Tra i meccanismi prevalenti figurano heap-based buffer overflow, stack-based buffer overflow, use-after-free, deserializzazione di dati non attendibili, integer overflow/underflow, path traversal e type confusion. I componenti RCE a CVSS 10 includono Nuance PowerScribe (CWE-502), Windows DHCP Client (CWE-121), HTTP.sys (integer overflow), Windows Kernel (use-after-free) e Azure Stack Edge (CWE-73).
Le vulnerabilità di Elevation of Privilege sono numericamente dominanti e colpiscono kernel NT, DWM Core Library, WinSock AFD, Push Notifications, CTFMON, Secure Boot/UEFI, BitLocker, Windows SDK, Projected File System e numerosi altri componenti. I security feature bypass interessano Secure Boot, UEFI, BitLocker, Boot Manager, Windows Mark of the Web e Administrator Protection.
note
Il bollettino include tre zero-day con stati distinti che determinano la priorità operativa immediata.CVE-2026-45586 (Windows CTFMON EoP, CWE-59 link following, CVSS 8, priority critical) è lo zero-day di maggiore urgenza: risulta pubblicamente divulgato e attivamente sfruttato tramite l'exploit denominato 'GreenPlasma' attribuito a Nightmare Eclipse. Il vettore AV:L richiede accesso locale con privilegi bassi (PR:L), senza interazione utente. Lo sfruttamento consente elevazione di privilegi locali con impatto C:H/I:H/A:H.
CVE-2026-49160 (HTTP.sys DoS su HTTP/2, CWE-400 uncontrolled resource consumption, CVSS 8, priority critical) è pubblicamente divulgato prima della patch. Vettore AV:N/AC:L/PR:N/UI:N, sfruttabile remotamente senza autenticazione. EPSS al 79.6° percentile. Impatto limitato alla disponibilità (A:H). Colpisce Windows 10 (1607–22H2), Windows 11 (23H2–26H1), Windows Server 2016–2025.
CVE-2026-50507 (Windows BitLocker SFB, CWE-306, CVSS 7, priority critical) è pubblicamente divulgato. Vettore AV:P indica requisito di accesso fisico al dispositivo. L'assenza di autenticazione (PR:N) per una funzione critica comporta impatto C:H/I:H/A:H. Colpisce Windows 10 (1607–22H2), Windows 11 (23H2–26H1), Windows Server 2012 R2–2025.
Tra le CVE a priority critical senza zero-day, le più rilevanti per vettore di attacco remoto senza autenticazione e senza interazione utente (AV:N/AC:L/PR:N/UI:N) con CVSS 10 sono: CVE-2026-26142 (Nuance PowerScribe RCE, CWE-502, EPSS 59° percentile), CVE-2026-44815 (DHCP Client RCE, CWE-121), CVE-2026-47291 (HTTP.sys RCE, integer overflow, EPSS 39° percentile), CVE-2026-45657 (Windows Kernel RCE, use-after-free). CVE-2026-42904 (TCP/IP EoP, CVSS 10, CWE-122, S:C) è sfruttabile da rete adiacente (AV:A) con scope Changed, impatto esteso oltre il processo corrente.
CVE-2026-45591 (ASP.NET Core DoS, CWE-400, CVSS 8) presenta EPSS all'82.5° percentile, il valore più elevato del bollettino tra le CVE non zero-day, con vettore AV:N/AC:L/PR:N/UI:N.
CVE-2026-45484 (SharePoint EoP, CWE-502 deserialization, CVSS 9, EPSS 72° percentile, priority critical) ha l'EPSS più elevato tra le CVE SharePoint. CVE-2026-47298 (SharePoint RCE, CWE-285, CVSS 8) richiede PR:L e UI:R.
Le vulnerabilità Secure Boot/UEFI/Boot Manager (CVE-2026-45588, CVE-2026-45654, CVE-2026-45656, CVE-2026-47656, CVE-2026-48568, CVE-2026-48570, CVE-2026-48573, CVE-2026-48575, CVE-2026-48576, CVE-2026-48578) colpiscono trasversalmente Windows 10/11 e Windows Server 2012–2025. CVE-2026-48573 e CVE-2026-48576 (CWE-1329, reliance on non-updateable component) presentano EPSS al 55.7° percentile. CVE-2026-48570 riporta E:P nel vettore CVSS (proof-of-concept pubblico disponibile).
CVE-2026-45586 è pubblicamente sfruttata. CVE-2026-50507 e CVE-2026-49160 sono pubblicamente divulgate prima della patch. CVE-2026-48570 presenta proof-of-concept pubblico (E:P nel vettore CVSS). Nessuna delle CVE del bollettino risulta nel catalogo CISA KEV.
CVE
| CVE | CVSS | EPSS | priority |
|---|---|---|---|
| CVE-2026-26142 | 3.1: 10.0 | 0.373% | 59.43% | critical |
| CVE-2026-45484 | 3.1: 9.0 | 0.682% | 72.09% | critical |
| CVE-2026-47291 | 3.1: 10.0 | 0.182% | 39.77% | critical |
| CVE-2026-45591 | 3.1: 8.0 | 1.663% | 82.47% | critical |
| CVE-2026-49160 | 3.1: 8.0 | 1.231% | 79.57% | critical |
| CVE-2026-45657 | 3.1: 10.0 | 0.124% | 31.13% | critical |
| CVE-2026-47643 | 3.1: 10.0 | 0.122% | 30.92% | critical |
| CVE-2026-42904 | 3.1: 10.0 | 0.106% | 28.17% | critical |
| CVE-2026-48567 | 3.1: 10.0 | 0.093% | 26.10% | critical |
| CVE-2026-44815 | 3.1: 10.0 | 0.091% | 25.71% | critical |
| CVE-2026-45635 | 3.1: 8.0 | 0.361% | 58.63% | critical |
| CVE-2026-48573 | 3.1: 8.0 | 0.323% | 55.74% | critical |
| CVE-2026-48576 | 3.1: 8.0 | 0.323% | 55.74% | critical |
| CVE-2026-47281 | 3.1: 10.0 | 0.076% | 22.87% | critical |
| CVE-2026-48579 | 3.1: 9.0 | 0.097% | 26.69% | critical |
| CVE-2026-44823 | 3.1: 8.0 | 0.182% | 39.69% | critical |
| CVE-2026-45648 | 3.1: 9.0 | 0.085% | 24.58% | critical |
| CVE-2026-42835 | 3.1: 8.0 | 0.163% | 37.05% | critical |
| CVE-2026-47292 | 3.1: 8.0 | 0.157% | 36.29% | critical |
| CVE-2026-45456 | 3.1: 8.0 | 0.150% | 35.32% | critical |
| CVE-2026-45641 | 3.1: 8.0 | 0.150% | 35.32% | critical |
| CVE-2026-42985 | 3.1: 9.0 | 0.078% | 23.35% | critical |
| CVE-2026-47289 | 3.1: 9.0 | 0.078% | 23.35% | critical |
| CVE-2026-47653 | 3.1: 9.0 | 0.078% | 23.35% | critical |
| CVE-2026-44817 | 3.1: 8.0 | 0.149% | 35.16% | critical |
| CVE-2026-33828 | 3.1: 8.0 | 0.149% | 35.16% | critical |
| CVE-2026-40404 | 3.1: 8.0 | 0.149% | 35.16% | critical |
| CVE-2026-40409 | 3.1: 8.0 | 0.149% | 35.16% | critical |
| CVE-2026-45600 | 3.1: 8.0 | 0.149% | 35.16% | critical |
| CVE-2026-40371 | 3.1: 9.0 | 0.078% | 23.25% | critical |
| CVE-2026-45504 | 3.1: 9.0 | 0.078% | 23.25% | critical |
| CVE-2026-47288 | 3.1: 7.0 | 0.322% | 55.66% | critical |
| CVE-2026-45602 | 3.1: 9.0 | 0.070% | 21.67% | critical |
| CVE-2026-32193 | 3.1: 9.0 | 0.067% | 20.86% | critical |
| CVE-2026-48565 | 3.1: 8.0 | 0.122% | 30.87% | critical |
| CVE-2026-45586 | 3.1: 8.0 | 0.117% | 30.10% | critical |
| CVE-2026-45636 | 3.1: 8.0 | 0.117% | 30.02% | critical |
| CVE-2026-42980 | 3.1: 8.0 | 0.110% | 28.97% | critical |
| CVE-2026-44803 | 3.1: 8.0 | 0.100% | 27.19% | critical |
| CVE-2026-44812 | 3.1: 8.0 | 0.100% | 27.19% | critical |
| CVE-2026-45469 | 3.1: 8.0 | 0.100% | 27.19% | critical |
| CVE-2026-41098 | 3.1: 8.0 | 0.094% | 26.22% | critical |
| CVE-2026-42974 | 3.1: 8.0 | 0.091% | 25.75% | critical |
| CVE-2026-42981 | 3.1: 8.0 | 0.091% | 25.75% | critical |
| CVE-2026-40376 | 3.1: 8.0 | 0.091% | 25.69% | critical |
| CVE-2026-42989 | 3.1: 8.0 | 0.090% | 25.52% | critical |
| CVE-2026-44811 | 3.1: 8.0 | 0.088% | 25.24% | critical |
| CVE-2026-42987 | 3.1: 8.0 | 0.086% | 24.83% | critical |
| CVE-2026-45599 | 3.1: 8.0 | 0.086% | 24.83% | critical |
| CVE-2026-45588 | 3.1: 8.0 | 0.085% | 24.66% | critical |
| CVE-2026-47656 | 3.1: 8.0 | 0.085% | 24.66% | critical |
| CVE-2026-48568 | 3.1: 8.0 | 0.085% | 24.66% | critical |
| CVE-2026-48570 | 3.1: 8.0 | 0.085% | 24.66% | critical |
| CVE-2026-48575 | 3.1: 8.0 | 0.085% | 24.66% | critical |
| CVE-2026-42903 | 3.1: 7.0 | 0.177% | 39.08% | critical |
| CVE-2026-45463 | 3.1: 8.0 | 0.083% | 24.16% | critical |
| CVE-2026-45644 | 3.1: 8.0 | 0.082% | 24.07% | critical |
| CVE-2026-42916 | 3.1: 8.0 | 0.082% | 24.02% | critical |
| CVE-2026-45592 | 3.1: 8.0 | 0.082% | 24.02% | critical |
| CVE-2026-45593 | 3.1: 8.0 | 0.082% | 24.02% | critical |
| CVE-2026-42908 | 3.1: 8.0 | 0.081% | 23.81% | critical |
| CVE-2026-45639 | 3.1: 8.0 | 0.081% | 23.81% | critical |
| CVE-2026-42905 | 3.1: 8.0 | 0.080% | 23.68% | critical |
| CVE-2026-42986 | 3.1: 8.0 | 0.080% | 23.68% | critical |
| CVE-2026-44819 | 3.1: 8.0 | 0.079% | 23.41% | critical |
| CVE-2026-44820 | 3.1: 8.0 | 0.079% | 23.41% | critical |
| CVE-2026-44824 | 3.1: 8.0 | 0.079% | 23.41% | critical |
| CVE-2026-45457 | 3.1: 8.0 | 0.079% | 23.41% | critical |
| CVE-2026-45471 | 3.1: 8.0 | 0.079% | 23.41% | critical |
| CVE-2026-45475 | 3.1: 8.0 | 0.079% | 23.41% | critical |
| CVE-2026-45486 | 3.1: 8.0 | 0.079% | 23.41% | critical |
| CVE-2026-45643 | 3.1: 8.0 | 0.079% | 23.41% | critical |
| CVE-2026-45645 | 3.1: 8.0 | 0.079% | 23.41% | critical |
| CVE-2026-48574 | 3.1: 8.0 | 0.079% | 23.41% | critical |
| CVE-2026-45656 | 3.1: 8.0 | 0.078% | 23.28% | critical |
| CVE-2026-45497 | 3.1: 8.0 | 0.078% | 23.21% | critical |
| CVE-2026-45583 | 3.1: 8.0 | 0.076% | 22.86% | critical |
| CVE-2026-42992 | 3.1: 8.0 | 0.074% | 22.48% | critical |
| CVE-2026-42993 | 3.1: 8.0 | 0.074% | 22.48% | critical |
| CVE-2026-44799 | 3.1: 8.0 | 0.074% | 22.48% | critical |
| CVE-2026-44801 | 3.1: 8.0 | 0.074% | 22.48% | critical |
| CVE-2026-47654 | 3.1: 8.0 | 0.074% | 22.48% | critical |
| CVE-2026-48563 | 3.1: 8.0 | 0.074% | 22.48% | critical |
| CVE-2026-45454 | 3.1: 7.0 | 0.149% | 35.19% | critical |
| CVE-2026-42907 | 3.1: 7.0 | 0.148% | 35.13% | critical |
| CVE-2026-47298 | 3.1: 8.0 | 0.072% | 21.92% | critical |
| CVE-2026-44822 | 3.1: 8.0 | 0.070% | 21.67% | critical |
| CVE-2026-45476 | 3.1: 8.0 | 0.068% | 21.19% | critical |
| CVE-2026-47652 | 3.1: 8.0 | 0.068% | 21.19% | critical |
| CVE-2026-45482 | 3.1: 8.0 | 0.068% | 21.00% | critical |
| CVE-2026-42909 | 3.1: 8.0 | 0.067% | 20.85% | critical |
| CVE-2026-47631 | 3.1: 8.0 | 0.065% | 20.25% | critical |
| CVE-2026-47655 | 3.1: 7.0 | 0.122% | 30.89% | critical |
| CVE-2026-45654 | 3.1: 8.0 | 0.061% | 19.18% | critical |
| CVE-2026-48578 | 3.1: 8.0 | 0.061% | 19.18% | critical |
| CVE-2026-45458 | 3.1: 8.0 | 0.060% | 19.04% | critical |
| CVE-2026-45461 | 3.1: 8.0 | 0.060% | 19.04% | critical |
| CVE-2026-45472 | 3.1: 8.0 | 0.060% | 19.04% | critical |
| CVE-2026-45474 | 3.1: 8.0 | 0.060% | 19.04% | critical |
| CVE-2026-45607 | 3.1: 8.0 | 0.060% | 19.04% | critical |
| CVE-2026-47635 | 3.1: 8.0 | 0.060% | 19.04% | critical |
| CVE-2026-45503 | 3.1: 8.0 | 0.060% | 19.01% | critical |
| CVE-2026-42828 | 3.1: 8.0 | 0.060% | 18.89% | critical |
| CVE-2026-42837 | 3.1: 8.0 | 0.060% | 18.89% | critical |
| CVE-2026-42910 | 3.1: 8.0 | 0.060% | 18.89% | critical |
| CVE-2026-42983 | 3.1: 8.0 | 0.060% | 18.89% | critical |
| CVE-2026-44802 | 3.1: 8.0 | 0.060% | 18.89% | critical |
| CVE-2026-44804 | 3.1: 8.0 | 0.060% | 18.89% | critical |
| CVE-2026-44807 | 3.1: 8.0 | 0.060% | 18.89% | critical |
| CVE-2026-44808 | 3.1: 8.0 | 0.060% | 18.89% | critical |
| CVE-2026-44809 | 3.1: 8.0 | 0.060% | 18.89% | critical |
| CVE-2026-44813 | 3.1: 8.0 | 0.060% | 18.89% | critical |
| CVE-2026-45605 | 3.1: 8.0 | 0.060% | 18.89% | critical |
| CVE-2026-45637 | 3.1: 8.0 | 0.060% | 18.89% | critical |
| CVE-2026-45638 | 3.1: 8.0 | 0.060% | 18.89% | critical |
| CVE-2026-48583 | 3.1: 8.0 | 0.060% | 18.89% | critical |
| CVE-2026-47648 | 3.1: 7.0 | 0.110% | 29.02% | critical |
| CVE-2026-44810 | 3.1: 8.0 | 0.058% | 18.53% | critical |
| CVE-2026-45501 | 3.1: 7.0 | 0.104% | 27.81% | critical |
| CVE-2026-47284 | 3.1: 7.0 | 0.103% | 27.65% | critical |
| CVE-2026-50507 | 3.1: 7.0 | 0.099% | 27.11% | critical |
| CVE-2026-41092 | 3.1: 8.0 | 0.055% | 17.47% | critical |
| CVE-2026-42829 | 3.1: 8.0 | 0.055% | 17.47% | critical |
| CVE-2026-42902 | 3.1: 8.0 | 0.055% | 17.47% | critical |
| CVE-2026-45490 | 3.1: 8.0 | 0.055% | 17.47% | critical |
| CVE-2026-45658 | 3.1: 8.0 | 0.055% | 17.47% | critical |
| CVE-2026-45487 | 3.1: 8.0 | 0.054% | 17.17% | critical |
| CVE-2026-42913 | 3.1: 8.0 | 0.051% | 16.34% | critical |
| CVE-2026-42915 | 3.1: 6.0 | 0.207% | 43.19% | critical |
| CVE-2026-48569 | 3.1: 7.0 | 0.083% | 24.23% | critical |
| CVE-2026-42977 | 3.1: 8.0 | 0.049% | 15.78% | critical |
| CVE-2026-42979 | 3.1: 8.0 | 0.049% | 15.78% | critical |
| CVE-2026-42991 | 3.1: 8.0 | 0.049% | 15.78% | critical |
| CVE-2026-50508 | 3.1: 7.0 | 0.076% | 22.78% | critical |
| CVE-2026-42824 | 3.1: 7.0 | 0.072% | 21.93% | critical |
| CVE-2026-47644 | 3.1: 7.0 | 0.072% | 21.93% | critical |
| CVE-2026-45481 | 3.1: 7.0 | 0.064% | 20.10% | critical |
| CVE-2026-47634 | 3.1: 7.0 | 0.064% | 20.10% | critical |
| CVE-2026-48560 | 3.1: 5.0 | 0.469% | 64.98% | critical |
| CVE-2026-42969 | 3.1: 6.0 | 0.127% | 31.62% | critical |
| CVE-2026-47287 | 3.1: 7.0 | 0.059% | 18.80% | critical |
| CVE-2026-49161 | 3.1: 8.0 | 0.040% | 12.61% | critical |
| CVE-2026-34335 | 3.1: 7.0 | 0.055% | 17.43% | high |
| CVE-2026-42911 | 3.1: 7.0 | 0.055% | 17.43% | high |
| CVE-2026-42984 | 3.1: 7.0 | 0.055% | 17.43% | high |
| CVE-2026-45640 | 3.1: 7.0 | 0.055% | 17.43% | high |
| CVE-2026-45653 | 3.1: 7.0 | 0.055% | 17.43% | high |
| CVE-2026-47293 | 3.1: 7.0 | 0.055% | 17.43% | high |
| CVE-2026-42978 | 3.1: 8.0 | 0.038% | 11.64% | high |
| CVE-2026-45649 | 3.1: 7.0 | 0.052% | 16.68% | high |
| CVE-2026-45596 | 3.1: 7.0 | 0.049% | 15.78% | high |
| CVE-2026-45597 | 3.1: 7.0 | 0.049% | 15.78% | high |
| CVE-2026-45598 | 3.1: 7.0 | 0.049% | 15.78% | high |
| CVE-2026-45601 | 3.1: 7.0 | 0.049% | 15.78% | high |
| CVE-2026-45603 | 3.1: 7.0 | 0.049% | 15.78% | high |
| CVE-2026-45491 | 3.1: 6.0 | 0.092% | 25.80% | high |
| CVE-2025-10263 | 3.1: 9.0 | 0.026% | 7.92% | high |
| CVE-2026-45608 | 3.1: 7.0 | 0.049% | 15.64% | high |
| CVE-2026-42906 | 3.1: 6.0 | 0.070% | 21.53% | high |
| CVE-2026-42970 | 3.1: 6.0 | 0.070% | 21.53% | high |
| CVE-2026-42971 | 3.1: 6.0 | 0.070% | 21.53% | high |
| CVE-2026-42972 | 3.1: 6.0 | 0.070% | 21.53% | high |
| CVE-2026-42973 | 3.1: 6.0 | 0.070% | 21.53% | high |
| CVE-2026-45594 | 3.1: 6.0 | 0.070% | 21.53% | high |
| CVE-2026-41108 | 3.1: 7.0 | 0.042% | 13.08% | high |
| CVE-2026-44818 | 3.1: 7.0 | 0.041% | 12.75% | high |
| CVE-2026-45500 | 3.1: 6.0 | 0.059% | 18.65% | high |
| CVE-2026-44821 | 3.1: 6.0 | 0.058% | 18.51% | high |
| CVE-2026-42836 | 3.1: 7.0 | 0.038% | 11.64% | high |
| CVE-2026-42912 | 3.1: 7.0 | 0.038% | 11.64% | high |
| CVE-2026-42968 | 3.1: 6.0 | 0.051% | 16.29% | high |
| CVE-2026-44814 | 3.1: 6.0 | 0.051% | 16.29% | high |
| CVE-2026-45604 | 3.1: 6.0 | 0.051% | 16.29% | high |
| CVE-2026-45634 | 3.1: 6.0 | 0.051% | 16.29% | high |
| CVE-2026-48566 | 3.1: 6.0 | 0.051% | 16.29% | high |
| CVE-2026-44805 | 3.1: 6.0 | 0.051% | 16.29% | high |
| CVE-2026-45606 | 3.1: 6.0 | 0.051% | 16.29% | high |
| CVE-2026-45647 | 3.1: 6.0 | 0.050% | 15.99% | high |
| CVE-2026-47641 | 3.1: 5.0 | 0.091% | 25.74% | high |
| CVE-2026-45595 | 3.1: 5.0 | 0.082% | 24.05% | high |
| CVE-2026-45655 | 3.1: 5.0 | 0.076% | 22.77% | high |
| CVE-2026-45502 | 3.1: 5.0 | 0.062% | 19.65% | high |
| CVE-2026-42914 | 3.1: 5.0 | 0.061% | 19.24% | high |
| CVE-2026-33113 | 3.1: 5.0 | 0.059% | 18.65% | high |
| CVE-2026-45453 | 3.1: 5.0 | 0.059% | 18.65% | high |
| CVE-2026-45464 | 3.1: 5.0 | 0.059% | 18.65% | high |
| CVE-2026-45465 | 3.1: 5.0 | 0.059% | 18.65% | high |
| CVE-2026-47636 | 3.1: 5.0 | 0.059% | 18.65% | high |
| CVE-2026-47639 | 3.1: 5.0 | 0.059% | 18.65% | high |
| CVE-2026-45462 | 3.1: 5.0 | 0.058% | 18.50% | high |
| CVE-2026-45467 | 3.1: 5.0 | 0.058% | 18.50% | high |
| CVE-2026-45468 | 3.1: 5.0 | 0.058% | 18.50% | high |
| CVE-2026-45479 | 3.1: 5.0 | 0.058% | 18.50% | high |
| CVE-2026-45483 | 3.1: 5.0 | 0.058% | 18.50% | high |
| CVE-2026-47637 | 3.1: 5.0 | 0.058% | 18.50% | high |
| CVE-2026-47638 | 3.1: 5.0 | 0.058% | 18.50% | high |
| CVE-2026-47640 | 3.1: 5.0 | 0.058% | 18.50% | high |
| CVE-2026-48562 | 3.1: 5.0 | 0.058% | 18.50% | high |
| CVE-2026-45460 | 3.1: 5.0 | 0.053% | 17.05% | high |
| CVE-2026-45642 | 3.1: 4.0 | 0.106% | 28.24% | medium |
| CVE-2026-45650 | 3.1: 4.0 | 0.077% | 23.01% | medium |
| CVE-2026-45459 | 3.1: 3.0 | 0.057% | 18.00% | medium |
| CVE-2026-45455 | 3.1: 3.0 | 0.054% | 17.09% | medium |
| CVE-2026-45466 | 3.1: 3.0 | 0.054% | 17.09% | medium |
| CVE-2026-45485 | 3.1: 3.0 | 0.054% | 17.09% | medium |
| CVE-2026-8863 | 3.1: 8.0 | 0.005% | 0.27% | low |
NOTA: Le vulnerabilità sono ordinate per priorità operativa, calcolata combinando la gravità teorica (CVSS) con la probabilità reale di sfruttamento (EPSS).
tipi di attacco
| CWE | descrizione |
|---|---|
| CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
| CWE-400 | Uncontrolled Resource Consumption |
| CWE-306 | Missing Authentication for Critical Function |
| CWE-73 | External Control of File Name or Path |
| CWE-502 | Deserialization of Untrusted Data |
| CWE-121 | Stack-based Buffer Overflow |
| CWE-122 | Heap-based Buffer Overflow |
| CWE-285 | Improper Authorization |
| CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
| CWE-280 | Improper Handling of Insufficient Permissions or Privileges |
| CWE-918 | Server-Side Request Forgery (SSRF) |
| CWE-416 | Use After Free |
| CWE-79 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| CWE-843 | Access of Resource Using Incompatible Type ('Type Confusion') |
| CWE-287 | Improper Authentication |
| CWE-125 | Out-of-bounds Read |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-190 | Integer Overflow or Wraparound |
| CWE-191 | Integer Underflow (Wrap or Wraparound) |
| CWE-693 | Protection Mechanism Failure |
| CWE-284 | Improper Access Control |
| CWE-1329 | Reliance on Component That is Not Updateable |
| CWE-501 | Trust Boundary Violation |
| CWE-822 | Untrusted Pointer Dereference |
| CWE-787 | Out-of-bounds Write |
| CWE-426 | Untrusted Search Path |
| CWE-367 | Time-of-check Time-of-use (TOCTOU) Race Condition |
| CWE-126 | Buffer Over-read |
| CWE-362 | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
| CWE-197 | Numeric Truncation Error |
| CWE-77 | Improper Neutralization of Special Elements used in a Command ('Command Injection') |
| CWE-94 | Improper Control of Generation of Code ('Code Injection') |
| CWE-20 | Improper Input Validation |
| CWE-200 | Exposure of Sensitive Information to an Unauthorized Actor |
| CWE-23 | Relative Path Traversal |
| CWE-476 | NULL Pointer Dereference |
| CWE-131 | Incorrect Calculation of Buffer Size |
| CWE-908 | Use of Uninitialized Resource |
| CWE-451 | User Interface (UI) Misrepresentation of Critical Information |
| CWE-290 | Authentication Bypass by Spoofing |
prodotti impattati
| vendor | prodotto & versioni |
|---|---|
| microsoft |
azure horizondb
|