By weakness (CWE)
CWE-822: related vulnerabilities
CVEs classified under CWE-822. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
4 published vulnerabilities
- CVE-2026-45471HIGH 7.8
A vulnerability in Microsoft Office Word allows an attacker to execute arbitrary code on a victim's computer by exploiting improper handling of pointers in memory. An attacker would need to trick a user into opening a malicious Word document; once opened, the flaw enables local code execution with the privileges of the logged-in user. This is a local attack that requires user interaction but poses significant risk to confidentiality, integrity, and availability of the affected system.
- CVE-2026-45643HIGH 7.8
Microsoft Office Word contains a vulnerability where untrusted data is dereferenced as a pointer without proper validation, allowing an attacker to execute arbitrary code on a system where Word is installed. The attack requires user interaction—specifically opening a malicious document—but does not require elevated privileges. This is a local code execution issue affecting multiple versions of Microsoft Office and Microsoft 365 Apps.
- CVE-2026-45645HIGH 7.8
CVE-2026-45645 is a high-severity memory safety vulnerability in Microsoft Office that enables local code execution. An attacker who gains access to a user's system can craft a malicious Office document that, when opened by the user, exploits improper pointer handling to run arbitrary code with the privileges of the person viewing the file. This requires user interaction (opening a document) but no special permissions to trigger.
- CVE-2026-44805MEDIUM 5.5
A use-after-free vulnerability exists in Windows Network Controller Host Agent that allows a logged-in user to crash or hang the affected service, disrupting network configuration and management capabilities. The attacker must already have local user privileges on the system to exploit this flaw. While this is not currently known to be exploited in the wild, it represents a local denial-of-service risk that can render critical network infrastructure management unavailable.