CVEs

351,818 total · page 29 of 7,037

CVE	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2026-40405	Hig	0.49	7.5	0.00	May 12, 2026	Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network.
CVE-2026-40403	Hig	0.57	8.8	0.00	May 12, 2026	Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally.
CVE-2026-40402	Cri	0.60	9.3	0.00	May 12, 2026	Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.
CVE-2026-40401	Hig	0.46	7.1	0.00	May 12, 2026	Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service locally.
CVE-2026-40399	Hig	0.51	7.8	0.00	May 12, 2026	Stack-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CVE-2026-40398	Hig	0.51	7.8	0.00	May 12, 2026	Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
CVE-2026-40397	Hig	0.51	7.8	0.00	May 12, 2026	Integer underflow (wrap or wraparound) in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-40382	Hig	0.51	7.8	0.00	May 12, 2026	Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
CVE-2026-40381	Hig	0.51	7.8	0.00	May 12, 2026	Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-40380	Med	0.40	6.2	0.00	May 12, 2026	Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack.
CVE-2026-40379	Cri	0.60	9.3	0.00	May 12, 2026	Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-40377	Hig	0.51	7.8	0.00	May 12, 2026	Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.
CVE-2026-40374	Med	0.42	6.5	0.00	May 12, 2026	Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network.
CVE-2026-40370	Hig	0.57	8.8	0.00	May 12, 2026	External control of file name or path in SQL Server allows an authorized attacker to execute code over a network.
CVE-2026-40369	Hig	0.51	7.8	0.00	May 12, 2026	Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-40368	Hig	0.52	8.0	0.00	May 12, 2026	Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-40367	Hig	0.55	8.4	0.00	May 12, 2026	Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-40366	Hig	0.55	8.4	0.00	May 12, 2026	Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-40365	Hig	0.57	8.8	0.00	May 12, 2026	Insufficient granularity of access control in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-40364	Hig	0.55	8.4	0.00	May 12, 2026	Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-40363	Hig	0.55	8.4	0.00	May 12, 2026	Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-40362	Hig	0.51	7.8	0.00	May 12, 2026	Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-40361	Hig	0.55	8.4	0.00	May 12, 2026	Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-40360	Hig	0.51	7.8	0.00	May 12, 2026	Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-40359	Hig	0.51	7.8	0.00	May 12, 2026	Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-40358	Hig	0.55	8.4	0.00	May 12, 2026	Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-40357	Hig	0.57	8.8	0.01	May 12, 2026	Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-35440	Med	0.36	5.5	0.00	May 12, 2026	Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2026-35439	Hig	0.57	8.8	0.01	May 12, 2026	Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-35438	Hig	0.54	8.3	0.00	May 12, 2026	Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
CVE-2026-35436	Hig	0.57	8.8	0.00	May 12, 2026	Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
CVE-2026-35433	Hig	0.47	7.3	0.00	May 12, 2026	Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally.
CVE-2026-35429	Med	0.28	4.3	0.00	May 12, 2026	User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-35424	Hig	0.49	7.5	0.00	May 12, 2026	Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network.
CVE-2026-35423	Med	0.35	5.4	0.00	May 12, 2026	Out-of-bounds read in Telnet Client allows an unauthorized attacker to disclose information over a network.
CVE-2026-35422	Med	0.42	6.5	0.00	May 12, 2026	Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized attacker to bypass a security feature over a network.
CVE-2026-35421	Hig	0.51	7.8	0.00	May 12, 2026	Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally.
CVE-2026-35420	Hig	0.51	7.8	0.00	May 12, 2026	Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-35419	Med	0.36	5.5	0.00	May 12, 2026	Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
CVE-2026-35418	Hig	0.51	7.8	0.00	May 12, 2026	Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-35417	Hig	0.51	7.8	0.00	May 12, 2026	Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
CVE-2026-35416	Hig	0.46	7.0	0.00	May 12, 2026	Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-35415	Hig	0.51	7.8	0.00	May 12, 2026	Integer overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.
CVE-2026-34687	Hig	0.51	7.8	0.00	May 12, 2026	Illustrator versions 29.8.6, 30.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-34676	Hig	0.51	7.8	0.00	May 12, 2026	Substance3D - Painter versions 12.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-34675	Hig	0.51	7.8	0.00	May 12, 2026	Substance3D - Painter versions 12.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-34663	Med	0.36	5.5	0.00	May 12, 2026	Illustrator versions 29.8.6, 30.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-34662	Med	0.36	5.5	0.00	May 12, 2026	Illustrator versions 29.8.6, 30.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-34661	Hig	0.51	7.8	0.00	May 12, 2026	Illustrator versions 29.8.6, 30.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-34644	Hig	0.51	7.8	0.00	May 12, 2026	After Effects versions 26.0, 25.6.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2026-40405HigMay 12, 2026
risk 0.49cvss 7.5epss 0.00
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network.
CVE-2026-40403HigMay 12, 2026
risk 0.57cvss 8.8epss 0.00
Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally.
CVE-2026-40402CriMay 12, 2026
risk 0.60cvss 9.3epss 0.00
Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.
CVE-2026-40401HigMay 12, 2026
risk 0.46cvss 7.1epss 0.00
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service locally.
CVE-2026-40399HigMay 12, 2026
risk 0.51cvss 7.8epss 0.00
Stack-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CVE-2026-40398HigMay 12, 2026
risk 0.51cvss 7.8epss 0.00
Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
CVE-2026-40397HigMay 12, 2026
risk 0.51cvss 7.8epss 0.00
Integer underflow (wrap or wraparound) in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-40382HigMay 12, 2026
risk 0.51cvss 7.8epss 0.00
Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
CVE-2026-40381HigMay 12, 2026
risk 0.51cvss 7.8epss 0.00
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-40380MedMay 12, 2026
risk 0.40cvss 6.2epss 0.00
Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack.
CVE-2026-40379CriMay 12, 2026
risk 0.60cvss 9.3epss 0.00
Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-40377HigMay 12, 2026
risk 0.51cvss 7.8epss 0.00
Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.
CVE-2026-40374MedMay 12, 2026
risk 0.42cvss 6.5epss 0.00
Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network.
CVE-2026-40370HigMay 12, 2026
risk 0.57cvss 8.8epss 0.00
External control of file name or path in SQL Server allows an authorized attacker to execute code over a network.
CVE-2026-40369HigMay 12, 2026
risk 0.51cvss 7.8epss 0.00
Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-40368HigMay 12, 2026
risk 0.52cvss 8.0epss 0.00
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-40367HigMay 12, 2026
risk 0.55cvss 8.4epss 0.00
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-40366HigMay 12, 2026
risk 0.55cvss 8.4epss 0.00
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-40365HigMay 12, 2026
risk 0.57cvss 8.8epss 0.00
Insufficient granularity of access control in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-40364HigMay 12, 2026
risk 0.55cvss 8.4epss 0.00
Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-40363HigMay 12, 2026
risk 0.55cvss 8.4epss 0.00
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-40362HigMay 12, 2026
risk 0.51cvss 7.8epss 0.00
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-40361HigMay 12, 2026
risk 0.55cvss 8.4epss 0.00
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-40360HigMay 12, 2026
risk 0.51cvss 7.8epss 0.00
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-40359HigMay 12, 2026
risk 0.51cvss 7.8epss 0.00
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-40358HigMay 12, 2026
risk 0.55cvss 8.4epss 0.00
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-40357HigMay 12, 2026
risk 0.57cvss 8.8epss 0.01
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-35440MedMay 12, 2026
risk 0.36cvss 5.5epss 0.00
Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2026-35439HigMay 12, 2026
risk 0.57cvss 8.8epss 0.01
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-35438HigMay 12, 2026
risk 0.54cvss 8.3epss 0.00
Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
CVE-2026-35436HigMay 12, 2026
risk 0.57cvss 8.8epss 0.00
Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
CVE-2026-35433HigMay 12, 2026
risk 0.47cvss 7.3epss 0.00
Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally.
CVE-2026-35429MedMay 12, 2026
risk 0.28cvss 4.3epss 0.00
User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-35424HigMay 12, 2026
risk 0.49cvss 7.5epss 0.00
Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network.
CVE-2026-35423MedMay 12, 2026
risk 0.35cvss 5.4epss 0.00
Out-of-bounds read in Telnet Client allows an unauthorized attacker to disclose information over a network.
CVE-2026-35422MedMay 12, 2026
risk 0.42cvss 6.5epss 0.00
Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized attacker to bypass a security feature over a network.
CVE-2026-35421HigMay 12, 2026
risk 0.51cvss 7.8epss 0.00
Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally.
CVE-2026-35420HigMay 12, 2026
risk 0.51cvss 7.8epss 0.00
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-35419MedMay 12, 2026
risk 0.36cvss 5.5epss 0.00
Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
CVE-2026-35418HigMay 12, 2026
risk 0.51cvss 7.8epss 0.00
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-35417HigMay 12, 2026
risk 0.51cvss 7.8epss 0.00
Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
CVE-2026-35416HigMay 12, 2026
risk 0.46cvss 7.0epss 0.00
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-35415HigMay 12, 2026
risk 0.51cvss 7.8epss 0.00
Integer overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.
CVE-2026-34687HigMay 12, 2026
risk 0.51cvss 7.8epss 0.00
Illustrator versions 29.8.6, 30.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-34676HigMay 12, 2026
risk 0.51cvss 7.8epss 0.00
Substance3D - Painter versions 12.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-34675HigMay 12, 2026
risk 0.51cvss 7.8epss 0.00
Substance3D - Painter versions 12.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-34663MedMay 12, 2026
risk 0.36cvss 5.5epss 0.00
Illustrator versions 29.8.6, 30.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-34662MedMay 12, 2026
risk 0.36cvss 5.5epss 0.00
Illustrator versions 29.8.6, 30.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-34661HigMay 12, 2026
risk 0.51cvss 7.8epss 0.00
Illustrator versions 29.8.6, 30.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-34644HigMay 12, 2026
risk 0.51cvss 7.8epss 0.00
After Effects versions 26.0, 25.6.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.