| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-40367 | Hig | 0.55 | 8.4 | 0.00 | May 12, 2026 | Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-40366 | Hig | 0.55 | 8.4 | 0.00 | May 12, 2026 | Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-40365 | Hig | 0.57 | 8.8 | 0.01 | May 12, 2026 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||
| CVE-2026-40364 | Hig | 0.55 | 8.4 | 0.04 | May 12, 2026 | Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-40363 | Hig | 0.55 | 8.4 | 0.00 | May 12, 2026 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-40362 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-40361 | Hig | 0.55 | 8.4 | 0.01 | May 12, 2026 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-40360 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | ||
| CVE-2026-40359 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-40358 | Hig | 0.55 | 8.4 | 0.00 | May 12, 2026 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-40357 | Hig | 0.57 | 8.8 | 0.02 | May 12, 2026 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||
| CVE-2026-35439 | Hig | 0.57 | 8.8 | 0.02 | May 12, 2026 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||
| CVE-2026-35438 | Hig | 0.54 | 8.3 | 0.01 | May 12, 2026 | Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2026-35436 | Hig | 0.57 | 8.8 | 0.00 | May 12, 2026 | Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-35433 | Hig | 0.47 | 7.3 | 0.01 | May 12, 2026 | Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally. | ||
| CVE-2026-35424 | Hig | 0.49 | 7.5 | 0.01 | May 12, 2026 | Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network. | ||
| CVE-2026-35421 | Hig | 0.51 | 7.8 | 0.01 | May 12, 2026 | Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-35420 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-35418 | — | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. | |
| CVE-2026-35417 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-35416 | Hig | 0.46 | 7.0 | 0.02 | May 12, 2026 | Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-35415 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Integer overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-34687 | — | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Illustrator versions 29.8.6, 30.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious… | |
| CVE-2026-34676 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Substance3D - Painter versions 12.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious… | ||
| CVE-2026-34675 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Substance3D - Painter versions 12.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious… | ||
| CVE-2026-34661 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Illustrator versions 29.8.6, 30.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||
| CVE-2026-34644 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | After Effects versions 26.0, 25.6.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a… | ||
| CVE-2026-34643 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | After Effects versions 26.0, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||
| CVE-2026-34642 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | After Effects versions 26.0, 25.6.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a… | ||
| CVE-2026-34640 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a… | ||
| CVE-2026-34639 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious… | ||
| CVE-2026-34638 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||
| CVE-2026-34637 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious… | ||
| CVE-2026-34636 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious… | ||
| CVE-2026-34351 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-34347 | Hig | 0.46 | 7.0 | 0.00 | May 12, 2026 | Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-34345 | Hig | 0.46 | 7.0 | 0.00 | May 12, 2026 | Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-34344 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-34343 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Heap-based buffer overflow in Windows Application Identity (AppID) Subsystem allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-34342 | Hig | 0.46 | 7.0 | 0.00 | May 12, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-34341 | Hig | 0.46 | 7.0 | 0.00 | May 12, 2026 | Double free in Windows Link-Layer Discovery Protocol (LLDP) allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-34340 | Hig | 0.46 | 7.0 | 0.00 | May 12, 2026 | Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-34338 | — | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally. | |
| CVE-2026-34337 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-34336 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-34334 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-34333 | — | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | |
| CVE-2026-34332 | Hig | 0.52 | 8.0 | 0.01 | May 12, 2026 | Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network. | ||
| CVE-2026-34331 | Hig | 0.46 | 7.0 | 0.00 | May 12, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-34330 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. |
- risk 0.55cvss 8.4epss 0.00
Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.4epss 0.00
Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- risk 0.57cvss 8.8epss 0.01
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- risk 0.55cvss 8.4epss 0.04
Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.4epss 0.00
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.4epss 0.01
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.4epss 0.00
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.57cvss 8.8epss 0.02
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.02
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- risk 0.54cvss 8.3epss 0.01
Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
- risk 0.57cvss 8.8epss 0.00
Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
- risk 0.47cvss 7.3epss 0.01
Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.
- risk 0.49cvss 7.5epss 0.01
Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network.
- risk 0.51cvss 7.8epss 0.01
Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.02
Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Integer overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Illustrator versions 29.8.6, 30.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious…
- risk 0.51cvss 7.8epss 0.00
Substance3D - Painter versions 12.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious…
- risk 0.51cvss 7.8epss 0.00
Substance3D - Painter versions 12.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious…
- risk 0.51cvss 7.8epss 0.00
Illustrator versions 29.8.6, 30.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
- risk 0.51cvss 7.8epss 0.00
After Effects versions 26.0, 25.6.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…
- risk 0.51cvss 7.8epss 0.00
After Effects versions 26.0, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
- risk 0.51cvss 7.8epss 0.00
After Effects versions 26.0, 25.6.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…
- risk 0.51cvss 7.8epss 0.00
Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…
- risk 0.51cvss 7.8epss 0.00
Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious…
- risk 0.51cvss 7.8epss 0.00
Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
- risk 0.51cvss 7.8epss 0.00
Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious…
- risk 0.51cvss 7.8epss 0.00
Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious…
- risk 0.51cvss 7.8epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Heap-based buffer overflow in Windows Application Identity (AppID) Subsystem allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Double free in Windows Link-Layer Discovery Protocol (LLDP) allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
- risk 0.52cvss 8.0epss 0.01
Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network.
- risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.