Windows
by Microsoft
CVEs (2,494)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-36399 | Hig | 0.47 | 7.1 | 0.08 | Nov 14, 2023 | Windows Storage Elevation of Privilege Vulnerability | ||
| CVE-2023-36584 | Med | 0.47 | 5.4 | 0.03 | KEV | Oct 10, 2023 | Windows Mark of the Web Security Feature Bypass Vulnerability | |
| CVE-2022-41049 | Med | 0.47 | 5.4 | 0.02 | KEV | Nov 9, 2022 | Windows Mark of the Web Security Feature Bypass Vulnerability | |
| CVE-2019-1252 | Med | 0.47 | 6.5 | 0.59 | Sep 11, 2019 | An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1286. | ||
| CVE-2017-11823 | Med | 0.47 | 6.7 | 0.03 | Oct 13, 2017 | The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Microsoft Windows Security Feature Bypass". | ||
| CVE-2016-3319 | Hig | 0.47 | 7.0 | 0.19 | Aug 9, 2016 | The PDF library in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allows remote attackers to execute arbitrary code via a crafted PDF file, aka "Microsoft PDF Remote Code Execution Vulnerability." | ||
| CVE-2026-27929 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Time-of-check time-of-use (toctou) race condition in Windows LUAFV allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-27922 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-26165 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Use after free in Windows Shell allows an authorized attacker to elevate privileges locally. | ||
| CVE-2024-6768 | Med | 0.46 | — | 0.03 | Aug 12, 2024 | A Denial of Service in CLFS.sys in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated low-privilege user to cause a Blue Screen of Death via a forced call to the KeBugCheckEx function. | ||
| CVE-2023-36046 | Hig | 0.46 | 7.1 | 0.01 | Nov 14, 2023 | Windows Authentication Denial of Service Vulnerability | ||
| CVE-2023-29364 | Hig | 0.46 | 7.0 | 0.00 | Jun 14, 2023 | Windows Authentication Elevation of Privilege Vulnerability | ||
| CVE-2023-28216 | Hig | 0.46 | 7.0 | 0.00 | Apr 11, 2023 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | ||
| CVE-2023-21532 | Hig | 0.46 | 7.0 | 0.00 | Jan 10, 2023 | Windows GDI Elevation of Privilege Vulnerability | ||
| CVE-2022-44669 | Hig | 0.46 | 7.0 | 0.00 | Dec 13, 2022 | Windows Error Reporting Elevation of Privilege Vulnerability | ||
| CVE-2022-38029 | Hig | 0.46 | 7.0 | 0.01 | Oct 11, 2022 | Windows ALPC Elevation of Privilege Vulnerability | ||
| CVE-2022-38027 | Hig | 0.46 | 7.0 | 0.00 | Oct 11, 2022 | Windows Storage Elevation of Privilege Vulnerability | ||
| CVE-2022-34725 | Hig | 0.46 | 7.0 | 0.05 | Sep 13, 2022 | Windows ALPC Elevation of Privilege Vulnerability | ||
| CVE-2022-30224 | Hig | 0.46 | 7.0 | 0.00 | Jul 12, 2022 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | ||
| CVE-2022-30202 | Hig | 0.46 | 7.0 | 0.04 | Jul 12, 2022 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability |
- risk 0.47cvss 7.1epss 0.08
Windows Storage Elevation of Privilege Vulnerability
- risk 0.47cvss 5.4epss 0.03
Windows Mark of the Web Security Feature Bypass Vulnerability
- risk 0.47cvss 5.4epss 0.02
Windows Mark of the Web Security Feature Bypass Vulnerability
- risk 0.47cvss 6.5epss 0.59
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1286.
- risk 0.47cvss 6.7epss 0.03
The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Microsoft Windows Security Feature Bypass".
- risk 0.47cvss 7.0epss 0.19
The PDF library in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allows remote attackers to execute arbitrary code via a crafted PDF file, aka "Microsoft PDF Remote Code Execution Vulnerability."
- risk 0.46cvss 7.0epss 0.00
Time-of-check time-of-use (toctou) race condition in Windows LUAFV allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Shell allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss —epss 0.03
A Denial of Service in CLFS.sys in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated low-privilege user to cause a Blue Screen of Death via a forced call to the KeBugCheckEx function.
- risk 0.46cvss 7.1epss 0.01
Windows Authentication Denial of Service Vulnerability
- risk 0.46cvss 7.0epss 0.00
Windows Authentication Elevation of Privilege Vulnerability
- risk 0.46cvss 7.0epss 0.00
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
- risk 0.46cvss 7.0epss 0.00
Windows GDI Elevation of Privilege Vulnerability
- risk 0.46cvss 7.0epss 0.00
Windows Error Reporting Elevation of Privilege Vulnerability
- risk 0.46cvss 7.0epss 0.01
Windows ALPC Elevation of Privilege Vulnerability
- risk 0.46cvss 7.0epss 0.00
Windows Storage Elevation of Privilege Vulnerability
- risk 0.46cvss 7.0epss 0.05
Windows ALPC Elevation of Privilege Vulnerability
- risk 0.46cvss 7.0epss 0.00
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
- risk 0.46cvss 7.0epss 0.04
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
Page 56 of 125