Windows
by Microsoft
CVEs (2,526)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2011-2016 | Hig | 0.48 | 7.3 | 0.08 | Nov 8, 2011 | Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as… | ||
| CVE-2010-3957 | Hig | 0.48 | 7.3 | 0.02 | Dec 16, 2010 | Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka… | ||
| CVE-2023-36399 | Hig | 0.47 | 7.1 | 0.08 | Nov 14, 2023 | Windows Storage Elevation of Privilege Vulnerability | ||
| CVE-2023-36584 | Med | 0.47 | 5.4 | 0.03 | KEV | Oct 10, 2023 | Windows Mark of the Web Security Feature Bypass Vulnerability | |
| CVE-2022-41049 | Med | 0.47 | 5.4 | 0.02 | KEV | Nov 9, 2022 | Windows Mark of the Web Security Feature Bypass Vulnerability | |
| CVE-2019-1252 | Med | 0.47 | 6.5 | 0.61 | Sep 11, 2019 | An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1286. | ||
| CVE-2017-11823 | Med | 0.47 | 6.7 | 0.03 | Oct 13, 2017 | The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Microsoft Windows Security Feature Bypass". | ||
| CVE-2016-3319 | Hig | 0.47 | 7.0 | 0.19 | Aug 9, 2016 | The PDF library in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allows remote attackers to execute arbitrary code via a crafted PDF file, aka "Microsoft PDF Remote Code Execution Vulnerability." | ||
| CVE-2026-27929 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Time-of-check time-of-use (toctou) race condition in Windows LUAFV allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-27922 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-26165 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Use after free in Windows Shell allows an authorized attacker to elevate privileges locally. | ||
| CVE-2024-6768 | Med | 0.46 | — | 0.03 | Aug 12, 2024 | A Denial of Service in CLFS.sys in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated low-privilege user to cause a Blue Screen of Death via a forced call to the KeBugCheckEx function. | ||
| CVE-2023-36046 | Hig | 0.46 | 7.1 | 0.01 | Nov 14, 2023 | Windows Authentication Denial of Service Vulnerability | ||
| CVE-2023-29364 | Hig | 0.46 | 7.0 | 0.00 | Jun 14, 2023 | Windows Authentication Elevation of Privilege Vulnerability | ||
| CVE-2023-28216 | Hig | 0.46 | 7.0 | 0.00 | Apr 11, 2023 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | ||
| CVE-2023-21532 | Hig | 0.46 | 7.0 | 0.00 | Jan 10, 2023 | Windows GDI Elevation of Privilege Vulnerability | ||
| CVE-2022-44669 | Hig | 0.46 | 7.0 | 0.00 | Dec 13, 2022 | Windows Error Reporting Elevation of Privilege Vulnerability | ||
| CVE-2022-38029 | Hig | 0.46 | 7.0 | 0.01 | Oct 11, 2022 | Windows ALPC Elevation of Privilege Vulnerability | ||
| CVE-2022-38027 | Hig | 0.46 | 7.0 | 0.00 | Oct 11, 2022 | Windows Storage Elevation of Privilege Vulnerability | ||
| CVE-2022-34725 | Hig | 0.46 | 7.0 | 0.05 | Sep 13, 2022 | Windows ALPC Elevation of Privilege Vulnerability |
- risk 0.48cvss 7.3epss 0.08
Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as…
- risk 0.48cvss 7.3epss 0.02
Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka…
- risk 0.47cvss 7.1epss 0.08
Windows Storage Elevation of Privilege Vulnerability
- risk 0.47cvss 5.4epss 0.03
Windows Mark of the Web Security Feature Bypass Vulnerability
- risk 0.47cvss 5.4epss 0.02
Windows Mark of the Web Security Feature Bypass Vulnerability
- risk 0.47cvss 6.5epss 0.61
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1286.
- risk 0.47cvss 6.7epss 0.03
The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Microsoft Windows Security Feature Bypass".
- risk 0.47cvss 7.0epss 0.19
The PDF library in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allows remote attackers to execute arbitrary code via a crafted PDF file, aka "Microsoft PDF Remote Code Execution Vulnerability."
- risk 0.46cvss 7.0epss 0.00
Time-of-check time-of-use (toctou) race condition in Windows LUAFV allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Shell allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss —epss 0.03
A Denial of Service in CLFS.sys in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated low-privilege user to cause a Blue Screen of Death via a forced call to the KeBugCheckEx function.
- risk 0.46cvss 7.1epss 0.01
Windows Authentication Denial of Service Vulnerability
- risk 0.46cvss 7.0epss 0.00
Windows Authentication Elevation of Privilege Vulnerability
- risk 0.46cvss 7.0epss 0.00
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
- risk 0.46cvss 7.0epss 0.00
Windows GDI Elevation of Privilege Vulnerability
- risk 0.46cvss 7.0epss 0.00
Windows Error Reporting Elevation of Privilege Vulnerability
- risk 0.46cvss 7.0epss 0.01
Windows ALPC Elevation of Privilege Vulnerability
- risk 0.46cvss 7.0epss 0.00
Windows Storage Elevation of Privilege Vulnerability
- risk 0.46cvss 7.0epss 0.05
Windows ALPC Elevation of Privilege Vulnerability
Page 57 of 127