VYPR

Windows 10 1809

by Microsoft

CVEs (3,332)

  • CVE-2026-33829MedApr 14, 2026
    risk 0.31cvss 4.3epss 0.03

    Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2026-26175MedApr 14, 2026
    risk 0.30cvss 4.6epss 0.00

    Use of uninitialized resource in Windows Boot Manager allows an unauthorized attacker to bypass a security feature with a physical attack.

  • CVE-2026-20928MedApr 14, 2026
    risk 0.30cvss 4.6epss 0.00

    Improper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an unauthorized attacker to bypass a security feature with a physical attack.

  • CVE-2026-32209MedMay 12, 2026
    risk 0.29cvss 4.4epss 0.00

    Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally.

  • CVE-2021-40444KEVSep 15, 2021
    risk 0.29cvss epss 0.97

    Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents. An attacker…

  • CVE-2021-34527KEVJul 2, 2021
    risk 0.29cvss epss 1.00

    A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install…

  • CVE-2021-1675KEVJun 8, 2021
    risk 0.29cvss epss 0.86

    Windows Print Spooler Remote Code Execution Vulnerability

  • CVE-2017-0164MedApr 12, 2017
    risk 0.29cvss 4.4epss 0.04

    A denial of service vulnerability exists in Windows 10 1607 and Windows Server 2016 Active Directory when an authenticated attacker sends malicious search queries, aka "Active Directory Denial of Service Vulnerability."

  • CVE-2017-0154MedMar 17, 2017
    risk 0.29cvss 4.4epss 0.11

    Microsoft Internet Explorer 11 on Windows 10, 1511, and 1606 and Windows Server 2016 does not enforce cross-domain policies, allowing attackers to access information from one domain and inject it into another via a crafted application, aka, "Internet Explorer Elevation of…

  • CVE-2022-30190KEVJun 1, 2022
    risk 0.28cvss epss 0.99

    A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then…

  • CVE-2021-40449KEVOct 13, 2021
    risk 0.28cvss epss 0.73

    Win32k Elevation of Privilege Vulnerability

  • CVE-2021-1732KEVFeb 25, 2021
    risk 0.28cvss epss 0.78

    Windows Win32k Elevation of Privilege Vulnerability

  • CVE-2017-11794MedOct 13, 2017
    risk 0.28cvss 4.3epss 0.05

    Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8726…

  • CVE-2024-21338KEVFeb 13, 2024
    risk 0.27cvss epss 0.52

    Windows Kernel Elevation of Privilege Vulnerability

  • CVE-2022-21999KEVFeb 9, 2022
    risk 0.27cvss epss 0.42

    Windows Print Spooler Elevation of Privilege Vulnerability

  • CVE-2024-21412KEVFeb 13, 2024
    risk 0.26cvss epss 0.95

    Internet Shortcut Files Security Feature Bypass Vulnerability

  • CVE-2023-28252KEVApr 11, 2023
    risk 0.26cvss epss 0.49

    Windows Common Log File System Driver Elevation of Privilege Vulnerability

  • CVE-2026-45642LowJun 9, 2026
    risk 0.25cvss 3.9epss 0.00

    Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.

  • CVE-2025-26633KEVMar 11, 2025
    risk 0.25cvss epss 0.32

    Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.

  • CVE-2024-30088KEVJun 11, 2024
    risk 0.25cvss epss 0.68

    Windows Kernel Elevation of Privilege Vulnerability

Page 14 of 167