VYPR

Windows 11 24h2

by Microsoft

CVEs (1,332)

  • CVE-2026-26159HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally.

  • CVE-2026-26156HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap-based buffer overflow in Windows Hyper-V allows an unauthorized attacker to execute code locally.

  • CVE-2026-26153HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Out-of-bounds read in Windows Encrypting File System (EFS) allows an authorized attacker to elevate privileges locally.

  • CVE-2026-20930HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.

  • CVE-2026-26128HigMar 10, 2026
    risk 0.51cvss 7.8epss 0.00

    Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally.

  • CVE-2026-25187HigMar 10, 2026
    risk 0.51cvss 7.8epss 0.03

    Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.

  • CVE-2026-20864HigJan 13, 2026
    risk 0.51cvss 7.8epss 0.01

    Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.

  • CVE-2026-20817HigJan 13, 2026
    risk 0.51cvss 7.8epss 0.05

    Improper handling of insufficient permissions or privileges in Windows Error Reporting allows an authorized attacker to elevate privileges locally.

  • CVE-2025-30388HigMay 13, 2025
    risk 0.51cvss 7.8epss 0.03

    Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.

  • CVE-2025-21338HigJan 14, 2025
    risk 0.51cvss 7.8epss 0.00

    GDI+ Remote Code Execution Vulnerability

  • CVE-2013-3900MedKEVDec 11, 2013
    risk 0.51cvss 5.5epss 0.45

    Why is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update the Security Updates table and to inform customers that the EnableCertPaddingCheck is available in all currently supported versions of Windows 10 and Windows…

  • CVE-2026-48563HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.01

    Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

  • CVE-2026-44801HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

  • CVE-2026-42993HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

  • CVE-2026-42992HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

  • CVE-2026-42909HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

  • CVE-2026-40406HigMay 12, 2026
    risk 0.49cvss 7.5epss 0.01

    Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.

  • CVE-2026-40405HigMay 12, 2026
    risk 0.49cvss 7.5epss 0.01

    Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network.

  • CVE-2026-35424HigMay 12, 2026
    risk 0.49cvss 7.5epss 0.01

    Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network.

  • CVE-2026-33096HigApr 14, 2026
    risk 0.49cvss 7.5epss 0.01

    Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to deny service over a network.

Page 8 of 67