Windows Server 2019
by Microsoft
CVEs (3,629)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-33742 | 0.18 | — | 0.59 | KEV | Jun 8, 2021 | Windows MSHTML Platform Remote Code Execution Vulnerability | ||
| CVE-2025-30397 | 0.17 | — | 0.22 | KEV | May 13, 2025 | Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network. | ||
| CVE-2024-38213 | 0.17 | — | 0.13 | KEV | Aug 13, 2024 | Windows Mark of the Web Security Feature Bypass Vulnerability | ||
| CVE-2024-29988 | 0.17 | — | 0.45 | KEV | Apr 9, 2024 | SmartScreen Prompt Security Feature Bypass Vulnerability | ||
| CVE-2022-26904 | 0.17 | — | 0.10 | KEV | Apr 15, 2022 | Windows User Profile Service Elevation of Privilege Vulnerability | ||
| CVE-2025-24054 | 0.16 | — | 0.59 | KEV | Mar 11, 2025 | External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network. | ||
| CVE-2024-43572 | 0.16 | — | 0.61 | KEV | Oct 8, 2024 | Microsoft Management Console Remote Code Execution Vulnerability | ||
| CVE-2021-28310 | 0.16 | — | 0.08 | KEV | Apr 13, 2021 | Win32k Elevation of Privilege Vulnerability | ||
| CVE-2025-62215 | 0.15 | — | 0.06 | KEV | Nov 11, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||
| CVE-2023-32046 | 0.15 | — | 0.09 | KEV | Jul 11, 2023 | Windows MSHTML Platform Elevation of Privilege Vulnerability | ||
| CVE-2022-41128 | 0.15 | — | 0.25 | KEV | Nov 9, 2022 | Windows Scripting Languages Remote Code Execution Vulnerability | ||
| CVE-2022-26925 | 0.15 | — | 0.10 | KEV | May 10, 2022 | Windows LSA Spoofing Vulnerability | ||
| CVE-2021-34486 | 0.15 | — | 0.07 | KEV | Aug 12, 2021 | Windows Event Tracing Elevation of Privilege Vulnerability | ||
| CVE-2026-21513 | 0.14 | — | 0.15 | KEV | Feb 10, 2026 | Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network. | ||
| CVE-2026-21533 | 0.14 | — | 0.04 | KEV | Feb 10, 2026 | Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally. | ||
| CVE-2024-38178 | 0.14 | — | 0.39 | KEV | Aug 13, 2024 | Scripting Engine Memory Corruption Vulnerability | ||
| CVE-2024-30040 | 0.14 | — | 0.04 | KEV | May 14, 2024 | Windows MSHTML Platform Security Feature Bypass Vulnerability | ||
| CVE-2023-29360 | 0.14 | — | 0.22 | KEV | Jun 13, 2023 | Microsoft Streaming Service Elevation of Privilege Vulnerability | ||
| CVE-2023-21674 | 0.14 | — | 0.42 | KEV | Jan 10, 2023 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | ||
| CVE-2020-17087 | 0.14 | — | 0.05 | KEV | Nov 11, 2020 | Windows Kernel Local Elevation of Privilege Vulnerability |
- risk 0.18cvss —epss 0.59
Windows MSHTML Platform Remote Code Execution Vulnerability
- risk 0.17cvss —epss 0.22
Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.
- risk 0.17cvss —epss 0.13
Windows Mark of the Web Security Feature Bypass Vulnerability
- risk 0.17cvss —epss 0.45
SmartScreen Prompt Security Feature Bypass Vulnerability
- risk 0.17cvss —epss 0.10
Windows User Profile Service Elevation of Privilege Vulnerability
- risk 0.16cvss —epss 0.59
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
- risk 0.16cvss —epss 0.61
Microsoft Management Console Remote Code Execution Vulnerability
- risk 0.16cvss —epss 0.08
Win32k Elevation of Privilege Vulnerability
- risk 0.15cvss —epss 0.06
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.
- risk 0.15cvss —epss 0.09
Windows MSHTML Platform Elevation of Privilege Vulnerability
- risk 0.15cvss —epss 0.25
Windows Scripting Languages Remote Code Execution Vulnerability
- risk 0.15cvss —epss 0.10
Windows LSA Spoofing Vulnerability
- risk 0.15cvss —epss 0.07
Windows Event Tracing Elevation of Privilege Vulnerability
- risk 0.14cvss —epss 0.15
Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.
- risk 0.14cvss —epss 0.04
Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
- risk 0.14cvss —epss 0.39
Scripting Engine Memory Corruption Vulnerability
- risk 0.14cvss —epss 0.04
Windows MSHTML Platform Security Feature Bypass Vulnerability
- risk 0.14cvss —epss 0.22
Microsoft Streaming Service Elevation of Privilege Vulnerability
- risk 0.14cvss —epss 0.42
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
- risk 0.14cvss —epss 0.05
Windows Kernel Local Elevation of Privilege Vulnerability
Page 17 of 182