VYPR

Windows Server 2019

by Microsoft

CVEs (3,629)

  • CVE-2026-27928HigApr 14, 2026
    risk 0.57cvss 8.7epss 0.00

    Improper input validation in Windows Hello allows an unauthorized attacker to bypass a security feature over a network.

  • CVE-2026-26178HigApr 14, 2026
    risk 0.57cvss 8.8epss 0.00

    Integer size truncation in Windows Advanced Rasterization Platform (WARP) allows an unauthorized attacker to elevate privileges locally.

  • CVE-2026-26167HigApr 14, 2026
    risk 0.57cvss 8.8epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

  • CVE-2018-8413HigOct 10, 2018
    risk 0.57cvss 7.8epss 0.46

    A remote code execution vulnerability exists when "Windows Theme API" does not properly decompress files, aka "Windows Theme API Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2012,…

  • CVE-2026-45607HigJun 9, 2026
    risk 0.55cvss 8.4epss 0.00

    Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.

  • CVE-2026-32162HigApr 14, 2026
    risk 0.55cvss 8.4epss 0.02

    Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate privileges locally.

  • CVE-2026-32091HigApr 14, 2026
    risk 0.55cvss 8.4epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.

  • CVE-2018-8490HigOct 10, 2018
    risk 0.55cvss 8.4epss 0.04

    A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10,…

  • CVE-2018-8489HigOct 10, 2018
    risk 0.55cvss 8.4epss 0.04

    A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2,…

  • CVE-2018-8411HigOct 10, 2018
    risk 0.54cvss 7.8epss 0.03

    An elevation of privilege vulnerability exists when NTFS improperly checks access, aka "NTFS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows…

  • CVE-2026-45635HigJun 9, 2026
    risk 0.53cvss 8.1epss 0.01

    Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.

  • CVE-2026-45599HigJun 9, 2026
    risk 0.53cvss 8.1epss 0.01

    Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.

  • CVE-2026-42987HigJun 9, 2026
    risk 0.53cvss 8.1epss 0.01

    Use after free in Windows Deployment Services allows an unauthorized attacker to execute code over a network.

  • CVE-2026-33827HigApr 14, 2026
    risk 0.53cvss 8.1epss 0.01

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network.

  • CVE-2018-8423HigOct 10, 2018
    risk 0.53cvss 7.8epss 0.33

    A remote code execution vulnerability exists in the Microsoft JET Database Engine, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server…

  • CVE-2026-33826HigApr 14, 2026
    risk 0.52cvss 8.0epss 0.01

    Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network.

  • CVE-2026-27912HigApr 14, 2026
    risk 0.52cvss 8.0epss 0.00

    Improper authorization in Windows Kerberos allows an authorized attacker to elevate privileges over an adjacent network.

  • CVE-2026-20931HigJan 13, 2026
    risk 0.52cvss 8.0epss 0.01

    External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network.

  • CVE-2018-8432HigOct 10, 2018
    risk 0.52cvss 7.8epss 0.20

    A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Remote Code Execution Vulnerability." This affects Windows 7, Microsoft Office, Microsoft Office Word Viewer, Office 365…

  • CVE-2026-48583HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

Page 2 of 182