VYPR

Windows 11 26h1

by Microsoft

CVEs (334)

  • CVE-2026-25180MedMar 10, 2026
    risk 0.36cvss 5.5epss 0.01

    Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attacker to disclose information locally.

  • CVE-2026-45595MedJun 9, 2026
    risk 0.35cvss 5.4epss 0.00

    Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network.

  • CVE-2026-35423MedMay 12, 2026
    risk 0.35cvss 5.4epss 0.01

    Out-of-bounds read in Telnet Client allows an unauthorized attacker to disclose information over a network.

  • CVE-2026-45655MedJun 9, 2026
    risk 0.34cvss 5.3epss 0.00

    Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

  • CVE-2026-42914MedJun 9, 2026
    risk 0.34cvss 5.3epss 0.01

    Windows Kerberos Denial of Service Vulnerability

  • CVE-2026-33829MedApr 14, 2026
    risk 0.31cvss 4.3epss 0.03

    Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2026-26175MedApr 14, 2026
    risk 0.30cvss 4.6epss 0.00

    Use of uninitialized resource in Windows Boot Manager allows an unauthorized attacker to bypass a security feature with a physical attack.

  • CVE-2026-20928MedApr 14, 2026
    risk 0.30cvss 4.6epss 0.00

    Improper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an unauthorized attacker to bypass a security feature with a physical attack.

  • CVE-2026-32209MedMay 12, 2026
    risk 0.29cvss 4.4epss 0.00

    Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally.

  • CVE-2026-32220MedApr 14, 2026
    risk 0.29cvss 4.4epss 0.00

    Improper access control in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.

  • CVE-2026-27906MedApr 14, 2026
    risk 0.29cvss 4.4epss 0.00

    Improper input validation in Windows Hello allows an authorized attacker to bypass a security feature locally.

  • CVE-2026-45642LowJun 9, 2026
    risk 0.25cvss 3.9epss 0.00

    Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.

  • CVE-2026-21513KEVFeb 10, 2026
    risk 0.14cvss epss 0.15

    Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.

  • CVE-2026-21533KEVFeb 10, 2026
    risk 0.14cvss epss 0.04

    Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

  • CVE-2026-21525KEVFeb 10, 2026
    risk 0.13cvss epss 0.05

    Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally.

  • CVE-2026-21510KEVFeb 10, 2026
    risk 0.12cvss epss 0.26

    Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

  • CVE-2026-21519KEVFeb 10, 2026
    risk 0.12cvss epss 0.02

    Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.

  • CVE-2026-21244Feb 10, 2026
    risk 0.03cvss epss 0.01

    Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.

  • CVE-2026-21250Feb 10, 2026
    risk 0.03cvss epss 0.01

    Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.

  • CVE-2026-21248Feb 10, 2026
    risk 0.03cvss epss 0.01

    Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.

Page 14 of 17