Vendor CVEs
Microsoft
All CVEs
14,318 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42986 | Hig | 0.51 | 7.8 | 0.02 | Jun 9, 2026 | Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-42983 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-42980 | Hig | 0.51 | 7.8 | 0.06 | Jun 9, 2026 | Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-42979 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-42978 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-42977 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-42916 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-42910 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Out-of-bounds write in Windows Hotpatch Monitoring Service allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-42905 | Hig | 0.51 | 7.8 | 0.02 | Jun 9, 2026 | Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-42902 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Improper authorization in Microsoft PowerToys allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-42837 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-42829 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Improper access control in Windows Administrator Protection allows an authorized attacker to bypass a security feature locally. | ||
| CVE-2026-42828 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-41092 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Improper access control in Microsoft Kinect allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-40409 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability | ||
| CVE-2026-40404 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability | ||
| CVE-2026-33828 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Trust boundary violation in Windows Attestation allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-45322 | Hig | 0.51 | 7.8 | 0.02 | May 27, 2026 | Microsoft UFO open-source framework for intelligent automation across devices and platforms. Microsoft UFO tagged releases up to and including v3.0.0 contain an OS command injection vulnerability in the shell action replay path. In affected releases, ShellReceiver.run_shell()… | ||
| CVE-2026-42834 | Hig | 0.51 | 7.8 | 0.00 | May 20, 2026 | Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2026-42896 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-42831 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-41611 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Improper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-41088 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-40419 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-40418 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-40417 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-40408 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-40407 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-40399 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-40397 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-40382 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-40381 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-40377 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-40369 | Hig | 0.51 | 7.8 | 0.05 | May 12, 2026 | Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-40362 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-40360 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | ||
| CVE-2026-40359 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-35421 | Hig | 0.51 | 7.8 | 0.01 | May 12, 2026 | Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-35420 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-35417 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-35415 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Integer overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-34351 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-34344 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-34343 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Heap-based buffer overflow in Windows Application Identity (AppID) Subsystem allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-34337 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-34336 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-34330 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-33841 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-33840 | Hig | 0.51 | 7.8 | 0.02 | May 12, 2026 | Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-33838 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Double free in Windows Message Queuing allows an authorized attacker to elevate privileges locally. |
- risk 0.51cvss 7.8epss 0.02
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.06
Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Out-of-bounds write in Windows Hotpatch Monitoring Service allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.02
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Improper authorization in Microsoft PowerToys allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Improper access control in Windows Administrator Protection allows an authorized attacker to bypass a security feature locally.
- risk 0.51cvss 7.8epss 0.00
Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Improper access control in Microsoft Kinect allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.00
Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.00
Trust boundary violation in Windows Attestation allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.02
Microsoft UFO open-source framework for intelligent automation across devices and platforms. Microsoft UFO tagged releases up to and including v3.0.0 contain an OS command injection vulnerability in the shell action replay path. In affected releases, ShellReceiver.run_shell()…
- risk 0.51cvss 7.8epss 0.00
Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
- risk 0.51cvss 7.8epss 0.00
Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Improper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.05
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.01
Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Integer overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Heap-based buffer overflow in Windows Application Identity (AppID) Subsystem allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.02
Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Double free in Windows Message Queuing allows an authorized attacker to elevate privileges locally.
Page 57 of 287