VYPR

Vendor CVEs

Microsoft

All CVEs

14,318 total · sorted by risk
  • CVE-2026-42986HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.02

    Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

  • CVE-2026-42983HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

  • CVE-2026-42980HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.06

    Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.

  • CVE-2026-42979HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

  • CVE-2026-42978HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

  • CVE-2026-42977HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

  • CVE-2026-42916HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.

  • CVE-2026-42910HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Out-of-bounds write in Windows Hotpatch Monitoring Service allows an authorized attacker to elevate privileges locally.

  • CVE-2026-42905HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.02

    Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

  • CVE-2026-42902HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Improper authorization in Microsoft PowerToys allows an authorized attacker to elevate privileges locally.

  • CVE-2026-42837HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.

  • CVE-2026-42829HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Improper access control in Windows Administrator Protection allows an authorized attacker to bypass a security feature locally.

  • CVE-2026-42828HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.

  • CVE-2026-41092HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Improper access control in Microsoft Kinect allows an authorized attacker to elevate privileges locally.

  • CVE-2026-40409HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability

  • CVE-2026-40404HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability

  • CVE-2026-33828HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Trust boundary violation in Windows Attestation allows an authorized attacker to elevate privileges locally.

  • CVE-2026-45322HigMay 27, 2026
    risk 0.51cvss 7.8epss 0.02

    Microsoft UFO open-source framework for intelligent automation across devices and platforms. Microsoft UFO tagged releases up to and including v3.0.0 contain an OS command injection vulnerability in the shell action replay path. In affected releases, ShellReceiver.run_shell()…

  • CVE-2026-42834HigMay 20, 2026
    risk 0.51cvss 7.8epss 0.00

    Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

  • CVE-2026-42896HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

  • CVE-2026-42831HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

  • CVE-2026-41611HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Improper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthorized attacker to execute code locally.

  • CVE-2026-41088HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

  • CVE-2026-40419HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

  • CVE-2026-40418HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

  • CVE-2026-40417HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally.

  • CVE-2026-40408HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.

  • CVE-2026-40407HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

  • CVE-2026-40399HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

  • CVE-2026-40397HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

  • CVE-2026-40382HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

  • CVE-2026-40381HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.

  • CVE-2026-40377HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.

  • CVE-2026-40369HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.05

    Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

  • CVE-2026-40362HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  • CVE-2026-40360HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

  • CVE-2026-40359HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  • CVE-2026-35421HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.01

    Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally.

  • CVE-2026-35420HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

  • CVE-2026-35417HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

  • CVE-2026-35415HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Integer overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.

  • CVE-2026-34351HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

  • CVE-2026-34344HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

  • CVE-2026-34343HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap-based buffer overflow in Windows Application Identity (AppID) Subsystem allows an authorized attacker to elevate privileges locally.

  • CVE-2026-34337HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

  • CVE-2026-34336HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

  • CVE-2026-34330HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

  • CVE-2026-33841HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

  • CVE-2026-33840HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.02

    Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

  • CVE-2026-33838HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Double free in Windows Message Queuing allows an authorized attacker to elevate privileges locally.

Page 57 of 287