VYPR

Vendor CVEs

Microsoft

All CVEs

14,318 total · sorted by risk
  • CVE-2026-33837HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.02

    Heap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

  • CVE-2026-33835HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.02

    Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

  • CVE-2026-33834HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Improper access control in Windows Event Logging Service allows an authorized attacker to elevate privileges locally.

  • CVE-2026-41134HigApr 22, 2026
    risk 0.51cvss 7.8epss 0.00

    Kiota is an OpenAPI based HTTP Client code generator. Versions prior to 1.31.1 are affected by a code-generation literal injection vulnerability in multiple writer sinks (for example: serialization/deserialization keys, path/query parameter mappings, URL template metadata,…

  • CVE-2026-33101HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.

  • CVE-2026-33098HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Windows Container Isolation FS Filter Driver allows an authorized attacker to elevate privileges locally.

  • CVE-2026-33095HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

  • CVE-2026-32222HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Untrusted pointer dereference in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

  • CVE-2026-32200HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.

  • CVE-2026-32199HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  • CVE-2026-32198HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  • CVE-2026-32197HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  • CVE-2026-32192HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.02

    Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.

  • CVE-2026-32189HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  • CVE-2026-32184HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.02

    Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an authorized attacker to elevate privileges locally.

  • CVE-2026-32183HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.01

    Improper neutralization of special elements used in a command ('command injection') in Windows Snipping Tool allows an unauthorized attacker to execute code locally.

  • CVE-2026-32168HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Improper input validation in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.

  • CVE-2026-32165HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Windows User Interface Core allows an authorized attacker to elevate privileges locally.

  • CVE-2026-32164HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.

  • CVE-2026-32163HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.

  • CVE-2026-32160HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

  • CVE-2026-32159HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

  • CVE-2026-32158HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

  • CVE-2026-32155HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.

  • CVE-2026-32154HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.

  • CVE-2026-32153HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.

  • CVE-2026-32152HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.

  • CVE-2026-32090HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally.

  • CVE-2026-32089HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally.

  • CVE-2026-32078HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.

  • CVE-2026-32077HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.

  • CVE-2026-32076HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Out-of-bounds read in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.

  • CVE-2026-32074HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally.

  • CVE-2026-32069HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally.

  • CVE-2026-27927HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Projected File System allows an authorized attacker to elevate privileges locally.

  • CVE-2026-27924HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.

  • CVE-2026-27923HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.

  • CVE-2026-27920HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.

  • CVE-2026-27919HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.

  • CVE-2026-27918HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally.

  • CVE-2026-27916HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.

  • CVE-2026-27915HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.

  • CVE-2026-27914HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.03

    Improper access control in Microsoft Management Console allows an authorized attacker to elevate privileges locally.

  • CVE-2026-27911HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.

  • CVE-2026-27910HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Improper handling of insufficient permissions or privileges in Windows Installer allows an authorized attacker to elevate privileges locally.

  • CVE-2026-27909HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.02

    Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally.

  • CVE-2026-27907HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Integer underflow (wrap or wraparound) in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.

  • CVE-2026-26184HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.

  • CVE-2026-26183HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Improper access control in Windows RPC API allows an authorized attacker to elevate privileges locally.

  • CVE-2026-26181HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.

Page 58 of 287