Vendor CVEs
Windows
All CVEs
38 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-41089 | Cri | 0.64 | 9.8 | 0.72 | May 12, 2026 | Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-40408 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-26168 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-33100 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-33099 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-32082 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-27917 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Use after free in Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-26182 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-26177 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-26173 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-32216 | Med | 0.36 | 5.5 | 0.00 | Apr 14, 2026 | Null pointer dereference in Windows Redirected Drive Buffering allows an authorized attacker to deny service locally. | ||
| CVE-2024-31941 | Med | 0.35 | 5.4 | 0.00 | Apr 15, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in CodePeople CP Media Player.This issue affects CP Media Player: from n/a through 1.1.3. | ||
| CVE-2026-20928 | Med | 0.30 | 4.6 | 0.00 | Apr 14, 2026 | Improper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an unauthorized attacker to bypass a security feature with a physical attack. | ||
| CVE-2025-21418 | 0.13 | — | 0.01 | KEV | Feb 11, 2025 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | ||
| CVE-2025-32709 | 0.12 | — | 0.02 | KEV | May 13, 2025 | Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2023-21768 | 0.09 | — | 0.65 | Jan 10, 2023 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | |||
| CVE-2006-6601 | 0.04 | — | 0.17 | Dec 15, 2006 | Windows Media Player 10.00.00.4036 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a .MID (MIDI) file with a malformed header chunk without any track chunks, possibly involving (1) number of tracks of (2) time division fields… | |||
| CVE-2023-28218 | 0.02 | — | 0.12 | Apr 11, 2023 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | |||
| CVE-2021-38629 | 0.02 | — | 0.02 | Sep 15, 2021 | Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability | |||
| CVE-2009-4310 | 0.02 | — | 0.24 | Dec 13, 2009 | Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to… | |||
| CVE-2024-38141 | 0.01 | — | 0.04 | Aug 13, 2024 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | |||
| CVE-2022-24494 | 0.01 | — | 0.02 | Apr 15, 2022 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | |||
| CVE-2026-21241 | 0.00 | — | 0.02 | Feb 10, 2026 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-21236 | 0.00 | — | 0.00 | Feb 10, 2026 | Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-20860 | 0.00 | — | 0.08 | Jan 13, 2026 | Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-58714 | 0.00 | — | 0.00 | Oct 14, 2025 | Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-59242 | 0.00 | — | 0.00 | Oct 14, 2025 | Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-53137 | 0.00 | — | 0.00 | Aug 12, 2025 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-53134 | 0.00 | — | 0.00 | Aug 12, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | |||
| CVE-2024-43631 | 0.00 | — | 0.01 | Nov 12, 2024 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability | |||
| CVE-2024-43563 | 0.00 | — | 0.00 | Oct 8, 2024 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | |||
| CVE-2023-35632 | 0.00 | — | 0.07 | Dec 12, 2023 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | |||
| CVE-2022-30151 | 0.00 | — | 0.01 | Jun 15, 2022 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | |||
| CVE-2022-24507 | 0.00 | — | 0.04 | Mar 9, 2022 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | |||
| CVE-2021-43239 | 0.00 | — | 0.01 | Dec 15, 2021 | Windows Recovery Environment Agent Elevation of Privilege Vulnerability | |||
| CVE-2021-38638 | 0.00 | — | 0.00 | Sep 15, 2021 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | |||
| CVE-2021-38628 | 0.00 | — | 0.00 | Sep 15, 2021 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | |||
| CVE-2020-1587 | 0.00 | — | 0.01 | Aug 17, 2020 | An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted… |
- risk 0.64cvss 9.8epss 0.72
Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.
- risk 0.51cvss 7.8epss 0.00
Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.36cvss 5.5epss 0.00
Null pointer dereference in Windows Redirected Drive Buffering allows an authorized attacker to deny service locally.
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in CodePeople CP Media Player.This issue affects CP Media Player: from n/a through 1.1.3.
- risk 0.30cvss 4.6epss 0.00
Improper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an unauthorized attacker to bypass a security feature with a physical attack.
- risk 0.13cvss —epss 0.01
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
- risk 0.12cvss —epss 0.02
Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- CVE-2023-21768Jan 10, 2023risk 0.09cvss —epss 0.65
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
- CVE-2006-6601Dec 15, 2006risk 0.04cvss —epss 0.17
Windows Media Player 10.00.00.4036 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a .MID (MIDI) file with a malformed header chunk without any track chunks, possibly involving (1) number of tracks of (2) time division fields…
- CVE-2023-28218Apr 11, 2023risk 0.02cvss —epss 0.12
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
- CVE-2021-38629Sep 15, 2021risk 0.02cvss —epss 0.02
Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability
- CVE-2009-4310Dec 13, 2009risk 0.02cvss —epss 0.24
Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to…
- CVE-2024-38141Aug 13, 2024risk 0.01cvss —epss 0.04
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
- CVE-2022-24494Apr 15, 2022risk 0.01cvss —epss 0.02
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
- CVE-2026-21241Feb 10, 2026risk 0.00cvss —epss 0.02
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- CVE-2026-21236Feb 10, 2026risk 0.00cvss —epss 0.00
Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- CVE-2026-20860Jan 13, 2026risk 0.00cvss —epss 0.08
Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- CVE-2025-58714Oct 14, 2025risk 0.00cvss —epss 0.00
Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- CVE-2025-59242Oct 14, 2025risk 0.00cvss —epss 0.00
Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- CVE-2025-53137Aug 12, 2025risk 0.00cvss —epss 0.00
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- CVE-2025-53134Aug 12, 2025risk 0.00cvss —epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- CVE-2024-43631Nov 12, 2024risk 0.00cvss —epss 0.01
Windows Secure Kernel Mode Elevation of Privilege Vulnerability
- CVE-2024-43563Oct 8, 2024risk 0.00cvss —epss 0.00
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
- CVE-2023-35632Dec 12, 2023risk 0.00cvss —epss 0.07
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
- CVE-2022-30151Jun 15, 2022risk 0.00cvss —epss 0.01
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
- CVE-2022-24507Mar 9, 2022risk 0.00cvss —epss 0.04
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
- CVE-2021-43239Dec 15, 2021risk 0.00cvss —epss 0.01
Windows Recovery Environment Agent Elevation of Privilege Vulnerability
- CVE-2021-38638Sep 15, 2021risk 0.00cvss —epss 0.00
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
- CVE-2021-38628Sep 15, 2021risk 0.00cvss —epss 0.00
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
- CVE-2020-1587Aug 17, 2020risk 0.00cvss —epss 0.01
An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted…