CVE-2026-40420 high 8.8
8.8
windows microsoft 25d ago
Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
CVE-2026-40419 high 7.8
7.8
windows microsoft 25d ago
Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
CVE-2026-40418 high 7.8
7.8
windows microsoft 25d ago
Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
CVE-2026-40417 high 7.8
7.8
windows microsoft 25d ago
Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally.
CVE-2026-40416 medium 4.3
4.3
windows microsoft 25d ago
User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-40415 high 8.1
8.1
FIX windows 25d ago
Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.
CVE-2026-40414 high 7.4
7.4
FIX windows 25d ago
Windows TCP/IP Denial of Service Vulnerability
CVE-2026-40413 high 7.4
7.4
FIX windows 25d ago
Windows TCP/IP Denial of Service Vulnerability
CVE-2026-40410 high 7.0
7.0
FIX windows 25d ago
Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally.
CVE-2026-40408 high 7.8
7.8
FIX windows 25d ago
Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.
CVE-2026-40407 high 7.8
7.8
FIX windows 25d ago
Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-40406 high 7.5
7.5
FIX windows 25d ago
Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.
CVE-2026-40405 high 7.5
7.5
FIX windows 25d ago
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network.
CVE-2026-40403 high 8.8
8.8
FIX windows 25d ago
Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally.
CVE-2026-40402 critical 9.3
9.3
FIX windows 25d ago
Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.
CVE-2026-40401 high 7.1
7.1
FIX windows 25d ago
Windows TCP/IP Denial of Service Vulnerability
CVE-2026-40399 high 7.8
7.8
FIX windows 25d ago
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CVE-2026-40398 high 7.8
7.8
FIX windows 25d ago
Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
CVE-2026-40397 high 7.8
7.8
FIX windows 25d ago
Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-40382 high 7.8
7.8
FIX windows 25d ago
Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
CVE-2026-40381 high 7.8
7.8
windows microsoft 25d ago
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-40380 medium 6.2
6.2
FIX windows 25d ago
Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack.
CVE-2026-40379 critical 9.3
9.3
windows microsoft 25d ago
Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-40377 high 7.8
7.8
FIX windows 25d ago
Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.
CVE-2026-40374 medium 6.5
6.5
windows microsoft 25d ago
Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network.
CVE-2026-40370 high 8.8
8.8
windows 25d ago
External control of file name or path in SQL Server allows an authorized attacker to execute code over a network.
CVE-2026-40369 high 7.8
7.8
FIX windows 25d ago
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-40368 high 8.0
8.0
windows microsoft 25d ago
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-40367 high 8.4
8.4
windows microsoft 25d ago
Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-40366 high 8.4
8.4
windows microsoft 25d ago
Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-40365 high 8.8
8.8
windows microsoft 25d ago
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-40364 high 8.4
8.4
windows microsoft 25d ago
Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-40363 high 8.4
8.4
windows microsoft 25d ago
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-40362 high 7.8
7.8
windows microsoft 25d ago
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-40361 high 8.4
8.4
windows microsoft 25d ago
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-40360 high 7.8
7.8
windows microsoft 25d ago
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-40359 high 7.8
7.8
windows microsoft 25d ago
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-40358 high 8.4
8.4
windows microsoft 25d ago
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-40357 high 8.8
8.8
windows microsoft 25d ago
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-35440 medium 5.5
5.5
windows microsoft 25d ago
Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2026-35439 high 8.8
8.8
windows microsoft 25d ago
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-35438 high 8.3
8.3
windows microsoft 25d ago
Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
CVE-2026-35436 high 8.8
8.8
windows microsoft 25d ago
Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
CVE-2026-35433 high 7.3
7.3
windows 25d ago
Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally.
CVE-2026-35429 medium 4.3
4.3
windows microsoft 25d ago
User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-35424 high 7.5
7.5
FIX windows 25d ago
Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network.
CVE-2026-35423 medium 5.4
5.4
FIX windows 25d ago
Out-of-bounds read in Telnet Client allows an unauthorized attacker to disclose information over a network.
CVE-2026-35422 medium 6.5
6.5
FIX windows 25d ago
Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized attacker to bypass a security feature over a network.
CVE-2026-35421 high 7.8
7.8
FIX windows 25d ago
Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally.
CVE-2026-35420 high 7.8
7.8
FIX windows 25d ago
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-35419 medium 5.5
5.5
FIX windows 25d ago
Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
CVE-2026-35418 high 7.8
7.8
FIX windows 25d ago
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-35417 high 7.8
7.8
FIX windows 25d ago
Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2026-35416 high 7.0
7.0
FIX windows 25d ago
Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-35415 high 7.8
7.8
FIX windows 25d ago
Integer overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.
CVE-2026-34351 high 7.8
7.8
FIX windows 25d ago
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CVE-2026-34350 medium 6.5
6.5
FIX windows 25d ago
Null pointer dereference in Windows Storport Miniport Driver allows an unauthorized attacker to deny service over a network.
CVE-2026-34347 high 7.0
7.0
FIX windows 25d ago
Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2026-34345 high 7.0
7.0
FIX windows 25d ago
Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-34344 high 7.8
7.8
FIX windows 25d ago
Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-34343 high 7.8
7.8
FIX windows 25d ago
Heap-based buffer overflow in Windows Application Identity (AppID) Subsystem allows an authorized attacker to elevate privileges locally.
CVE-2026-34342 high 7.0
7.0
FIX windows 25d ago
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.
CVE-2026-34341 high 7.0
7.0
FIX windows 25d ago
Double free in Windows Link-Layer Discovery Protocol (LLDP) allows an authorized attacker to elevate privileges locally.
CVE-2026-34340 high 7.0
7.0
FIX windows 25d ago
Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2026-34339 medium 5.5
5.5
FIX windows 25d ago
Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to deny service locally.
CVE-2026-34338 high 7.8
7.8
FIX windows 25d ago
Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
CVE-2026-34337 high 7.8
7.8
FIX windows 25d ago
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-34336 high 7.8
7.8
FIX windows 25d ago
Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-34334 high 7.8
7.8
FIX windows 25d ago
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CVE-2026-34333 high 7.8
7.8
FIX windows 25d ago
Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2026-34332 high 8.0
8.0
FIX windows 25d ago
Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network.
CVE-2026-34331 high 7.0
7.0
FIX windows 25d ago
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2026-34330 high 7.8
7.8
FIX windows 25d ago
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2026-34329 high 8.8
8.8
FIX windows 25d ago
Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network.
CVE-2026-33841 high 7.8
7.8
FIX windows 25d ago
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-33840 high 7.8
7.8
FIX windows 25d ago
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2026-33839 high 7.0
7.0
FIX windows 25d ago
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2026-33838 high 7.8
7.8
FIX windows 25d ago
Double free in Windows Message Queuing allows an authorized attacker to elevate privileges locally.
CVE-2026-33837 high 7.8
7.8
FIX windows 25d ago
Heap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CVE-2026-33835 high 7.8
7.8
FIX windows 25d ago
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-33834 high 7.8
7.8
FIX windows 25d ago
Improper access control in Windows Event Logging Service allows an authorized attacker to elevate privileges locally.
CVE-2026-33833 high 8.2
8.2
windows microsoft 25d ago
Improper neutralization of special elements in output used by a downstream component ('injection') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-33821 high 7.7
7.7
windows microsoft 25d ago
Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network.
CVE-2026-33117 critical 9.1
9.1
windows microsoft 25d ago
The Java Key Vault Keys library in the Azure SDK for Java contains an issue in the local cryptographic verification path where authentication tag comparison was implemented incorrectly. In affected a…
CVE-2026-33112 high 8.8
8.8
windows microsoft 25d ago
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-33110 high 8.8
8.8
windows microsoft 25d ago
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-32209 medium 4.4
4.4
FIX windows 25d ago
Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally.
CVE-2026-32204 high 7.8
7.8
windows microsoft 25d ago
External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-32185 medium 5.5
5.5
windows microsoft 25d ago
Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.
CVE-2026-32177 high 7.3
7.3
windows 25d ago
Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.
CVE-2026-32175 medium 4.3
4.3
windows 25d ago
A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to ce…
CVE-2026-32170 medium 6.7
6.7
FIX windows 25d ago
Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally.
CVE-2026-32161 high 7.5
7.5
FIX windows 25d ago
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Native WiFi Miniport Driver allows an unauthorized attacker to execute code over an adjacent net…
CVE-2026-21530 medium 6.7
6.7
FIX windows 25d ago
Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally.
CVE-2026-8368 medium 6.5
6.5
FIX debian sles windows 25d ago
LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects. On a 3xx response, the redirect handler strips only Host and Cookie before …
CVE-2026-6402 medium 6.5
6.5
sles windows webpack.js 26d ago
webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins
CVE-2026-43284 high 8.8
9.8
EXP FIX rhel sles debian aws google 26d ago
Important: kernel security update
CVE-2026-7790 high 7.5
7.5
debian windows ninenines 26d ago
Uncontrolled Resource Consumption vulnerability in ninenines cowlib (cow_http_te module) allows Excessive Allocation. The chunked transfer-encoding parser in cow_http_te accepts an unbounded number …
CVE-2026-43969 low 3.2
3.2
FIX debian windows ninenines 26d ago
cowlib: Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1
CVE-2026-43968 medium 4.0
4.0
FIX debian windows ninenines 26d ago
ninenines cowlib: Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability allows SSE event splitting and injection via unvalidated field values
