Buffer Overflow
Monthly
Local code execution in Microsoft Office PowerPoint (CWE-122 heap-based buffer overflow) lets an unauthorized attacker run arbitrary code when a victim opens a maliciously crafted presentation file. The flaw affects a broad Office footprint - PowerPoint 2016, Office 2019, Office LTSC 2021/2024, Microsoft 365 Apps for Enterprise, and multiple Office for Mac builds - and requires user interaction (opening the file) but no prior privileges. A vendor patch is available via MSRC; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
Local code execution in Microsoft Word (Office 2016/2019, Microsoft 365 Apps, Office LTSC 2021/2024) arises from a heap-based buffer overflow triggered when a victim opens a maliciously crafted document. An attacker who convinces a user to open a booby-trapped file can run arbitrary code in that user's context, achieving full compromise of confidentiality, integrity, and availability on the host. No public exploit identified at time of analysis and the flaw is not listed in CISA KEV, though a vendor patch is available per Microsoft's MSRC advisory.
Local code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, 365 Apps for Enterprise, and Office for Mac) arises from a heap-based buffer overflow (CWE-122) that an attacker triggers by getting a victim to open a maliciously crafted Office document. Rated CVSS 7.8 with high impact to confidentiality, integrity, and availability, exploitation requires user interaction but no prior authentication or privileges. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV, but Microsoft has released a patch via the MSRC update guide.
Local code execution in Microsoft Office (Microsoft 365 Apps, Office 2016/2019, LTSC 2021/2024, and Office for Mac) arises from a heap-based buffer overflow (CWE-122) that an attacker triggers by convincing a user to open a maliciously crafted document. The CVSS 3.1 score is 7.8 (AV:L/AC:L/PR:N/UI:R) with high impact to confidentiality, integrity, and availability, meaning code runs in the context of the current user. No public exploit identified at time of analysis, and it is not listed in CISA KEV; a vendor patch is available via MSRC.
Local code execution in Microsoft Office Word (Microsoft 365 Apps, Office 2019/LTSC 2021/2024, Word 2016, and the macOS builds) arises from a stack-based buffer overflow triggered when a victim opens a maliciously crafted document. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R) shows an unauthenticated attacker needs no privileges but does require user interaction, and successful exploitation yields full confidentiality, integrity, and availability impact in the user's security context. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but Microsoft has released a patch.
Arbitrary code execution in Microsoft Office Excel arises from a heap-based buffer overflow (CWE-122) that an attacker triggers when a victim opens a maliciously crafted spreadsheet, running code in the security context of the current user. The flaw spans a broad Office footprint including Microsoft 365 Apps for Enterprise, Excel 2016, Office 2019, Office LTSC 2021/2024, the macOS Office editions, and Office Online Server. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; the CVSS 7.8 rating reflects high impact gated by required user interaction.
Information disclosure in Microsoft Office Excel (2016, Office 2019, LTSC 2021/2024, Microsoft 365 Apps, Office for Mac, and Office Online Server) lets an attacker read out-of-bounds memory when a victim opens a maliciously crafted spreadsheet, potentially leaking sensitive process data such as memory contents, pointers, or credentials. Rated CVSS 7.1 with a local attack vector requiring user interaction, the flaw stems from a CWE-125 out-of-bounds read in Excel's file parser. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the ubiquity of Excel and Microsoft's confirmed patch make prompt patching important.
Local code execution in Microsoft Excel arises from a heap-based buffer overflow (CWE-122) that an attacker triggers by luring a victim into opening a maliciously crafted spreadsheet, yielding attacker code in the user's security context. It affects a broad Office family including Microsoft 365 Apps for Enterprise, Excel 2016, Office 2019, Office LTSC 2021/2024, the macOS editions, and Office Online Server. The CVSS 3.1 base score is 7.8 and the vector requires user interaction (UI:R); there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Local code execution in Microsoft Office Excel (across Microsoft 365 Apps, Office 2016/2019, LTSC 2021/2024, Office for Mac, and Office Online Server) stems from a heap-based buffer overflow (CWE-122) that an attacker triggers when a victim opens a maliciously crafted spreadsheet. Rated CVSS 7.8 with no privileges required but mandatory user interaction, successful exploitation yields full confidentiality, integrity, and availability impact in the context of the victim user. There is no public exploit identified at time of analysis and it is not on the CISA KEV list, but Microsoft has released a patch.
Arbitrary code execution in Microsoft Office Word (and the broader Office/365/SharePoint family) arises from a stack-based buffer overflow (CWE-121) that an attacker triggers when a victim opens a maliciously crafted document. The CVSS 3.1 vector (AV:L/UI:R) confirms this is a file-borne, local-context flaw requiring the user to open attacker-supplied content, yielding full confidentiality, integrity, and availability impact in the user's session. No public exploit identified at time of analysis, and it is not listed in CISA KEV; Microsoft has released a patch via MSRC.
Local code execution in Microsoft Office Excel (Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, Office for Mac, Office Online Server) arises from an out-of-bounds read (CWE-125) that an attacker weaponizes by luring a victim into opening a crafted spreadsheet, yielding code execution in the user's security context. The flaw carries a CVSS 7.8 (AV:L/AC:L/PR:N/UI:R) and requires no privileges but does require user interaction. Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Arbitrary code execution in Microsoft Excel (spanning Microsoft 365 Apps, Office 2016/2019, Office LTSC 2021/2024, Office for Mac, and Office Online Server) allows an unauthorized attacker to run code in the victim's context by tricking them into opening a maliciously crafted spreadsheet. The flaw is a heap-based buffer overflow (CWE-122) that executes with the local user's privileges once the file is opened. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.
Local code execution in Microsoft Office Word (via a stack-based buffer overflow, CWE-121) lets an attacker run arbitrary code in the context of the user who opens a maliciously crafted document. The flaw affects Microsoft 365 Apps for Enterprise, Office 2019, Office LTSC 2021/2024 (including Mac editions), and the Word component shared with SharePoint Server 2016/2019/Subscription Edition. No public exploit identified at time of analysis, and it is not listed in CISA KEV; exploitation requires the victim to open the attacker's file (UI:R).
Local code execution in Microsoft Excel (Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, Office for Mac, and Office Online Server) arises from an out-of-bounds read (CWE-125) triggered when a victim opens a maliciously crafted spreadsheet. CVSS 7.8 with high impact to confidentiality, integrity, and availability; no public exploit identified at time of analysis. Exploitation requires user interaction (opening the file) but no prior authentication or privileges on the target beyond the ability to induce the user to open the document.
Local arbitrary code execution in Microsoft Excel arises from a buffer over-read (CWE-126) triggered when a victim opens a maliciously crafted spreadsheet, letting an attacker run code in the context of the current user. The flaw spans Office 2016/2019, Microsoft 365 Apps, Office LTSC 2021/2024 (Windows and Mac) and Office Online Server; a vendor patch is available via MSRC. No public exploit has been identified at time of analysis, and the CVSS 7.8 (AV:L/UI:R) rating reflects that user interaction is required.
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
Local code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, Microsoft 365 Apps for Enterprise, and Office for Mac) arises from a heap-based buffer overflow (CWE-122) triggered when a user opens a maliciously crafted document. Rated CVSS 7.8 (AV:L/UI:R), an attacker who convinces a victim to open a weaponized file can run arbitrary code in the context of the current user. Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Local code execution in Microsoft Excel (and the broader Office 2016/2019/LTSC 2021/2024, Microsoft 365 Apps, Office for Mac, and Office Online Server family) results from a stack-based buffer overflow triggered when a victim opens a maliciously crafted spreadsheet. An attacker who convinces a user to open a booby-trapped file can run arbitrary code in the context of that user, with full confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and it is not on CISA KEV, but the ubiquity of Excel and Microsoft's own advisory make this a routine patch-Tuesday-class priority.
Local code execution in Microsoft Word (and the wider Microsoft Office / Microsoft 365 Apps family) lets an unauthorized attacker run arbitrary code when a victim opens a maliciously crafted Word document that triggers a heap-based buffer overflow. All impacted SKUs - Microsoft 365 Apps for Enterprise, Office 2019, Office LTSC 2021/2024, the macOS Office builds, and SharePoint Server (which renders Office documents server-side) - are affected, and Microsoft has released a patch. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.
Local code execution in Microsoft Excel (and the broader Office family including Microsoft 365 Apps for Enterprise, Office 2019/2021/2024 LTSC, Office for Mac, and Office Online Server) stems from a heap-based buffer overflow that triggers when a user opens a maliciously crafted spreadsheet. The CVSS vector (AV:L/AC:L/PR:N/UI:R) indicates an unauthenticated attacker gains full code execution in the victim's context but only after the target opens the file. No public exploit identified at time of analysis, and it is not listed in CISA KEV; a vendor patch is available from Microsoft (MSRC CVE-2026-55041).
Local code execution in Microsoft Word (and Office/SharePoint components that render Word content) stems from an integer overflow in the file-parsing path, letting an attacker who convinces a victim to open a crafted document run arbitrary code with the victim's privileges. It affects a broad Office footprint including Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, the macOS editions, and SharePoint Server 2016/2019/Subscription Edition. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the 7.8 CVSS and Word's ubiquity make it a routine priority patch.
Local arbitrary code execution in Microsoft Office (Microsoft 365 Apps for Enterprise, Office 2016/2019, Office LTSC 2021/2024, and their macOS equivalents) arises from a heap-based buffer overflow (CWE-122) that an attacker triggers by convincing a user to open a maliciously crafted Office document. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R) shows the flaw requires user interaction but no prior privileges, yielding full high-impact compromise of confidentiality, integrity, and availability in the user's context. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, so exploitation status is not currently confirmed.
Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
Local code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, 365 Apps, and the macOS builds) stems from an out-of-bounds read in a file-parsing routine that lets a crafted document corrupt memory and run attacker-controlled code in the context of the current user. The same document-parsing components also affect SharePoint Enterprise Server 2016, SharePoint Server 2019, and the Subscription Edition. Reported by Microsoft with a vendor patch available; no public exploit identified at time of analysis.
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
Arbitrary code execution in Microsoft Excel (across Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, Office for Mac, and Office Online Server) arises from a heap-based buffer overflow (CWE-122) that triggers when a victim opens a maliciously crafted spreadsheet. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R) confirms this is a local, user-interaction-dependent file-format attack rather than a remote network exploit, yielding code execution in the context of the current user. No public exploit has been identified at time of analysis, and the CVE is not listed in CISA KEV; a Microsoft patch is available.
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
Local code execution in Microsoft Excel (spanning Microsoft 365 Apps for Enterprise, Excel 2016, Office 2019, Office LTSC 2021/2024, the macOS Office builds, and Office Online Server) arises from an integer overflow (CWE-190) triggered when the application parses a maliciously crafted spreadsheet. An unauthorized attacker who convinces a victim to open a booby-trapped file can run arbitrary code in the context of the current user, with full confidentiality, integrity, and availability impact per the 7.8 CVSS vector. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.
Local code execution in Microsoft Office Excel (spanning Excel 2016, Office 2019, Office LTSC 2021/2024, Microsoft 365 Apps for Enterprise, the macOS builds, and Office Online Server) arises from an out-of-bounds read (CWE-125) that an attacker triggers by convincing a user to open a maliciously crafted workbook. The CVSS 3.1 base score is 7.8 with high confidentiality, integrity, and availability impact, but exploitation requires user interaction (opening the file) and no active exploitation or public proof-of-concept has been reported. There is no public exploit identified at time of analysis; Microsoft has released a patch via its Security Update Guide.
Local code execution in Microsoft Office (Microsoft 365 Apps, Office 2016/2019, LTSC 2021/2024, Office for Mac, and SharePoint Server) arises from a heap-based buffer overflow (CWE-122) that an unauthorized attacker triggers when a victim opens a maliciously crafted document. The CVSS 3.1 base score is 7.8 (AV:L/AC:L/PR:N/UI:R) with high confidentiality, integrity, and availability impact, meaning successful exploitation yields full code execution in the context of the current user. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the ubiquity of Office makes it a high-priority patch target.
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
Local code execution in Microsoft Office (365 Apps for Enterprise, Office 2016/2019, and Office LTSC 2021/2024) arises from a heap-based buffer overflow that an attacker triggers when a victim opens a maliciously crafted Office document. Successful exploitation yields full confidentiality, integrity, and availability impact in the context of the current user. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the ubiquity of Office and the low attack complexity make this a meaningful patch priority.
Local code execution in Microsoft Office (Microsoft 365 Apps for Enterprise, Office 2016/2019, and Office LTSC 2021/2024) arises from a heap-based buffer overflow (CWE-122) that an attacker triggers by convincing a user to open a maliciously crafted Office document. Successful exploitation yields full code execution in the context of the current user, with high impact to confidentiality, integrity, and availability. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; SSVC rates current exploitation as none.
Remote code execution in Minecraft Bedrock Dedicated Server allows an unauthenticated network attacker to corrupt heap memory and run arbitrary code via a specially crafted packet, per CVSS:3.1/AV:N/AC:L/PR:N/UI:N (9.8 Critical). The flaw (CWE-122 heap-based buffer overflow) was reported by Microsoft, which has released a fix; there is no public exploit identified at time of analysis and no EPSS or CISA KEV data was supplied, so exploitation remains theoretical but the pre-auth, low-complexity profile makes it high-priority to patch.
Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.
Local privilege escalation in the Windows Desktop Window Manager (DWM) lets an already-authenticated, low-privileged attacker corrupt heap memory (CWE-122) to gain SYSTEM-level control across Windows 10 (1607 through 22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2016 through 2025. The CVSS 3.1 score of 8.8 reflects a scope change into a higher-integrity context with full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; Microsoft has released a patch.
Privilege escalation in Microsoft Windows DHCP Server (across Windows Server 2012 through 2025 and Windows 10 1607/1809) allows an authenticated attacker on an adjacent network to elevate privileges by triggering a heap-based buffer overflow (CWE-122). Exploitation yields full confidentiality, integrity, and availability impact (C:H/I:H/A:H) on the affected server, effectively giving the attacker high-privilege control of the DHCP service host. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV.
Denial of service in Windows Active Directory allows an authenticated network attacker to crash or degrade the directory service via an out-of-bounds read (CWE-125). The flaw affects Active Directory across Windows 10 (21H2/22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2022/2025 including Server Core; there is no public exploit identified at time of analysis. Impact is primarily availability (A:H) with a minor confidentiality leak (C:L), and Microsoft has released a patch.
Local privilege escalation in Microsoft's Windows Hyper-V hypervisor allows an already-authenticated, high-privileged attacker to corrupt heap memory (CWE-122) and elevate to higher privileges on the host. The scope-changed CVSS 3.1 vector (8.2) reflects that a successful exploit can breach the guest/host virtualization boundary, impacting confidentiality, integrity, and availability of the underlying host. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; a Microsoft patch is available.
Local privilege escalation in the Microsoft Windows Search Component affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a heap-based buffer overflow lets an already-authenticated local attacker corrupt memory and elevate to higher privileges (up to SYSTEM). The CVSS 3.1 score of 7.8 reflects local-only attack with low privileges required and no user interaction, yielding full confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Local privilege escalation in Windows Active Directory across a broad range of Windows client and server releases (Windows 10 1607 through Windows 11 26H1, and Windows Server 2012 through 2025) allows an authenticated local attacker to elevate privileges by triggering an integer overflow (CWE-190). Successful exploitation yields high confidentiality, integrity, and availability impact, effectively enabling escalation to SYSTEM-level control on the affected host. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; Microsoft has issued a patch via MSRC.
Local privilege escalation in the Microsoft Windows Kernel lets an already-authenticated attacker read memory outside allocated bounds (CWE-125) and leverage it to elevate to SYSTEM across a broad range of client and server builds (Windows 10 1809 through Windows 11 26H1, Windows Server 2019 through 2025). Microsoft rates it CVSS 8.8 with a changed scope, and a vendor patch is available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Privilege escalation via heap-based buffer overflow in the Windows NTFS filesystem driver affects a broad range of Windows 10, Windows 11, and Windows Server versions, requiring only physical access to the target device - no OS credentials needed. An attacker with hands-on access to the hardware can trigger a heap overflow in NTFS processing to gain elevated privileges, potentially achieving full system compromise (High C/I/A). No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog, but the combination of zero authentication requirements and critical-level impact makes it a realistic threat for physically accessible endpoints. A vendor-supplied patch is available via the Microsoft Security Response Center.
Local code execution in the Windows Media component of supported Windows 10, Windows 11, and Windows Server (2016 through 2025) releases lets an unauthorized attacker run arbitrary code when a victim opens a maliciously crafted media file. The flaw is a heap-based buffer overflow (CWE-122) reported by Microsoft with a vendor patch available; there is no public exploit identified at time of analysis. CVSS is 7.8 (High), driven by full confidentiality, integrity, and availability impact but gated by local vector and required user interaction.
Remote code execution in the Microsoft Windows DHCP Server role allows an unauthenticated network attacker to run arbitrary code by triggering a heap-based buffer overflow (CWE-122) in the service's packet handling. The flaw carries a critical CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) and affects Windows Server 2012 through 2025 as well as the underlying Windows 10 1607/1809 code base. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV, but the unauthenticated network RCE profile makes it a high-priority patch.
Buffer over-read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network.
Information disclosure in the Windows Network Policy Server (NPS) SNMP handling allows a remote, unauthenticated attacker to read out-of-bounds memory over the network and disclose potentially sensitive data. The flaw affects a broad range of Windows Server (2012 through 2025) and Windows client builds where the NPS role/SNMP component is present. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; a vendor patch is available from Microsoft (MSRC).
Local code execution in Microsoft's Resilient File System (ReFS) driver affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a stack-based buffer overflow (CWE-121) can be triggered when a victim interacts with attacker-crafted ReFS data. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R) shows an unauthenticated but user-interaction-dependent local attack yielding full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis and the flaw is not on CISA KEV, so it currently represents a patch-priority rather than an active-exploitation emergency.
Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an unauthorized attacker to execute code with a physical attack.
Local privilege escalation in the Windows Code Integrity module (ci.dll) lets an already-authenticated low-privileged attacker read out-of-bounds memory (CWE-125) and leverage the resulting condition to gain higher privileges on affected Windows 10, Windows 11, and Windows Server systems back to Server 2012. The CVSS 3.1 score is 7.0 (High) with a local vector and high attack complexity, and there is no public exploit identified at time of analysis. Microsoft self-reported the issue and has released a patch through the MSRC update guide.
Elevation of privilege in the Microsoft Windows Universal Disk Format File System driver (UDFS) allows a local attacker to gain higher privileges after a user mounts or opens a maliciously crafted UDF-formatted volume such as an ISO or disc image. The flaw is an out-of-bounds read (CWE-125) in the kernel-mode UDFS parser, and successful exploitation yields high impact to confidentiality, integrity, and availability (CVSS 7.8). No public exploit identified at time of analysis and it is not listed in CISA KEV, but Microsoft has released a patch.
Local privilege escalation to code execution in the Windows NTFS file-system driver stems from a heap-based buffer overflow (CWE-122) that an authenticated local attacker can trigger to run arbitrary code with elevated privileges. The flaw was reported by Microsoft and spans a broad range of currently-supported Windows client and server releases, from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the low attack complexity and reliable memory-corruption primitive in a core kernel-mode driver make it a strong candidate for patch-Tuesday prioritization.
Local privilege escalation in the Windows Win32K kernel subsystem (CWE-122 heap-based buffer overflow) lets an already-authenticated low-privileged attacker corrupt kernel heap memory and gain SYSTEM-level control across a broad range of Windows client and server releases. The flaw carries a CVSS 3.1 base score of 8.8 with a changed scope (S:C), reflecting that a user-mode process can compromise the kernel security boundary. It was reported by Microsoft, a vendor patch is available, and there is no public exploit identified at time of analysis.
Local privilege escalation in the Windows Print Spooler Components affects Windows 10 (1809, 21H2, 22H2), Windows 11 (24H2, 25H2, 26H1), and Windows Server 2019/2022/2025, where a heap-based buffer overflow (CWE-122) lets an already-authenticated local user corrupt heap memory in a Spooler component and gain SYSTEM-level privileges. Exploitation requires low-privilege local access (CVSS AV:L/PR:L) with no user interaction, yielding full confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.
Denial of service in Windows Hyper-V allows an authorized, adjacent-network attacker to crash or disrupt the hypervisor by triggering a buffer over-read (CWE-126). Affected platforms span Windows 10, Windows 11, and Windows Server 2012 through 2025, covering a broad slice of Microsoft's enterprise footprint. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, but a vendor-issued patch is available via Microsoft MSRC.
Local privilege escalation in the Microsoft Windows Kernel lets an already-authenticated attacker corrupt heap memory to gain SYSTEM-level control across Windows 10 (1809/21H2/22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2019/2022/2025. The CVSS 7.8 (AV:L/PR:L) rating reflects that low-privileged code execution is a prerequisite; there is no public exploit identified at time of analysis, but Microsoft has released a patch. This is a classic post-exploitation escalation primitive rather than an initial-access vector.
Local privilege-level code execution in the Windows NTFS file-system driver affects a broad range of Windows client and server releases, from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. A heap-based buffer overflow (CWE-122) lets an authorized local attacker who can induce a user to interact with a crafted file or volume execute arbitrary code in the security context of the kernel-mode NTFS component. There is no public exploit identified at time of analysis and it is not in CISA KEV, but Microsoft has released a patch and the flaw carries full high confidentiality, integrity, and availability impact.
Local privilege escalation in the Windows Web Proxy Auto-Discovery (WPAD) service affects Windows 10 Version 1607 and Windows Server 2012, 2012 R2, and 2016 (including Server Core installations), where a heap-based buffer overflow (CWE-122) lets an authenticated local attacker corrupt kernel/service heap memory and elevate to higher privileges. Microsoft has released a patch and reported the flaw itself; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The CVSS 3.1 base score is 7.8 (AV:L/AC:L/PR:L/UI:N) reflecting a high-impact but locally-scoped attack requiring existing low-privilege access.
Local privilege escalation in the Microsoft Windows Kernel lets an already-authenticated attacker corrupt heap memory (CWE-122) to run code with SYSTEM-level privileges. It affects a broad range of supported Windows client and server releases (Windows 10 1607 through Windows 11 26H1, and Windows Server 2012 through Server 2025). No public exploit identified at time of analysis, but the CVSS 8.8 rating and scope change make it a strong candidate for chaining after initial access.
Information disclosure in the Windows Network Policy Server (NPS) SNMP component allows a remote, unauthenticated attacker to read out-of-bounds memory over the network and disclose sensitive process data. The flaw affects a broad range of Windows client and server releases, from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. It was reported by Microsoft, a vendor patch is available, and no public exploit has been identified at time of analysis (not listed in CISA KEV).
Remote information disclosure in the Microsoft Windows Kernel (CWE-125 out-of-bounds read) lets an unauthenticated attacker read kernel memory over a network, per the CVSS AV:N/PR:N vector, affecting a broad range of Windows 10, Windows 11, and Windows Server 2016 through 2025 builds. The flaw carries high confidentiality impact (C:H) with a minor availability side effect and no integrity impact, scoring CVSS 8.2. No public exploit is identified at time of analysis and it is not in CISA KEV, but the network-reachable, no-authentication, no-interaction profile makes it a notable patch priority.
Buffer over-read in Windows Kernel allows an authorized attacker to disclose information locally.
Denial of service in Microsoft Active Directory Federation Services (AD FS) allows a remote, unauthenticated attacker to crash the service by sending crafted network input that overflows a stack buffer (CWE-121). Because AD FS commonly fronts single sign-on for Microsoft 365, Azure AD, and federated web applications, an outage cascades into loss of authentication for every relying-party application. There is no public exploit identified at time of analysis and the flaw is not in CISA KEV; a Microsoft patch is available, and the CVSS 3.1 score is 7.5 (availability-only impact).
Local code execution in Microsoft Windows' Resilient File System (ReFS) driver lets an unauthorized attacker run arbitrary code by inducing a victim to mount or open a maliciously crafted ReFS volume (CVE-2026-50362). The flaw affects the ReFS component shipped across Windows 10, Windows 11 (through 26H1), and Windows Server 2016-2025, carries CVSS 7.8, and requires user interaction (UI:R) with no prior authentication (PR:N). Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to disclose information locally.
Remote code execution in Microsoft Windows Message Queuing (MSMQ) allows an unauthenticated attacker to run arbitrary code over the network by corrupting heap memory. The flaw (CWE-122) carries a CVSS 9.8 and affects a broad range of client and server SKUs from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025. No public exploit is identified at time of analysis, but the network-reachable, no-interaction, no-privilege profile of prior MSMQ bugs (e.g. the 'QueueJumper' class) makes this a top-priority patch. Microsoft has released a fix.
Local privilege escalation to code execution in the Windows NTFS driver (CVE-2026-50417) allows an authenticated attacker with low privileges to corrupt heap memory and run arbitrary code on affected Windows 10, Windows 11, and Windows Server 2012 through 2025 systems. The flaw is a heap-based buffer overflow (CWE-122) reported by Microsoft, with CVSS 7.8 (High) reflecting local vector, low complexity, and full confidentiality/integrity/availability impact. No public exploit identified at time of analysis, and it is not listed in CISA KEV.
Out-of-bounds read in Windows USB Audio Class driver (usbaudio.sys) allows an unauthorized attacker to disclose information with a physical attack.
Local code execution in Microsoft Windows NTFS (New Technology File System) driver arises from a heap-based buffer overflow (CWE-122) that an attacker can trigger by inducing a user to interact with a specially crafted NTFS volume or file. Affecting a broad range of Windows client and server builds from Windows Server 2012/2012 R2 through Windows 11 26H1 and Windows Server 2025, successful exploitation yields high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; Microsoft has issued a fix.
Local privilege escalation in the Microsoft Windows Kernel allows an authenticated low-privileged user to elevate to higher (likely SYSTEM-level) privileges by triggering an out-of-bounds read condition. The flaw affects a broad range of currently supported Windows client and server builds, from Windows 10 21H2 through Windows 11 26H1 and Windows Server 2022/2025. Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Local privilege escalation in the Windows Overlay Filter (WOF) driver affects a broad range of Windows client and server releases, from Windows 10 1607 and Server 2012 R2 through Windows 11 26H1 and Server 2025. An authenticated local attacker with low privileges can trigger a buffer over-read (CWE-126) in the filter to elevate to higher privileges, gaining full confidentiality, integrity, and availability impact on the host. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.
Buffer over-read in Windows Print Spooler Components allows an authorized attacker to disclose information locally.
Local privilege escalation in the Windows NTFS file-system driver lets an already-authenticated low-privileged user read memory outside allocated bounds (CWE-125) to gain elevated privileges. It affects a broad Windows fleet spanning Windows 10 (1607 through 22H2), Windows 11 (24H2, 25H2, 26H1), and Windows Server 2012 through 2025. Reported by Microsoft with a patch available; no public exploit identified at time of analysis and it is not listed in CISA KEV.
Local code execution in Microsoft Windows NTFS (the New Technology File System driver) arises from a heap-based buffer overflow that lets an attacker run arbitrary code with the privileges of the affected process. The flaw affects a broad swath of supported Windows client and server builds, from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. Microsoft (the reporter) has shipped a patch; there is no public exploit identified at time of analysis, and the CVSS vector requires local access plus user interaction, so it is a privilege-escalation/code-execution primitive rather than a remotely-wormable bug.
Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
Buffer over-read in Windows RDP allows an unauthorized attacker to disclose information over a network.
Local privilege elevation in the Windows Graphics Device Interface (GDI) component allows an already-authenticated, low-privileged user to run code at a higher privilege level by triggering a stack-based buffer overflow (CWE-121). Affected platforms span Windows 10 (1607 through 22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2012 through 2025, including Server Core installations. Reported by Microsoft with a patch available; no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.
Local code execution in the Microsoft Windows NTFS file-system driver lets an attacker run arbitrary code by triggering a heap-based buffer overflow (CWE-122) when Windows parses crafted file-system metadata. The flaw spans a broad range of supported releases, from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. It carries a CVSS 7.8 (Important) rating, requires user interaction, has a vendor patch available, and no public exploit identified at time of analysis.
Out-of-bounds read in Windows Cloud Files Mini Filter Driver allows an authorized attacker to disclose information locally.
Information disclosure in the Windows Kernel allows a remote, unauthenticated attacker to read out-of-bounds memory and leak sensitive data across all currently supported Windows client and server builds (Windows 10 1809/21H2/22H2, Windows 11 24H2/25H2/26H1, and Windows Server 2019/2022/2025). The CVSS 3.1 base score is 7.5 (AV:N/AC:L/PR:N/UI:N, high confidentiality impact only). There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the network-reachable, no-privilege, no-interaction profile makes it a broadly applicable patch-now item.
Local privilege escalation in the Windows Media component of Windows 11 (versions 24H2, 25H2, and 26H1) allows an already-authenticated low-privileged user to run code with elevated (typically SYSTEM) rights by triggering a heap-based buffer overflow. Microsoft, the reporting party, has released a patch through its Update Guide. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV, so there is no evidence of active exploitation, though EIP-class memory-corruption bugs in core OS components are attractive follow-on targets after initial access.
Local code execution in the Microsoft Windows NTFS driver stems from an out-of-bounds read (CWE-125) that an attacker can leverage to run arbitrary code on affected systems, spanning Windows 10 (1607 through 22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2012 through 2025. Exploitation requires local access and user interaction (AV:L/UI:R), typically opening or mounting a maliciously crafted file or volume, but no prior authentication (PR:N). Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Local information disclosure in the Windows Container Isolation FS Filter Driver (unionfs.sys) on Windows 11 version 26H1 allows an authorized low-privileged user to read memory outside intended bounds and disclose sensitive kernel or process data. The flaw was reported by Microsoft, a vendor patch is available, and there is no public exploit identified at time of analysis. CVSS 7.1 (AV:L) reflects local access with low privileges but high confidentiality impact.
Denial of service in Microsoft Active Directory Federation Services (AD FS) allows a remote, unauthenticated attacker to crash or render the federation service unavailable by triggering a stack-based buffer overflow over the network. The flaw affects the AD FS role across Windows Server 2012 through 2025 (including Server Core installations) and carries a CVSS 7.5 rating driven entirely by availability impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but a vendor patch is available.
Heap-based buffer overflow in Windows DirectX allows an authorized attacker to elevate privileges locally.
Local code execution in Microsoft Office PowerPoint (CWE-122 heap-based buffer overflow) lets an unauthorized attacker run arbitrary code when a victim opens a maliciously crafted presentation file. The flaw affects a broad Office footprint - PowerPoint 2016, Office 2019, Office LTSC 2021/2024, Microsoft 365 Apps for Enterprise, and multiple Office for Mac builds - and requires user interaction (opening the file) but no prior privileges. A vendor patch is available via MSRC; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
Local code execution in Microsoft Word (Office 2016/2019, Microsoft 365 Apps, Office LTSC 2021/2024) arises from a heap-based buffer overflow triggered when a victim opens a maliciously crafted document. An attacker who convinces a user to open a booby-trapped file can run arbitrary code in that user's context, achieving full compromise of confidentiality, integrity, and availability on the host. No public exploit identified at time of analysis and the flaw is not listed in CISA KEV, though a vendor patch is available per Microsoft's MSRC advisory.
Local code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, 365 Apps for Enterprise, and Office for Mac) arises from a heap-based buffer overflow (CWE-122) that an attacker triggers by getting a victim to open a maliciously crafted Office document. Rated CVSS 7.8 with high impact to confidentiality, integrity, and availability, exploitation requires user interaction but no prior authentication or privileges. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV, but Microsoft has released a patch via the MSRC update guide.
Local code execution in Microsoft Office (Microsoft 365 Apps, Office 2016/2019, LTSC 2021/2024, and Office for Mac) arises from a heap-based buffer overflow (CWE-122) that an attacker triggers by convincing a user to open a maliciously crafted document. The CVSS 3.1 score is 7.8 (AV:L/AC:L/PR:N/UI:R) with high impact to confidentiality, integrity, and availability, meaning code runs in the context of the current user. No public exploit identified at time of analysis, and it is not listed in CISA KEV; a vendor patch is available via MSRC.
Local code execution in Microsoft Office Word (Microsoft 365 Apps, Office 2019/LTSC 2021/2024, Word 2016, and the macOS builds) arises from a stack-based buffer overflow triggered when a victim opens a maliciously crafted document. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R) shows an unauthenticated attacker needs no privileges but does require user interaction, and successful exploitation yields full confidentiality, integrity, and availability impact in the user's security context. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but Microsoft has released a patch.
Arbitrary code execution in Microsoft Office Excel arises from a heap-based buffer overflow (CWE-122) that an attacker triggers when a victim opens a maliciously crafted spreadsheet, running code in the security context of the current user. The flaw spans a broad Office footprint including Microsoft 365 Apps for Enterprise, Excel 2016, Office 2019, Office LTSC 2021/2024, the macOS Office editions, and Office Online Server. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; the CVSS 7.8 rating reflects high impact gated by required user interaction.
Information disclosure in Microsoft Office Excel (2016, Office 2019, LTSC 2021/2024, Microsoft 365 Apps, Office for Mac, and Office Online Server) lets an attacker read out-of-bounds memory when a victim opens a maliciously crafted spreadsheet, potentially leaking sensitive process data such as memory contents, pointers, or credentials. Rated CVSS 7.1 with a local attack vector requiring user interaction, the flaw stems from a CWE-125 out-of-bounds read in Excel's file parser. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the ubiquity of Excel and Microsoft's confirmed patch make prompt patching important.
Local code execution in Microsoft Excel arises from a heap-based buffer overflow (CWE-122) that an attacker triggers by luring a victim into opening a maliciously crafted spreadsheet, yielding attacker code in the user's security context. It affects a broad Office family including Microsoft 365 Apps for Enterprise, Excel 2016, Office 2019, Office LTSC 2021/2024, the macOS editions, and Office Online Server. The CVSS 3.1 base score is 7.8 and the vector requires user interaction (UI:R); there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Local code execution in Microsoft Office Excel (across Microsoft 365 Apps, Office 2016/2019, LTSC 2021/2024, Office for Mac, and Office Online Server) stems from a heap-based buffer overflow (CWE-122) that an attacker triggers when a victim opens a maliciously crafted spreadsheet. Rated CVSS 7.8 with no privileges required but mandatory user interaction, successful exploitation yields full confidentiality, integrity, and availability impact in the context of the victim user. There is no public exploit identified at time of analysis and it is not on the CISA KEV list, but Microsoft has released a patch.
Arbitrary code execution in Microsoft Office Word (and the broader Office/365/SharePoint family) arises from a stack-based buffer overflow (CWE-121) that an attacker triggers when a victim opens a maliciously crafted document. The CVSS 3.1 vector (AV:L/UI:R) confirms this is a file-borne, local-context flaw requiring the user to open attacker-supplied content, yielding full confidentiality, integrity, and availability impact in the user's session. No public exploit identified at time of analysis, and it is not listed in CISA KEV; Microsoft has released a patch via MSRC.
Local code execution in Microsoft Office Excel (Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, Office for Mac, Office Online Server) arises from an out-of-bounds read (CWE-125) that an attacker weaponizes by luring a victim into opening a crafted spreadsheet, yielding code execution in the user's security context. The flaw carries a CVSS 7.8 (AV:L/AC:L/PR:N/UI:R) and requires no privileges but does require user interaction. Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Arbitrary code execution in Microsoft Excel (spanning Microsoft 365 Apps, Office 2016/2019, Office LTSC 2021/2024, Office for Mac, and Office Online Server) allows an unauthorized attacker to run code in the victim's context by tricking them into opening a maliciously crafted spreadsheet. The flaw is a heap-based buffer overflow (CWE-122) that executes with the local user's privileges once the file is opened. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.
Local code execution in Microsoft Office Word (via a stack-based buffer overflow, CWE-121) lets an attacker run arbitrary code in the context of the user who opens a maliciously crafted document. The flaw affects Microsoft 365 Apps for Enterprise, Office 2019, Office LTSC 2021/2024 (including Mac editions), and the Word component shared with SharePoint Server 2016/2019/Subscription Edition. No public exploit identified at time of analysis, and it is not listed in CISA KEV; exploitation requires the victim to open the attacker's file (UI:R).
Local code execution in Microsoft Excel (Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, Office for Mac, and Office Online Server) arises from an out-of-bounds read (CWE-125) triggered when a victim opens a maliciously crafted spreadsheet. CVSS 7.8 with high impact to confidentiality, integrity, and availability; no public exploit identified at time of analysis. Exploitation requires user interaction (opening the file) but no prior authentication or privileges on the target beyond the ability to induce the user to open the document.
Local arbitrary code execution in Microsoft Excel arises from a buffer over-read (CWE-126) triggered when a victim opens a maliciously crafted spreadsheet, letting an attacker run code in the context of the current user. The flaw spans Office 2016/2019, Microsoft 365 Apps, Office LTSC 2021/2024 (Windows and Mac) and Office Online Server; a vendor patch is available via MSRC. No public exploit has been identified at time of analysis, and the CVSS 7.8 (AV:L/UI:R) rating reflects that user interaction is required.
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
Local code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, Microsoft 365 Apps for Enterprise, and Office for Mac) arises from a heap-based buffer overflow (CWE-122) triggered when a user opens a maliciously crafted document. Rated CVSS 7.8 (AV:L/UI:R), an attacker who convinces a victim to open a weaponized file can run arbitrary code in the context of the current user. Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Local code execution in Microsoft Excel (and the broader Office 2016/2019/LTSC 2021/2024, Microsoft 365 Apps, Office for Mac, and Office Online Server family) results from a stack-based buffer overflow triggered when a victim opens a maliciously crafted spreadsheet. An attacker who convinces a user to open a booby-trapped file can run arbitrary code in the context of that user, with full confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and it is not on CISA KEV, but the ubiquity of Excel and Microsoft's own advisory make this a routine patch-Tuesday-class priority.
Local code execution in Microsoft Word (and the wider Microsoft Office / Microsoft 365 Apps family) lets an unauthorized attacker run arbitrary code when a victim opens a maliciously crafted Word document that triggers a heap-based buffer overflow. All impacted SKUs - Microsoft 365 Apps for Enterprise, Office 2019, Office LTSC 2021/2024, the macOS Office builds, and SharePoint Server (which renders Office documents server-side) - are affected, and Microsoft has released a patch. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.
Local code execution in Microsoft Excel (and the broader Office family including Microsoft 365 Apps for Enterprise, Office 2019/2021/2024 LTSC, Office for Mac, and Office Online Server) stems from a heap-based buffer overflow that triggers when a user opens a maliciously crafted spreadsheet. The CVSS vector (AV:L/AC:L/PR:N/UI:R) indicates an unauthenticated attacker gains full code execution in the victim's context but only after the target opens the file. No public exploit identified at time of analysis, and it is not listed in CISA KEV; a vendor patch is available from Microsoft (MSRC CVE-2026-55041).
Local code execution in Microsoft Word (and Office/SharePoint components that render Word content) stems from an integer overflow in the file-parsing path, letting an attacker who convinces a victim to open a crafted document run arbitrary code with the victim's privileges. It affects a broad Office footprint including Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, the macOS editions, and SharePoint Server 2016/2019/Subscription Edition. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the 7.8 CVSS and Word's ubiquity make it a routine priority patch.
Local arbitrary code execution in Microsoft Office (Microsoft 365 Apps for Enterprise, Office 2016/2019, Office LTSC 2021/2024, and their macOS equivalents) arises from a heap-based buffer overflow (CWE-122) that an attacker triggers by convincing a user to open a maliciously crafted Office document. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R) shows the flaw requires user interaction but no prior privileges, yielding full high-impact compromise of confidentiality, integrity, and availability in the user's context. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, so exploitation status is not currently confirmed.
Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
Local code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, 365 Apps, and the macOS builds) stems from an out-of-bounds read in a file-parsing routine that lets a crafted document corrupt memory and run attacker-controlled code in the context of the current user. The same document-parsing components also affect SharePoint Enterprise Server 2016, SharePoint Server 2019, and the Subscription Edition. Reported by Microsoft with a vendor patch available; no public exploit identified at time of analysis.
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
Arbitrary code execution in Microsoft Excel (across Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, Office for Mac, and Office Online Server) arises from a heap-based buffer overflow (CWE-122) that triggers when a victim opens a maliciously crafted spreadsheet. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R) confirms this is a local, user-interaction-dependent file-format attack rather than a remote network exploit, yielding code execution in the context of the current user. No public exploit has been identified at time of analysis, and the CVE is not listed in CISA KEV; a Microsoft patch is available.
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
Local code execution in Microsoft Excel (spanning Microsoft 365 Apps for Enterprise, Excel 2016, Office 2019, Office LTSC 2021/2024, the macOS Office builds, and Office Online Server) arises from an integer overflow (CWE-190) triggered when the application parses a maliciously crafted spreadsheet. An unauthorized attacker who convinces a victim to open a booby-trapped file can run arbitrary code in the context of the current user, with full confidentiality, integrity, and availability impact per the 7.8 CVSS vector. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.
Local code execution in Microsoft Office Excel (spanning Excel 2016, Office 2019, Office LTSC 2021/2024, Microsoft 365 Apps for Enterprise, the macOS builds, and Office Online Server) arises from an out-of-bounds read (CWE-125) that an attacker triggers by convincing a user to open a maliciously crafted workbook. The CVSS 3.1 base score is 7.8 with high confidentiality, integrity, and availability impact, but exploitation requires user interaction (opening the file) and no active exploitation or public proof-of-concept has been reported. There is no public exploit identified at time of analysis; Microsoft has released a patch via its Security Update Guide.
Local code execution in Microsoft Office (Microsoft 365 Apps, Office 2016/2019, LTSC 2021/2024, Office for Mac, and SharePoint Server) arises from a heap-based buffer overflow (CWE-122) that an unauthorized attacker triggers when a victim opens a maliciously crafted document. The CVSS 3.1 base score is 7.8 (AV:L/AC:L/PR:N/UI:R) with high confidentiality, integrity, and availability impact, meaning successful exploitation yields full code execution in the context of the current user. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the ubiquity of Office makes it a high-priority patch target.
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
Local code execution in Microsoft Office (365 Apps for Enterprise, Office 2016/2019, and Office LTSC 2021/2024) arises from a heap-based buffer overflow that an attacker triggers when a victim opens a maliciously crafted Office document. Successful exploitation yields full confidentiality, integrity, and availability impact in the context of the current user. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the ubiquity of Office and the low attack complexity make this a meaningful patch priority.
Local code execution in Microsoft Office (Microsoft 365 Apps for Enterprise, Office 2016/2019, and Office LTSC 2021/2024) arises from a heap-based buffer overflow (CWE-122) that an attacker triggers by convincing a user to open a maliciously crafted Office document. Successful exploitation yields full code execution in the context of the current user, with high impact to confidentiality, integrity, and availability. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; SSVC rates current exploitation as none.
Remote code execution in Minecraft Bedrock Dedicated Server allows an unauthenticated network attacker to corrupt heap memory and run arbitrary code via a specially crafted packet, per CVSS:3.1/AV:N/AC:L/PR:N/UI:N (9.8 Critical). The flaw (CWE-122 heap-based buffer overflow) was reported by Microsoft, which has released a fix; there is no public exploit identified at time of analysis and no EPSS or CISA KEV data was supplied, so exploitation remains theoretical but the pre-auth, low-complexity profile makes it high-priority to patch.
Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.
Local privilege escalation in the Windows Desktop Window Manager (DWM) lets an already-authenticated, low-privileged attacker corrupt heap memory (CWE-122) to gain SYSTEM-level control across Windows 10 (1607 through 22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2016 through 2025. The CVSS 3.1 score of 8.8 reflects a scope change into a higher-integrity context with full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; Microsoft has released a patch.
Privilege escalation in Microsoft Windows DHCP Server (across Windows Server 2012 through 2025 and Windows 10 1607/1809) allows an authenticated attacker on an adjacent network to elevate privileges by triggering a heap-based buffer overflow (CWE-122). Exploitation yields full confidentiality, integrity, and availability impact (C:H/I:H/A:H) on the affected server, effectively giving the attacker high-privilege control of the DHCP service host. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV.
Denial of service in Windows Active Directory allows an authenticated network attacker to crash or degrade the directory service via an out-of-bounds read (CWE-125). The flaw affects Active Directory across Windows 10 (21H2/22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2022/2025 including Server Core; there is no public exploit identified at time of analysis. Impact is primarily availability (A:H) with a minor confidentiality leak (C:L), and Microsoft has released a patch.
Local privilege escalation in Microsoft's Windows Hyper-V hypervisor allows an already-authenticated, high-privileged attacker to corrupt heap memory (CWE-122) and elevate to higher privileges on the host. The scope-changed CVSS 3.1 vector (8.2) reflects that a successful exploit can breach the guest/host virtualization boundary, impacting confidentiality, integrity, and availability of the underlying host. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; a Microsoft patch is available.
Local privilege escalation in the Microsoft Windows Search Component affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a heap-based buffer overflow lets an already-authenticated local attacker corrupt memory and elevate to higher privileges (up to SYSTEM). The CVSS 3.1 score of 7.8 reflects local-only attack with low privileges required and no user interaction, yielding full confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Local privilege escalation in Windows Active Directory across a broad range of Windows client and server releases (Windows 10 1607 through Windows 11 26H1, and Windows Server 2012 through 2025) allows an authenticated local attacker to elevate privileges by triggering an integer overflow (CWE-190). Successful exploitation yields high confidentiality, integrity, and availability impact, effectively enabling escalation to SYSTEM-level control on the affected host. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; Microsoft has issued a patch via MSRC.
Local privilege escalation in the Microsoft Windows Kernel lets an already-authenticated attacker read memory outside allocated bounds (CWE-125) and leverage it to elevate to SYSTEM across a broad range of client and server builds (Windows 10 1809 through Windows 11 26H1, Windows Server 2019 through 2025). Microsoft rates it CVSS 8.8 with a changed scope, and a vendor patch is available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Privilege escalation via heap-based buffer overflow in the Windows NTFS filesystem driver affects a broad range of Windows 10, Windows 11, and Windows Server versions, requiring only physical access to the target device - no OS credentials needed. An attacker with hands-on access to the hardware can trigger a heap overflow in NTFS processing to gain elevated privileges, potentially achieving full system compromise (High C/I/A). No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog, but the combination of zero authentication requirements and critical-level impact makes it a realistic threat for physically accessible endpoints. A vendor-supplied patch is available via the Microsoft Security Response Center.
Local code execution in the Windows Media component of supported Windows 10, Windows 11, and Windows Server (2016 through 2025) releases lets an unauthorized attacker run arbitrary code when a victim opens a maliciously crafted media file. The flaw is a heap-based buffer overflow (CWE-122) reported by Microsoft with a vendor patch available; there is no public exploit identified at time of analysis. CVSS is 7.8 (High), driven by full confidentiality, integrity, and availability impact but gated by local vector and required user interaction.
Remote code execution in the Microsoft Windows DHCP Server role allows an unauthenticated network attacker to run arbitrary code by triggering a heap-based buffer overflow (CWE-122) in the service's packet handling. The flaw carries a critical CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) and affects Windows Server 2012 through 2025 as well as the underlying Windows 10 1607/1809 code base. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV, but the unauthenticated network RCE profile makes it a high-priority patch.
Buffer over-read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network.
Information disclosure in the Windows Network Policy Server (NPS) SNMP handling allows a remote, unauthenticated attacker to read out-of-bounds memory over the network and disclose potentially sensitive data. The flaw affects a broad range of Windows Server (2012 through 2025) and Windows client builds where the NPS role/SNMP component is present. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; a vendor patch is available from Microsoft (MSRC).
Local code execution in Microsoft's Resilient File System (ReFS) driver affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a stack-based buffer overflow (CWE-121) can be triggered when a victim interacts with attacker-crafted ReFS data. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R) shows an unauthenticated but user-interaction-dependent local attack yielding full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis and the flaw is not on CISA KEV, so it currently represents a patch-priority rather than an active-exploitation emergency.
Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an unauthorized attacker to execute code with a physical attack.
Local privilege escalation in the Windows Code Integrity module (ci.dll) lets an already-authenticated low-privileged attacker read out-of-bounds memory (CWE-125) and leverage the resulting condition to gain higher privileges on affected Windows 10, Windows 11, and Windows Server systems back to Server 2012. The CVSS 3.1 score is 7.0 (High) with a local vector and high attack complexity, and there is no public exploit identified at time of analysis. Microsoft self-reported the issue and has released a patch through the MSRC update guide.
Elevation of privilege in the Microsoft Windows Universal Disk Format File System driver (UDFS) allows a local attacker to gain higher privileges after a user mounts or opens a maliciously crafted UDF-formatted volume such as an ISO or disc image. The flaw is an out-of-bounds read (CWE-125) in the kernel-mode UDFS parser, and successful exploitation yields high impact to confidentiality, integrity, and availability (CVSS 7.8). No public exploit identified at time of analysis and it is not listed in CISA KEV, but Microsoft has released a patch.
Local privilege escalation to code execution in the Windows NTFS file-system driver stems from a heap-based buffer overflow (CWE-122) that an authenticated local attacker can trigger to run arbitrary code with elevated privileges. The flaw was reported by Microsoft and spans a broad range of currently-supported Windows client and server releases, from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the low attack complexity and reliable memory-corruption primitive in a core kernel-mode driver make it a strong candidate for patch-Tuesday prioritization.
Local privilege escalation in the Windows Win32K kernel subsystem (CWE-122 heap-based buffer overflow) lets an already-authenticated low-privileged attacker corrupt kernel heap memory and gain SYSTEM-level control across a broad range of Windows client and server releases. The flaw carries a CVSS 3.1 base score of 8.8 with a changed scope (S:C), reflecting that a user-mode process can compromise the kernel security boundary. It was reported by Microsoft, a vendor patch is available, and there is no public exploit identified at time of analysis.
Local privilege escalation in the Windows Print Spooler Components affects Windows 10 (1809, 21H2, 22H2), Windows 11 (24H2, 25H2, 26H1), and Windows Server 2019/2022/2025, where a heap-based buffer overflow (CWE-122) lets an already-authenticated local user corrupt heap memory in a Spooler component and gain SYSTEM-level privileges. Exploitation requires low-privilege local access (CVSS AV:L/PR:L) with no user interaction, yielding full confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.
Denial of service in Windows Hyper-V allows an authorized, adjacent-network attacker to crash or disrupt the hypervisor by triggering a buffer over-read (CWE-126). Affected platforms span Windows 10, Windows 11, and Windows Server 2012 through 2025, covering a broad slice of Microsoft's enterprise footprint. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, but a vendor-issued patch is available via Microsoft MSRC.
Local privilege escalation in the Microsoft Windows Kernel lets an already-authenticated attacker corrupt heap memory to gain SYSTEM-level control across Windows 10 (1809/21H2/22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2019/2022/2025. The CVSS 7.8 (AV:L/PR:L) rating reflects that low-privileged code execution is a prerequisite; there is no public exploit identified at time of analysis, but Microsoft has released a patch. This is a classic post-exploitation escalation primitive rather than an initial-access vector.
Local privilege-level code execution in the Windows NTFS file-system driver affects a broad range of Windows client and server releases, from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. A heap-based buffer overflow (CWE-122) lets an authorized local attacker who can induce a user to interact with a crafted file or volume execute arbitrary code in the security context of the kernel-mode NTFS component. There is no public exploit identified at time of analysis and it is not in CISA KEV, but Microsoft has released a patch and the flaw carries full high confidentiality, integrity, and availability impact.
Local privilege escalation in the Windows Web Proxy Auto-Discovery (WPAD) service affects Windows 10 Version 1607 and Windows Server 2012, 2012 R2, and 2016 (including Server Core installations), where a heap-based buffer overflow (CWE-122) lets an authenticated local attacker corrupt kernel/service heap memory and elevate to higher privileges. Microsoft has released a patch and reported the flaw itself; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The CVSS 3.1 base score is 7.8 (AV:L/AC:L/PR:L/UI:N) reflecting a high-impact but locally-scoped attack requiring existing low-privilege access.
Local privilege escalation in the Microsoft Windows Kernel lets an already-authenticated attacker corrupt heap memory (CWE-122) to run code with SYSTEM-level privileges. It affects a broad range of supported Windows client and server releases (Windows 10 1607 through Windows 11 26H1, and Windows Server 2012 through Server 2025). No public exploit identified at time of analysis, but the CVSS 8.8 rating and scope change make it a strong candidate for chaining after initial access.
Information disclosure in the Windows Network Policy Server (NPS) SNMP component allows a remote, unauthenticated attacker to read out-of-bounds memory over the network and disclose sensitive process data. The flaw affects a broad range of Windows client and server releases, from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. It was reported by Microsoft, a vendor patch is available, and no public exploit has been identified at time of analysis (not listed in CISA KEV).
Remote information disclosure in the Microsoft Windows Kernel (CWE-125 out-of-bounds read) lets an unauthenticated attacker read kernel memory over a network, per the CVSS AV:N/PR:N vector, affecting a broad range of Windows 10, Windows 11, and Windows Server 2016 through 2025 builds. The flaw carries high confidentiality impact (C:H) with a minor availability side effect and no integrity impact, scoring CVSS 8.2. No public exploit is identified at time of analysis and it is not in CISA KEV, but the network-reachable, no-authentication, no-interaction profile makes it a notable patch priority.
Buffer over-read in Windows Kernel allows an authorized attacker to disclose information locally.
Denial of service in Microsoft Active Directory Federation Services (AD FS) allows a remote, unauthenticated attacker to crash the service by sending crafted network input that overflows a stack buffer (CWE-121). Because AD FS commonly fronts single sign-on for Microsoft 365, Azure AD, and federated web applications, an outage cascades into loss of authentication for every relying-party application. There is no public exploit identified at time of analysis and the flaw is not in CISA KEV; a Microsoft patch is available, and the CVSS 3.1 score is 7.5 (availability-only impact).
Local code execution in Microsoft Windows' Resilient File System (ReFS) driver lets an unauthorized attacker run arbitrary code by inducing a victim to mount or open a maliciously crafted ReFS volume (CVE-2026-50362). The flaw affects the ReFS component shipped across Windows 10, Windows 11 (through 26H1), and Windows Server 2016-2025, carries CVSS 7.8, and requires user interaction (UI:R) with no prior authentication (PR:N). Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to disclose information locally.
Remote code execution in Microsoft Windows Message Queuing (MSMQ) allows an unauthenticated attacker to run arbitrary code over the network by corrupting heap memory. The flaw (CWE-122) carries a CVSS 9.8 and affects a broad range of client and server SKUs from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025. No public exploit is identified at time of analysis, but the network-reachable, no-interaction, no-privilege profile of prior MSMQ bugs (e.g. the 'QueueJumper' class) makes this a top-priority patch. Microsoft has released a fix.
Local privilege escalation to code execution in the Windows NTFS driver (CVE-2026-50417) allows an authenticated attacker with low privileges to corrupt heap memory and run arbitrary code on affected Windows 10, Windows 11, and Windows Server 2012 through 2025 systems. The flaw is a heap-based buffer overflow (CWE-122) reported by Microsoft, with CVSS 7.8 (High) reflecting local vector, low complexity, and full confidentiality/integrity/availability impact. No public exploit identified at time of analysis, and it is not listed in CISA KEV.
Out-of-bounds read in Windows USB Audio Class driver (usbaudio.sys) allows an unauthorized attacker to disclose information with a physical attack.
Local code execution in Microsoft Windows NTFS (New Technology File System) driver arises from a heap-based buffer overflow (CWE-122) that an attacker can trigger by inducing a user to interact with a specially crafted NTFS volume or file. Affecting a broad range of Windows client and server builds from Windows Server 2012/2012 R2 through Windows 11 26H1 and Windows Server 2025, successful exploitation yields high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; Microsoft has issued a fix.
Local privilege escalation in the Microsoft Windows Kernel allows an authenticated low-privileged user to elevate to higher (likely SYSTEM-level) privileges by triggering an out-of-bounds read condition. The flaw affects a broad range of currently supported Windows client and server builds, from Windows 10 21H2 through Windows 11 26H1 and Windows Server 2022/2025. Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Local privilege escalation in the Windows Overlay Filter (WOF) driver affects a broad range of Windows client and server releases, from Windows 10 1607 and Server 2012 R2 through Windows 11 26H1 and Server 2025. An authenticated local attacker with low privileges can trigger a buffer over-read (CWE-126) in the filter to elevate to higher privileges, gaining full confidentiality, integrity, and availability impact on the host. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.
Buffer over-read in Windows Print Spooler Components allows an authorized attacker to disclose information locally.
Local privilege escalation in the Windows NTFS file-system driver lets an already-authenticated low-privileged user read memory outside allocated bounds (CWE-125) to gain elevated privileges. It affects a broad Windows fleet spanning Windows 10 (1607 through 22H2), Windows 11 (24H2, 25H2, 26H1), and Windows Server 2012 through 2025. Reported by Microsoft with a patch available; no public exploit identified at time of analysis and it is not listed in CISA KEV.
Local code execution in Microsoft Windows NTFS (the New Technology File System driver) arises from a heap-based buffer overflow that lets an attacker run arbitrary code with the privileges of the affected process. The flaw affects a broad swath of supported Windows client and server builds, from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. Microsoft (the reporter) has shipped a patch; there is no public exploit identified at time of analysis, and the CVSS vector requires local access plus user interaction, so it is a privilege-escalation/code-execution primitive rather than a remotely-wormable bug.
Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
Buffer over-read in Windows RDP allows an unauthorized attacker to disclose information over a network.
Local privilege elevation in the Windows Graphics Device Interface (GDI) component allows an already-authenticated, low-privileged user to run code at a higher privilege level by triggering a stack-based buffer overflow (CWE-121). Affected platforms span Windows 10 (1607 through 22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2012 through 2025, including Server Core installations. Reported by Microsoft with a patch available; no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.
Local code execution in the Microsoft Windows NTFS file-system driver lets an attacker run arbitrary code by triggering a heap-based buffer overflow (CWE-122) when Windows parses crafted file-system metadata. The flaw spans a broad range of supported releases, from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. It carries a CVSS 7.8 (Important) rating, requires user interaction, has a vendor patch available, and no public exploit identified at time of analysis.
Out-of-bounds read in Windows Cloud Files Mini Filter Driver allows an authorized attacker to disclose information locally.
Information disclosure in the Windows Kernel allows a remote, unauthenticated attacker to read out-of-bounds memory and leak sensitive data across all currently supported Windows client and server builds (Windows 10 1809/21H2/22H2, Windows 11 24H2/25H2/26H1, and Windows Server 2019/2022/2025). The CVSS 3.1 base score is 7.5 (AV:N/AC:L/PR:N/UI:N, high confidentiality impact only). There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the network-reachable, no-privilege, no-interaction profile makes it a broadly applicable patch-now item.
Local privilege escalation in the Windows Media component of Windows 11 (versions 24H2, 25H2, and 26H1) allows an already-authenticated low-privileged user to run code with elevated (typically SYSTEM) rights by triggering a heap-based buffer overflow. Microsoft, the reporting party, has released a patch through its Update Guide. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV, so there is no evidence of active exploitation, though EIP-class memory-corruption bugs in core OS components are attractive follow-on targets after initial access.
Local code execution in the Microsoft Windows NTFS driver stems from an out-of-bounds read (CWE-125) that an attacker can leverage to run arbitrary code on affected systems, spanning Windows 10 (1607 through 22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2012 through 2025. Exploitation requires local access and user interaction (AV:L/UI:R), typically opening or mounting a maliciously crafted file or volume, but no prior authentication (PR:N). Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Local information disclosure in the Windows Container Isolation FS Filter Driver (unionfs.sys) on Windows 11 version 26H1 allows an authorized low-privileged user to read memory outside intended bounds and disclose sensitive kernel or process data. The flaw was reported by Microsoft, a vendor patch is available, and there is no public exploit identified at time of analysis. CVSS 7.1 (AV:L) reflects local access with low privileges but high confidentiality impact.
Denial of service in Microsoft Active Directory Federation Services (AD FS) allows a remote, unauthenticated attacker to crash or render the federation service unavailable by triggering a stack-based buffer overflow over the network. The flaw affects the AD FS role across Windows Server 2012 through 2025 (including Server Core installations) and carries a CVSS 7.5 rating driven entirely by availability impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but a vendor patch is available.
Heap-based buffer overflow in Windows DirectX allows an authorized attacker to elevate privileges locally.