Skip to main content

Microsoft

17290 CVEs vendor

Monthly

CVE-2026-44803 HIGH PATCH NEWS Exploit Likely Act Now

Local code execution in the Windows Win32K GRFX (graphics) subsystem allows an unauthorized attacker with the ability to run code locally to escalate privileges through an integer overflow. The flaw was reported by Microsoft (MSRC) and carries a CVSS 7.8, but requires user interaction (UI:R) and local access (AV:L), and no public exploit identified at time of analysis.

Microsoft Integer Overflow Buffer Overflow Excel Powerpoint +14
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-44802 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Desktop Window Manager (DWM) Core Library allows an authenticated low-privilege attacker to gain higher privileges through a use-after-free memory corruption flaw. The vulnerability carries a CVSS score of 7.8 with high impact across confidentiality, integrity, and availability, and no public exploit identified at time of analysis. Successful exploitation typically yields SYSTEM-level code execution on the affected Windows host.

Microsoft Use After Free Memory Corruption Denial Of Service Windows 10 1809 +9
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-42991 HIGH PATCH Act Now

Local privilege escalation in Microsoft Windows Push Notifications service stems from a race condition (CWE-362) that an authenticated low-privilege user can win to gain higher privileges on the host. The CVSS 7.8 score with Scope:Changed indicates successful exploitation crosses a security boundary, impacting confidentiality, integrity, and availability of resources beyond the vulnerable component. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Information Disclosure Microsoft Race Condition
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-42987 HIGH PATCH NEWS Exploit Unlikely This Week

Remote code execution in Microsoft Windows Deployment Services (WDS) allows unauthenticated network-based attackers to execute arbitrary code by exploiting a use-after-free memory corruption flaw (CWE-416). The CVSS 8.1 score reflects high impact on confidentiality, integrity, and availability, though exploit complexity is rated High. No public exploit identified at time of analysis, and SSVC marks exploitation status as none with the flaw classified as not automatable.

Microsoft Use After Free Memory Corruption Denial Of Service
NVD VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-42986 HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Microsoft Graphics Component allows an authenticated low-privileged attacker to gain elevated rights via a use-after-free memory corruption flaw (CWE-416). The issue carries a CVSS 7.8 (High) rating with full confidentiality, integrity, and availability impact on the affected host. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Microsoft Denial Of Service Memory Corruption Use After Free Windows 10 1607 +12
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-42984 HIGH PATCH This Week

Local privilege escalation in Microsoft Windows Kernel allows an authorized low-privileged attacker to gain elevated (SYSTEM-level) privileges by triggering a use-after-free condition in kernel memory. The flaw carries a CVSS 7.0 (High) rating with high attack complexity, and Microsoft has released a patch via MSRC; no public exploit identified at time of analysis. Successful exploitation breaks the local Windows security boundary, enabling full host compromise from any authenticated session.

Microsoft Use After Free Memory Corruption Denial Of Service
NVD VulDB
CVSS 3.1
7.0
EPSS
0.1%
CVE-2026-42983 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows Desktop Window Manager (DWM) Core Library enables an authenticated low-privileged attacker to gain elevated privileges through a use-after-free memory corruption flaw. CVSS 7.8 reflects high impact on confidentiality, integrity, and availability but requires local access and existing user-level credentials. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Microsoft Use After Free Memory Corruption Denial Of Service
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-42981 HIGH PATCH Exploit Unlikely This Week

Remote code execution in Windows Performance Monitor enables unauthenticated network attackers to execute arbitrary code by triggering an integer underflow condition in the component's data handling logic. The flaw carries a CVSS score of 8.1 with high attack complexity, and while no public exploit identified at time of analysis, the SSVC assessment rates technical impact as total. Microsoft has released a patch via MSRC, and the issue is also tracked in VulDB entry 369628.

Authentication Bypass Microsoft Integer Overflow
NVD VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-42980 HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Windows NT OS Kernel allows an authenticated low-privileged attacker to elevate to SYSTEM by triggering an integer underflow condition. With a CVSS of 7.8 and no public exploit identified at time of analysis, this issue is primarily a post-compromise escalation vector commonly chained after initial access via phishing or commodity malware. Microsoft has released a patch through MSRC, and given Windows kernel EoP bugs are frequently weaponized by ransomware and APT actors historically, prompt patching is warranted despite the absence of confirmed in-the-wild exploitation.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-42979 HIGH PATCH Act Now

Local privilege escalation in Microsoft Windows Push Notifications service stems from a race condition (CWE-362) that an attacker with low-privileged local access can exploit to gain higher privileges. No public exploit identified at time of analysis, and the issue is not on CISA KEV, but the CVSS 7.8 rating reflects high impact across confidentiality, integrity, and availability once the race is won. A vendor patch is available via the Microsoft Security Response Center advisory.

Information Disclosure Microsoft Race Condition
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-42978 HIGH PATCH Act Now

Local privilege escalation in Microsoft Windows Push Notifications service stems from a race condition (CWE-362) in concurrent handling of shared resources, allowing an authorized low-privileged attacker to win a timing window and elevate to higher privileges with scope change. The CVSS 3.1 vector AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H reflects local-only exploitation with high attack complexity due to the timing-dependent nature, but a successful attacker gains full confidentiality, integrity, and availability impact across a security boundary. No public exploit identified at time of analysis.

Information Disclosure Microsoft Race Condition
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-42977 HIGH PATCH Act Now

Local privilege escalation in Windows Push Notifications enables an authenticated low-privileged user to elevate to higher privileges by exploiting a race condition (CWE-362) in concurrent access to a shared resource. Successful exploitation results in high impact to confidentiality, integrity, and availability with scope change, but no public exploit identified at time of analysis. Microsoft has released a patch via MSRC advisory.

Information Disclosure Microsoft Race Condition
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-42974 HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft Windows Performance Monitor (PerfMon) allows unauthenticated network-based attackers to execute arbitrary code by triggering an integer underflow condition. The flaw carries a CVSS 3.1 score of 8.1 driven by high impact across confidentiality, integrity, and availability, though high attack complexity (AC:H) tempers exploitability. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, but Microsoft has released a patch via MSRC guidance.

Authentication Bypass Microsoft Integer Overflow Windows 11 23h2 Windows 11 24h2 +4
NVD VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-42973 MEDIUM PATCH Exploit Unlikely This Month

Windows Push Notifications contains a use-of-uninitialized-resource flaw (CWE-200) that enables a locally authenticated attacker to read sensitive information from memory without elevation of privilege. Affecting a wide range of Windows 10, Windows 11, and Windows Server builds, the vulnerability requires only low-privilege local access and no user interaction to trigger. No public exploit code has been identified at time of analysis, and CISA SSVC rates exploitation as none with partial technical impact, placing this in a lower-urgency remediation band despite the High confidentiality rating in the CVSS vector.

Information Disclosure Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +9
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-42972 MEDIUM PATCH Exploit Unlikely This Month

Local information disclosure in Windows Hyper-V enables an authenticated low-privileged attacker to access sensitive data they are not authorized to read, without any user interaction. Affected systems span a broad range of Windows desktop and server editions from Server 2012 through Windows 11 26H1 and Server 2025. No public exploit identified at time of analysis and no CISA KEV listing; however, the high confidentiality impact (C:H) and breadth of affected versions make this a meaningful patching priority, particularly in multi-tenant virtualization environments.

Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-42971 MEDIUM PATCH Exploit Unlikely This Month

Windows Push Notifications on multiple Windows 10, Windows 11, and Windows Server versions exposes sensitive memory contents through an uninitialized resource condition, allowing a low-privileged local user to read high-confidentiality data without any user interaction. The CVSS vector (AV:L/PR:L) confirms this is strictly a local privilege issue - no remote attack path exists - limiting its practical blast radius to insider threats and post-compromise lateral reconnaissance. No public exploit has been identified at time of analysis, and Microsoft has released patches addressing all listed affected versions.

Information Disclosure Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +9
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-42970 MEDIUM PATCH Exploit Unlikely This Month

Windows Push Notifications contains a use-of-uninitialized-resource flaw (CWE-200) that enables authenticated local attackers to disclose sensitive information across a wide breadth of Microsoft Windows desktop and server platforms. Spanning Windows 10 through Windows 11 25H2 and Windows Server 2012 through Server 2025, the vulnerability carries a CVSS 5.5 Medium score with high confidentiality impact (C:H) but no integrity or availability impact. Microsoft has released patches via the June 2026 Patch Tuesday cycle; no public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Information Disclosure Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +10
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-42969 MEDIUM PATCH This Month

Windows Push Notifications on a broad range of Windows 10, Windows 11, and Windows Server editions leaks sensitive memory contents to locally authenticated low-privileged users through an uninitialized resource condition (CWE-908). The CVSS vector confirms local attack vector with low-privilege authentication requirement, no user interaction needed, and high confidentiality impact - meaning an attacker who has already obtained a standard user account can read residual memory data that could include tokens, credentials, or other sensitive artifacts. No public exploit code exists and no active exploitation has been identified at time of analysis; a vendor-released patch is available via Microsoft Security Response Center.

Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-42968 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in the Windows Telephony Service exposes sensitive memory contents to locally authenticated attackers across a broad range of Windows client and server versions. The flaw (CWE-125) is exploitable with only low privileges and no user interaction, yielding high confidentiality impact while leaving integrity and availability unaffected. No public exploit code or active exploitation has been identified; CISA's SSVC framework rates this as non-automatable with partial technical impact, placing it at medium operational priority.

Information Disclosure Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-42916 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows NT OS Kernel allows an authenticated low-privileged user to elevate to higher privileges through an integer underflow condition. The flaw carries a CVSS 7.8 (High) rating with no public exploit identified at time of analysis, but Microsoft has issued a patch via MSRC. Defenders should treat this as a standard Patch-Tuesday-class kernel EoP that becomes a critical post-compromise pivot once initial access is achieved.

Information Disclosure Microsoft Integer Overflow Windows 10 1607 Windows 10 1809 +11
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-42915 MEDIUM PATCH Exploit Unlikely This Month

Denial-of-service in the Windows TCP/IP stack allows an authenticated attacker on an adjacent network to crash the networking subsystem of affected Windows hosts via an incorrect buffer size calculation. Affected systems span Windows 10 (21H2, 22H2), Windows 11 (23H2 through 26H1), Windows Server 2022, and Windows Server 2025 - all unpatched builds within Microsoft-documented version ranges. No public exploit identified at time of analysis, though Microsoft has released fixes addressable via Windows Update; the vulnerability is not listed in the CISA KEV catalog.

Information Disclosure Microsoft Windows 10 21h2 Windows 10 22h2 Windows 11 23h2 +5
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2026-42914 MEDIUM PATCH Exploit Unlikely This Month

Windows Kerberos out-of-bounds read (CWE-125) allows a low-privilege network attacker to crash the Kerberos authentication service across all actively supported Windows client and server platforms, from Windows Server 2012 through Windows Server 2025 and Windows 11 26H1. The attack requires prior domain authentication and high-complexity triggering conditions (CVSS AC:H), limiting opportunistic mass exploitation, though a successful attack against a domain controller can deny authentication domain-wide by crashing the KDC. Vendor patches are available via the Microsoft MSRC advisory; no public exploit code exists and SSVC confirms no observed exploitation at time of analysis.

Denial Of Service Information Disclosure Microsoft Buffer Overflow Windows 10 1607 +12
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-42912 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows Telephony Service allows an authenticated low-privileged attacker to elevate to higher privileges by exploiting a race condition in concurrent access to a shared resource. The flaw carries a CVSS 7.0 (High) rating with high attack complexity, and no public exploit identified at time of analysis. Successful exploitation grants full confidentiality, integrity, and availability impact on the affected host.

Information Disclosure Microsoft Race Condition
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-42911 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Ancillary Function Driver for WinSock (afd.sys) allows an authenticated low-privileged user to elevate to SYSTEM via a use-after-free condition. The flaw affects Microsoft Windows installations using the standard WinSock kernel driver and has a vendor-released patch available through Microsoft's security update guide. No public exploit has been identified at time of analysis, though afd.sys has historically been a frequent target for elevation-of-privilege exploitation.

Microsoft Use After Free Memory Corruption Denial Of Service
NVD VulDB
CVSS 3.1
7.0
EPSS
0.1%
CVE-2026-42910 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Hotpatch Monitoring Service enables an authenticated low-privileged attacker to gain elevated privileges through an out-of-bounds write (CWE-787) memory corruption flaw. The CVSS 7.8 (AV:L/AC:L/PR:L) reflects local attack vector with low complexity once a foothold is obtained, and no public exploit identified at time of analysis. The vulnerability was reported by Microsoft's own security team (secure@microsoft.com), suggesting internal discovery prior to disclosure.

Microsoft Memory Corruption Buffer Overflow
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-42908 HIGH PATCH Exploit Unlikely This Week

Information disclosure in Microsoft Windows Remote Desktop Protocol (RDP) allows unauthenticated remote attackers to read out-of-bounds memory contents over the network, potentially leaking sensitive data from the RDP service process. The vulnerability requires no authentication or user interaction and is rated CVSS 7.5 with high confidentiality impact only. At time of analysis there is no public exploit identified and the issue is not listed in CISA KEV.

Information Disclosure Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-42907 MEDIUM PATCH Exploit Unlikely This Month

Information disclosure in Windows Shell exposes sensitive data to authenticated low-privileged attackers, with a confirmed vendor patch available. The vulnerability stems from CWE-200 improper information exposure within the Windows Shell component, allowing confidentiality compromise with no integrity or availability impact. No public exploit code or CISA KEV listing has been identified at time of analysis, but the high confidentiality impact score (C:H) and low attack complexity elevate practical concern for environments where lateral movement or credential harvesting are threat vectors.

Information Disclosure Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +7
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-42906 MEDIUM PATCH Exploit Unlikely This Month

Windows Shell exposes sensitive information to locally authenticated, low-privileged attackers without requiring user interaction or elevated privileges. The vulnerability (CWE-200) results in high confidentiality impact, allowing disclosure of sensitive data accessible through the Shell component. No active exploitation has been confirmed by CISA KEV and no public exploit code has been identified at time of analysis, though the Microsoft Security Response Center (MSRC) has acknowledged the issue via advisory.

Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-42905 HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Windows Desktop Window Manager (DWM) Core Library enables an authorized low-privilege user to elevate to higher privileges via a use-after-free condition. The flaw carries a CVSS 7.8 (High) and no public exploit identified at time of analysis, though Microsoft has acknowledged the issue through MSRC. Successful exploitation grants full confidentiality, integrity, and availability impact on the affected host.

Microsoft Use After Free Memory Corruption Denial Of Service
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-42904 CRITICAL PATCH Act Now

Privilege elevation in the Windows TCP/IP networking stack allows an unauthenticated attacker on an adjacent network to gain elevated privileges by triggering a heap-based buffer overflow (CWE-122). The CVSS 9.6 score with scope change (S:C) indicates the compromise crosses security boundaries beyond the vulnerable component itself. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-42903 MEDIUM PATCH This Month

Null pointer dereference in Windows Kerberos enables an authenticated network attacker to crash the Kerberos service, causing denial of service. The CVSS vector (AV:N/AC:L/PR:L/UI:N) confirms exploitation is achievable over the network by any low-privilege authenticated user with no user interaction required, resulting in high availability impact (A:H) with no confidentiality or integrity consequences. No active exploitation confirmed (not in CISA KEV), and no public exploit code has been identified at time of analysis.

Denial Of Service Null Pointer Dereference Microsoft
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-42902 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft PowerToys allows an authenticated low-privileged user on a Windows system with PowerToys installed to elevate to higher privileges by abusing an improper authorization check (CWE-285). The flaw requires existing local access and low-level credentials, with no public exploit identified at time of analysis and no CISA KEV listing. Successful exploitation yields full confidentiality, integrity, and availability impact on the affected host.

Authentication Bypass Microsoft Powertoys
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-42837 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Projected File System (ProjFS) Filter Driver allows an authenticated low-privileged user on a Windows host to escalate to higher privileges by triggering a buffer over-read in the kernel-mode driver. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but the CVSS 7.8 with low attack complexity and no user interaction makes it an attractive post-compromise target for endpoint operators.

Information Disclosure Microsoft Buffer Overflow Windows 10 1809 Windows 10 21h2 +8
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-42835 HIGH PATCH Exploit Unlikely This Week

Information disclosure in Microsoft Teams for Android allows an authenticated remote attacker to extract sensitive data via an injection flaw (CWE-74) in output passed to a downstream component. The CVSS 8.1 rating reflects high confidentiality and availability impact over the network with low privileges and no user interaction, though no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

Information Disclosure Google Microsoft Teams
NVD VulDB
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-42829 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Administrator Protection allows an authorized attacker with low-privilege access to bypass a security feature on affected Windows systems. The flaw stems from improper access control (CWE-284) in the Administrator Protection mechanism, and while no public exploit identified at time of analysis, the high CVSS 7.8 reflects the meaningful impact on confidentiality, integrity, and availability once the bypass is achieved. The issue was reported by Microsoft (secure@microsoft.com) and is tracked through MSRC rather than CISA KEV.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-42828 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Projected File System (ProjFS) Filter Driver enables an authorized low-privileged user to elevate to higher privileges through a buffer over-read condition. The flaw affects Microsoft Windows installations where the ProjFS filter driver is present, and exploitation yields high impact across confidentiality, integrity, and availability. There is no public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-41108 HIGH PATCH Act Now

Local privilege escalation in Microsoft Windows DNS allows an authenticated low-privileged user to gain elevated privileges via a heap-based buffer overflow (CWE-122). The CVSS 7.0 score reflects high attack complexity and local-only access, and no public exploit is identified at time of analysis. The flaw was reported privately by Microsoft (MSRC) and is tracked under MSRC advisory CVE-2026-41108.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-41098 HIGH PATCH Exploit Unlikely This Week

Stored or reflected cross-site scripting in Microsoft Azure Stack Edge enables an authenticated high-privileged attacker to inject malicious script into the management web interface, leading to spoofing attacks across a network with scope change to other components. With CVSS 8.4 reflecting high confidentiality, integrity, and availability impact plus required user interaction, successful exploitation could compromise adjacent Azure resources or administrative sessions. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

XSS Microsoft
NVD VulDB
CVSS 3.1
8.4
EPSS
0.1%
CVE-2026-41092 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Kinect allows an authenticated low-privileged user to elevate to higher privileges due to improper access control (CWE-284). The vulnerability carries a CVSS 7.8 (High) rating with local attack vector and low complexity, and no public exploit identified at time of analysis. Successful exploitation yields high impact to confidentiality, integrity, and availability on the affected host.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-40409 HIGH PATCH Exploit Unlikely This Week

Elevation of privilege in the Microsoft Windows Universal Disk Format File System (UDFS) driver allows a local authenticated attacker to escalate to SYSTEM-level privileges with high impact on confidentiality, integrity, and availability. The CVSS 7.8 vector indicates local attack with low complexity and low privileges required, and no public exploit identified at time of analysis. The vulnerability stems from a numeric truncation error (CWE-197) in kernel-mode file system code, a class historically favored by post-compromise privilege escalation chains.

Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-40404 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Universal Disk Format File System (UDFS) driver allows an authenticated low-privileged user to gain SYSTEM-level code execution by triggering a heap-based buffer overflow (CWE-122). The flaw affects Windows endpoints where the UDFS kernel driver parses attacker-controlled UDF-formatted media (typically optical discs or mounted disc images). No public exploit identified at time of analysis and the issue is not currently listed on CISA KEV.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-40371 HIGH PATCH Exploit Unlikely This Week

Privilege escalation in Microsoft Dynamics 365 (on-premises) allows a remote authenticated attacker with low-level access to gain elevated privileges across the network due to improper handling of insufficient permissions. With a CVSS score of 8.8 and full impact on confidentiality, integrity, and availability, this issue is significant for organizations running on-premises Dynamics 365 deployments. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-34335 HIGH PATCH Act Now

Local privilege escalation in the Windows Ancillary Function Driver for WinSock (AFD.sys) allows an authenticated low-privileged user to elevate to SYSTEM by triggering a use-after-free condition in the kernel-mode driver. No public exploit identified at time of analysis and the issue is not listed in CISA KEV, but AFD.sys has a long history of being targeted for kernel EoP, making this a likely candidate for future weaponization. CVSS 7.0 reflects the high attack complexity required to reliably win the underlying race or reuse condition.

Microsoft Use After Free Memory Corruption Denial Of Service
NVD VulDB
CVSS 3.1
7.0
EPSS
0.1%
CVE-2026-33828 HIGH PATCH NEWS This Week

Local privilege escalation in Microsoft Windows Attestation allows an authenticated local user with low privileges to gain elevated permissions on the host through a trust boundary violation (CWE-501). The flaw is rated CVSS 7.8 with high impact across confidentiality, integrity, and availability, and there is no public exploit identified at time of analysis. The issue is tagged as Information Disclosure by the reporter, but the CVSS vector indicates full system compromise potential once exploited.

Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-33113 MEDIUM PATCH Exploit Unlikely This Month

Cross-site scripting in Microsoft SharePoint enables network-based spoofing attacks by injecting malicious scripts into web page output. The vulnerability (CWE-79) targets users of the SharePoint web interface and, when triggered via user interaction, allows an attacker to manipulate page content or impersonate legitimate UI elements - degrading both confidentiality and integrity. No public exploit or active exploitation has been identified at time of analysis, though the low-complexity network vector lowers the bar for opportunistic abuse.

XSS Microsoft Sharepoint Server
NVD VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-32193 HIGH PATCH NEWS This Week

Local privilege escalation and code execution in Microsoft Azure Kubernetes Service (AKS) is possible via a path traversal flaw (CWE-22) that allows an authorized attacker on the local system to break out of restricted directory boundaries and execute code with elevated privileges. The CVSS 3.1 score of 8.8 reflects the scope change (S:C) where exploitation impacts resources beyond the vulnerable component, enabling full confidentiality, integrity, and availability compromise. No public exploit identified at time of analysis.

Microsoft Kubernetes Path Traversal Azure Kubernetes Service
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-8795 HIGH PATCH This Week

Arbitrary VQL execution in Rapid7 Velociraptor before 0.76.6 allows attackers to compromise analyst workstations by supplying a malicious collection ZIP whose client_info.json hostname field breaks out of a YAML template generated by the Windows.Collectors.Remapping artifact. Triggered when an analyst loads the resulting remapping file with --remap, the injected VQL runs under NullACLManager with full permissions and no sandbox. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

Code Injection Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-11696 MEDIUM PATCH This Month

Uninitialized memory use in the Video component of Google Chrome on Windows (prior to 149.0.7827.103) allows an attacker who has already compromised the renderer process to read potentially sensitive data from process memory by directing the victim to a crafted HTML page. The vulnerability is Windows-specific, rated High severity by Chromium's internal scale, and carries a CVSS 5.3 due to the high attack complexity and required user interaction stacking atop the renderer-compromise prerequisite. No public exploit identified at time of analysis; Google has released a fix in version 149.0.7827.103.

Information Disclosure Google Microsoft Red Hat Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-11680 HIGH PATCH This Week

Remote code execution in Google Chrome on Windows prior to 149.0.7827.103 allows attackers to run arbitrary code inside the renderer sandbox when a victim visits a crafted HTML page, triggering a use-after-free condition in the Media component. The flaw carries a CVSS 8.8 (High) rating and is tagged by Chromium as High severity. No public exploit has been identified at time of analysis, and the issue is not listed in CISA KEV.

Google Memory Corruption RCE Use After Free Microsoft +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11679 HIGH PATCH This Week

Sandbox escape in Google Chrome on Windows before 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free in the Codecs component triggered by a crafted HTML page. Google rates this Chromium security severity as High, and a vendor patch is available; no public exploit was identified at time of analysis, though the scope-changed CVSS 8.3 reflects the cross-boundary impact of breaching the sandbox.

Google Memory Corruption Use After Free Microsoft Denial Of Service +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-11665 MEDIUM PATCH This Month

Out-of-bounds read in Dawn, Chrome's WebGPU graphics API layer, on Windows enables unauthenticated remote attackers to leak cross-origin data by serving a crafted HTML page. Affected versions of Google Chrome on Windows are all releases prior to 149.0.7827.103. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) confirms this is a network-exploitable, low-complexity information disclosure with no authentication requirement - limited only by the need for a user to visit the attacker-controlled page. No public exploit code or CISA KEV listing has been identified at time of analysis.

Information Disclosure Google Microsoft Buffer Overflow Red Hat +1
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-11661 HIGH PATCH This Week

Sandbox escape in Google Chrome on Windows prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free in the Views component, triggered through a crafted HTML page. Google rates this Chromium security severity High and a vendor patch is available; no public exploit identified at time of analysis and the bug is not currently listed in CISA KEV.

Google Memory Corruption Use After Free Microsoft Denial Of Service +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-11648 HIGH PATCH This Week

Heap corruption via use-after-free in Google Chrome's FullScreen component on Windows prior to 149.0.7827.103 enables remote attackers to potentially achieve code execution when a victim visits a malicious HTML page. Chromium rates this High severity and a vendor patch is available, though no public exploit has been identified at time of analysis. The CVSS 8.8 score reflects the network-reachable, low-complexity nature of the bug, tempered by required user interaction (UI:R).

Google Memory Corruption Use After Free Microsoft Denial Of Service +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11641 HIGH PATCH This Week

Remote code execution in Google Chrome on Windows prior to 149.0.7827.103 can be triggered via a use-after-free flaw in the Bluetooth component, allowing a remote attacker to execute arbitrary code when a victim visits a crafted HTML page and performs specific UI gestures. Chromium rates the severity as Critical, though the CVSS 3.1 score of 7.5 reflects high attack complexity and required user interaction. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Google Memory Corruption RCE Use After Free Microsoft +3
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-11636 HIGH PATCH This Week

Heap corruption in Google Chrome's Autofill component on Windows versions prior to 149.0.7827.103 allows remote attackers to potentially achieve code execution by luring users to a malicious HTML page and convincing them to perform specific UI interactions. Chromium rates the underlying flaw as Critical severity, though CVSS scores it 7.5 due to required user interaction and high attack complexity. No public exploit identified at time of analysis.

Google Memory Corruption Use After Free Microsoft Denial Of Service +2
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-11634 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Windows prior to 149.0.7827.103 allows remote attackers to exploit a use-after-free flaw in the Gamepad component via a crafted HTML page, requiring only that a victim visit a malicious site. Chromium rates this Critical severity and the CVSS score of 9.6 reflects scope change (sandbox escape) with high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, but the bug class and Critical Chromium rating make it a high-priority browser patch.

Google Memory Corruption Use After Free Microsoft Denial Of Service +2
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-11631 HIGH PATCH This Week

Sandbox escape in Google Chrome on Windows versions prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page exploiting a use-after-free in the Aura UI framework. Google rates the underlying Chromium issue as Critical severity, though exploitation requires a prior renderer compromise and user interaction (visiting a malicious page). No public exploit has been identified at time of analysis and the CVE is not listed in CISA KEV.

Google Memory Corruption Use After Free Microsoft Denial Of Service +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-47712 PyPI LOW PATCH GHSA Monitor

Path traversal in Dulwich's porcelain.format_patch function allows patch files to be written outside the intended output directory by processing commits with malicious subject lines. Any service passing untrusted commits to dulwich.porcelain.format_patch(outdir=...) - such as CI pipelines, PR review platforms, or developer tooling processing third-party repositories - is affected in versions 0.24.0 through 1.2.4. No public exploit identified at time of analysis and no CISA KEV listing, but the attack pattern is trivially reproducible from the advisory description alone; exploitation requires no special tooling beyond crafting a commit with a subject like 'x/../../target'.

Microsoft Path Traversal
NVD GitHub
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-47693 PHP MEDIUM PATCH GHSA This Month

CSV Injection in Poweradmin's log export functionality allows a high-privileged attacker to embed spreadsheet formulas in usernames that execute when an administrator exports activity logs and opens the resulting CSV in Excel, LibreOffice Calc, or Google Sheets. All four log export controllers pass username fields directly to PHP's fputcsv() without neutralizing formula trigger characters (=, +, -, @), enabling phishing via rendered hyperlinks and silent data exfiltration via =IMPORTXML() or similar functions targeting victim administrators. Publicly available exploit code exists per GHSA-3h6h-67x3-cv5x; the vulnerability is not listed in CISA KEV.

Google PHP Information Disclosure Microsoft Docker
NVD GitHub
CVSS 3.1
6.9
EPSS
0.0%
CVE-2026-39908 HIGH POC This Week

Credential disclosure in OpenBullet2 through 0.3.2 on Windows allows authenticated remote attackers to coerce SMB authentication and capture NTLMv2 hashes by configuring a job's proxy source with an attacker-controlled UNC path. Captured hashes can be relayed against other services or cracked offline to recover the password of the account running the application. Publicly available exploit code exists per VulnCheck advisory; no CISA KEV listing at time of analysis.

Information Disclosure Microsoft Openbullet2
NVD VulDB
CVSS 4.0
7.1
EPSS
0.1%
CVE-2026-50751 CRITICAL POC KEV THREAT NEWS Emergency

Authentication bypass in Check Point Quantum Security Gateway and Spark Firewalls allows unauthenticated remote attackers to establish Remote Access and Mobile Access VPN sessions without valid credentials by abusing a logic flaw in deprecated IKEv1 certificate validation. The flaw (CVSS 9.3, CWE-287) was reported by Check Point themselves and publicly available exploit code exists, though EPSS exploitation probability remains very low (0.01%) and the issue is not currently listed in CISA KEV. Affected deployments include multiple Quantum R80.40-R82.10 trains and Spark R80.20.X-R82.00.X firmware.

Authentication Bypass Microsoft
NVD VulDB GitHub
CVSS 3.1
9.3
EPSS
0.0%
Threat
5.8
CVE-2026-50752 HIGH Act Now

Certificate validation bypass in Check Point Quantum Security Gateway and Spark Firewalls allows network-positioned attackers to subvert IKEv1 certificate-based authentication in site-to-site VPN tunnels. A man-in-the-middle adversary can intercept or modify traffic traversing the tunnel without possessing valid credentials. No public exploit identified at time of analysis, and the issue is constrained to the deprecated IKEv1 protocol path.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-49494 HIGH POC This Week

Remote denial of service in Comodo Internet Security's Inspect.sys firewall driver lets an unauthenticated attacker crash any Windows host running the product by sending a single crafted IPv6 packet, even when all ports are blocked at the firewall. The flaw is an integer underflow (CWE-191) in IPv6 extension-header parsing that occurs before firewall rule enforcement, producing an out-of-bounds read and an oversized memcpy at DISPATCH_LEVEL and an immediate BSOD. Publicly available exploit code exists, published alongside MalwareTech's technical writeup and a working PoC named ComoDoS.

Microsoft Integer Overflow Buffer Overflow Comodo Internet Security
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-49492 HIGH PATCH This Week

Remote code execution in Markdown Preview Enhanced before 0.8.28 on Windows allows attackers to inject OS commands through crafted markdown documents that abuse the diagram filename attribute, imported file paths, or the latex_engine code-chunk attribute, all of which were passed through a shell without validation. Exploitation requires the victim to preview the malicious document (UI:A), and no public exploit identified at time of analysis, though VulnCheck-published advisory details and a tagged fix release make weaponization straightforward.

Microsoft Command Injection
NVD GitHub
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-47386 npm MEDIUM PATCH GHSA This Month

OAuth authorization code exchange in NocoDB versions up to 2026.05.0 is vulnerable to a race condition that breaks the single-use guarantee enforced by PKCE. By submitting two or more concurrent token-exchange requests before the server atomically marks the authorization code as consumed, an attacker who controls a malicious OAuth client can obtain multiple valid (access_token, refresh_token) pairs from a single authorization code, resulting in unauthorized long-lived session access alongside the legitimate token. Fixed in 2026.05.1 via an atomic compare-and-swap database operation; no public exploit has been identified at time of analysis and this vulnerability is not listed in the CISA KEV catalog.

Information Disclosure Microsoft Race Condition
NVD GitHub
CVSS 4.0
6.3
EPSS
0.1%
CVE-2026-48103 MEDIUM PATCH This Month

Off-by-one heap out-of-bounds read in 7-Zip's WIM archive handler (versions 9.34-26.00) allows a remote unauthenticated attacker to trigger denial of service - and potentially minor information disclosure - by delivering a crafted WIM file. The vulnerability is zero-click exploitable in the GUI: 7zFM.exe automatically calls GetRawProp(kpidNtSecure) for every listed item, triggering the OOB read without any additional user interaction beyond opening or navigating to the malicious archive. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Denial Of Service Information Disclosure Microsoft Buffer Overflow Suse
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-21038 MEDIUM This Month

Out-of-bounds memory access in Samsung Android USB Driver for Windows (all versions prior to 1.9.5.0) allows a local attacker without elevated privileges to corrupt or read memory beyond allocated bounds, resulting in high availability impact and low integrity impact on the affected Windows host. Samsung has released version 1.9.5.0 as the corrective patch, documented under EUVD-2026-34810. No public exploit code exists and the vulnerability is not listed in CISA KEV at time of analysis, though the CVSS 4.0 AT:P modifier signals a required target-specific condition that narrows exploitability.

Google Microsoft Samsung Buffer Overflow Information Disclosure +1
NVD VulDB
CVSS 4.0
5.9
EPSS
0.0%
CVE-2026-11281 MEDIUM PATCH This Month

Integer overflow in Chrome's Chromoting (Remote Desktop) component on Windows exposes process memory contents to local authenticated attackers via crafted ETW (Event Tracing for Windows) events. Affected versions are all Chrome releases on Windows prior to 149.0.7827.53. With CVSS confidentiality impact rated High and no public exploit identified at time of analysis, the practical risk is constrained by the local access and user interaction requirements, though sensitive data such as credentials or session tokens resident in process memory could be disclosed. EPSS score of 0.01% (1st percentile) confirms low observed exploitation probability.

Information Disclosure Google Microsoft Chrome
NVD VulDB
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-11268 MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome's ANGLE graphics layer on Windows allows a remote unauthenticated attacker to read sensitive cross-origin memory contents by delivering a crafted HTML page to a victim. Affected are all Chrome versions on Windows prior to 149.0.7827.53. The root cause is an uninitialized memory use (CWE-457) within ANGLE, Chrome's graphics abstraction library. No public exploit has been identified at time of analysis, EPSS is very low at 0.03% (11th percentile), and the vulnerability is not listed in the CISA KEV catalog, consistent with the vendor's own 'Low' severity rating.

Information Disclosure Google Microsoft
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11218 MEDIUM PATCH This Month

Remote code execution in Google Chrome on Windows prior to version 149.0.7827.53 allows a remote attacker to run arbitrary code when a victim is lured into performing specific UI gestures involving a malicious file delivered through the PlatformIntegration component. The flaw stems from improper input validation (CWE-20) and, while a vendor patch is available, no public exploit has been identified at time of analysis and EPSS scoring (0.04%) indicates very low near-term exploitation probability.

Google Microsoft RCE Red Hat Suse +1
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-11147 HIGH PATCH This Week

Remote code execution in Google Chrome on Windows prior to 149.0.7827.53 allows attackers to run arbitrary code within the browser sandbox by enticing a user to visit a crafted HTML page that triggers a use-after-free in the WebML component. Although Chromium rates the severity as Medium, the CVSS 3.1 base score is 8.8 (High), reflecting high impact across confidentiality, integrity, and availability with low attack complexity. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Google Memory Corruption RCE Use After Free Microsoft +4
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11117 HIGH PATCH This Week

Remote code execution in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker to exploit a use-after-free condition in the Views component via a crafted HTML page. The flaw carries a CVSS 3.1 score of 8.8 with network attack vector and requires user interaction (visiting a malicious page), and no public exploit has been identified at time of analysis despite Google's vendor patch being released.

Google Memory Corruption RCE Use After Free Microsoft +4
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11115 HIGH PATCH This Week

Local privilege escalation in Google Chrome on Windows prior to 149.0.7827.53 stems from a use-after-free condition in the Updater component, allowing a local attacker who can place a malicious file to elevate to OS-level privileges. The flaw was reported by Google's Chrome security team with no public exploit identified at time of analysis, and EPSS scoring is very low at 0.01% reflecting minimal predicted exploitation activity. Chromium rates the severity as Medium while the CVSS base score of 7.3 reflects the high impact of OS-level privilege escalation.

Privilege Escalation Google Memory Corruption Use After Free Microsoft +2
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-11103 HIGH PATCH This Week

Local privilege escalation in Google Chrome on Windows prior to version 149.0.7827.53 allows an attacker with local access to elevate to OS-level privileges by planting a malicious file that the Chrome Installer processes inappropriately. The flaw stems from improper privilege management (CWE-269) in the Installer component and requires user interaction to trigger, with no public exploit identified at time of analysis and an EPSS score of 0.01% indicating very low predicted exploitation likelihood.

Google Microsoft Privilege Escalation Chrome
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-11101 MEDIUM PATCH This Month

Uninitialized memory use in the Dawn WebGPU engine of Google Chrome on Windows (all versions prior to 149.0.7827.53) enables a remote unauthenticated attacker to leak cross-origin data from a victim's browser session. Exploitation requires the victim to visit a crafted HTML page, breaking same-origin isolation by surfacing residual memory contents from other browsing contexts. No public exploit has been identified and EPSS sits at 0.03% (11th percentile), indicating low current exploitation probability; however, the High confidentiality CVSS impact warrants prompt patching in environments handling sensitive cross-origin data.

Information Disclosure Google Microsoft Chrome
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11094 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free in the Codecs component triggered by a crafted HTML page. The flaw requires user interaction (visiting a malicious page) and chains with a prior renderer compromise; no public exploit identified at time of analysis and EPSS exploitation probability is very low (0.03%, 11th percentile).

Google Memory Corruption Use After Free Microsoft Denial Of Service +1
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11070 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Windows versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer/network process to break out of the browser sandbox via crafted Chromoting (Chrome Remote Desktop) network traffic. The flaw is rated CVSS 9.6 due to the scope change from sandboxed process to host, though Google classifies the Chromium severity as Medium. EPSS is very low (0.05%) and no public exploit identified at time of analysis, but a vendor patch is available.

Information Disclosure Google Microsoft Chrome
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11063 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Windows before 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that abuses the WebNN (Web Neural Network) API. The flaw stems from insufficient validation of untrusted input (CWE-20) reaching the WebNN component, and exploitation requires user interaction (visiting an attacker-controlled page) plus a prior renderer-compromise primitive. There is no public exploit identified at time of analysis, and the EPSS probability is very low (0.04%).

Information Disclosure Google Microsoft Chrome
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11060 HIGH PATCH This Week

Remote code execution in Google Chrome on Windows prior to version 149.0.7827.53 allows a remote attacker to escape memory safety boundaries within the renderer sandbox via a crafted HTML page. The flaw stems from a use-after-free condition in the Media component and requires user interaction (visiting a malicious page); no public exploit has been identified at time of analysis. With a CVSS of 8.8 and confirmed Chromium classification, this is a typical browser memory-corruption bug that historically attracts exploit chains.

Google Memory Corruption RCE Use After Free Microsoft +4
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11058 HIGH PATCH This Week

Privilege escalation in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via an integer overflow in the CredentialProvider component. Exploitation requires user interaction with a crafted HTML page and a prior renderer compromise, and no public exploit has been identified at time of analysis. Chromium rates the security severity as Medium despite the CVSS 7.5 score.

Google Microsoft Privilege Escalation Red Hat Suse +1
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-11056 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the Site Isolation sandbox via a crafted HTML page. The flaw stems from insufficient validation of untrusted input in the Site Isolation component (CWE-20) and is rated CVSS 9.6 due to scope change, though Chromium itself classifies the underlying severity as Medium. No public exploit has been identified at time of analysis and EPSS is very low (0.05%, 15th percentile), but the chained-exploit potential makes it a meaningful browser-security risk.

Information Disclosure Google Microsoft Chrome
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11055 HIGH PATCH This Week

Remote code execution in Google Chrome on Windows prior to 149.0.7827.53 allows attackers to run arbitrary code inside the renderer sandbox by luring a user to a crafted HTML page that triggers a use-after-free in the ANGLE graphics layer. The flaw carries a CVSS 8.8 score and requires user interaction (visiting a malicious page), and no public exploit identified at time of analysis. The sandbox containment limits direct system impact, but the bug is a strong candidate for chaining with a sandbox escape.

Google Memory Corruption RCE Use After Free Microsoft +4
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11052 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Windows versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that triggers a type confusion in the GPU process. The CVSS score of 9.6 reflects the scope-changing nature of escaping the sandbox boundary, though exploitation requires user interaction (visiting a malicious page) and a pre-existing renderer compromise. No public exploit identified at time of analysis, and EPSS is low at 0.03%.

Microsoft Information Disclosure Google Memory Corruption Chrome
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11047 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw resides in the Base component and is rated Medium severity by Chromium despite the CVSS 9.6 score, reflecting the prerequisite of a prior renderer compromise. No public exploit identified at time of analysis, and EPSS exploitation probability is very low at 0.05%.

Information Disclosure Google Microsoft Chrome
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11041 HIGH PATCH This Week

Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 enables a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that exploits insufficient input validation in the Media component. The flaw requires user interaction (visiting a malicious page) and a prior renderer compromise, making it a second-stage capability typically chained with another bug; no public exploit identified at time of analysis and EPSS exploitation probability is low at 0.05%.

Information Disclosure Google Microsoft Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-11021 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that exploits insufficient input validation in the GPU component. The CVSS 9.6 score reflects the scope change from renderer to host, but real-world exploitation requires chaining with a separate renderer compromise and user interaction. EPSS is low at 0.05% and no public exploit is identified at time of analysis.

Information Disclosure Google Microsoft Chrome Red Hat +1
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11009 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Windows versions prior to 149.0.7827.53 can be triggered by a remote attacker via a crafted HTML page that exploits a use-after-free condition in the USB component. The flaw carries a CVSS score of 9.6 due to its scope-changing impact, though Google rated the underlying Chromium security severity as Medium, and no public exploit has been identified at time of analysis with an EPSS score of just 0.03%.

Google Memory Corruption Use After Free Microsoft Denial Of Service +1
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11005 MEDIUM PATCH This Month

Out-of-bounds read in Chrome's ANGLE graphics layer on Windows exposes sensitive process memory to an attacker who has already achieved renderer compromise. Affected are all Chrome for Windows installations prior to 149.0.7827.53; macOS, Linux, Android, and iOS are not in scope per available data. No public exploit code exists and no active exploitation is confirmed - EPSS at 0.03% (11th percentile) and SSVC exploitation status of 'none' jointly indicate this is a low-priority real-world threat, functioning primarily as a post-exploitation information-disclosure step in a multi-stage browser attack chain rather than a standalone critical vulnerability.

Information Disclosure Google Microsoft Buffer Overflow Red Hat +1
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-10999 MEDIUM PATCH This Month

Integer overflow in Chrome's ANGLE graphics layer on Windows enables process memory disclosure for attackers who have already compromised the renderer process. Affected versions are all Google Chrome releases prior to 149.0.7827.53 on Windows. An attacker who has first achieved renderer compromise can trigger the ANGLE integer overflow via a crafted HTML page to read potentially sensitive data from process memory - functioning as a second-stage information leak within a chained exploit. No public exploit identified at time of analysis, and EPSS at 0.03% (11th percentile) reflects low observed exploitation probability.

Information Disclosure Google Microsoft Integer Overflow Chrome
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-10978 HIGH PATCH This Week

Remote code execution in Google Chrome on Windows prior to version 149.0.7827.53 stems from a use-after-free flaw in the Chromoting (Chrome Remote Desktop) component. A remote attacker can deliver malicious network traffic that, combined with minimal user interaction, allows arbitrary code execution within the browser's renderer context. No public exploit identified at time of analysis, but Google rates the underlying Chromium severity as High.

Google Memory Corruption RCE Use After Free Microsoft +4
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Likely Act Now

Local code execution in the Windows Win32K GRFX (graphics) subsystem allows an unauthorized attacker with the ability to run code locally to escalate privileges through an integer overflow. The flaw was reported by Microsoft (MSRC) and carries a CVSS 7.8, but requires user interaction (UI:R) and local access (AV:L), and no public exploit identified at time of analysis.

Microsoft Integer Overflow Buffer Overflow +16
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Desktop Window Manager (DWM) Core Library allows an authenticated low-privilege attacker to gain higher privileges through a use-after-free memory corruption flaw. The vulnerability carries a CVSS score of 7.8 with high impact across confidentiality, integrity, and availability, and no public exploit identified at time of analysis. Successful exploitation typically yields SYSTEM-level code execution on the affected Windows host.

Microsoft Use After Free Memory Corruption +11
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Act Now

Local privilege escalation in Microsoft Windows Push Notifications service stems from a race condition (CWE-362) that an authenticated low-privilege user can win to gain higher privileges on the host. The CVSS 7.8 score with Scope:Changed indicates successful exploitation crosses a security boundary, impacting confidentiality, integrity, and availability of resources beyond the vulnerable component. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Information Disclosure Microsoft Race Condition
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft Windows Deployment Services (WDS) allows unauthenticated network-based attackers to execute arbitrary code by exploiting a use-after-free memory corruption flaw (CWE-416). The CVSS 8.1 score reflects high impact on confidentiality, integrity, and availability, though exploit complexity is rated High. No public exploit identified at time of analysis, and SSVC marks exploitation status as none with the flaw classified as not automatable.

Microsoft Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Microsoft Graphics Component allows an authenticated low-privileged attacker to gain elevated rights via a use-after-free memory corruption flaw (CWE-416). The issue carries a CVSS 7.8 (High) rating with full confidentiality, integrity, and availability impact on the affected host. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Microsoft Denial Of Service Memory Corruption +14
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege escalation in Microsoft Windows Kernel allows an authorized low-privileged attacker to gain elevated (SYSTEM-level) privileges by triggering a use-after-free condition in kernel memory. The flaw carries a CVSS 7.0 (High) rating with high attack complexity, and Microsoft has released a patch via MSRC; no public exploit identified at time of analysis. Successful exploitation breaks the local Windows security boundary, enabling full host compromise from any authenticated session.

Microsoft Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows Desktop Window Manager (DWM) Core Library enables an authenticated low-privileged attacker to gain elevated privileges through a use-after-free memory corruption flaw. CVSS 7.8 reflects high impact on confidentiality, integrity, and availability but requires local access and existing user-level credentials. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Microsoft Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH Exploit Unlikely This Week

Remote code execution in Windows Performance Monitor enables unauthenticated network attackers to execute arbitrary code by triggering an integer underflow condition in the component's data handling logic. The flaw carries a CVSS score of 8.1 with high attack complexity, and while no public exploit identified at time of analysis, the SSVC assessment rates technical impact as total. Microsoft has released a patch via MSRC, and the issue is also tracked in VulDB entry 369628.

Authentication Bypass Microsoft Integer Overflow
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Windows NT OS Kernel allows an authenticated low-privileged attacker to elevate to SYSTEM by triggering an integer underflow condition. With a CVSS of 7.8 and no public exploit identified at time of analysis, this issue is primarily a post-compromise escalation vector commonly chained after initial access via phishing or commodity malware. Microsoft has released a patch through MSRC, and given Windows kernel EoP bugs are frequently weaponized by ransomware and APT actors historically, prompt patching is warranted despite the absence of confirmed in-the-wild exploitation.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Act Now

Local privilege escalation in Microsoft Windows Push Notifications service stems from a race condition (CWE-362) that an attacker with low-privileged local access can exploit to gain higher privileges. No public exploit identified at time of analysis, and the issue is not on CISA KEV, but the CVSS 7.8 rating reflects high impact across confidentiality, integrity, and availability once the race is won. A vendor patch is available via the Microsoft Security Response Center advisory.

Information Disclosure Microsoft Race Condition
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Act Now

Local privilege escalation in Microsoft Windows Push Notifications service stems from a race condition (CWE-362) in concurrent handling of shared resources, allowing an authorized low-privileged attacker to win a timing window and elevate to higher privileges with scope change. The CVSS 3.1 vector AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H reflects local-only exploitation with high attack complexity due to the timing-dependent nature, but a successful attacker gains full confidentiality, integrity, and availability impact across a security boundary. No public exploit identified at time of analysis.

Information Disclosure Microsoft Race Condition
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Act Now

Local privilege escalation in Windows Push Notifications enables an authenticated low-privileged user to elevate to higher privileges by exploiting a race condition (CWE-362) in concurrent access to a shared resource. Successful exploitation results in high impact to confidentiality, integrity, and availability with scope change, but no public exploit identified at time of analysis. Microsoft has released a patch via MSRC advisory.

Information Disclosure Microsoft Race Condition
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft Windows Performance Monitor (PerfMon) allows unauthenticated network-based attackers to execute arbitrary code by triggering an integer underflow condition. The flaw carries a CVSS 3.1 score of 8.1 driven by high impact across confidentiality, integrity, and availability, though high attack complexity (AC:H) tempers exploitability. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, but Microsoft has released a patch via MSRC guidance.

Authentication Bypass Microsoft Integer Overflow +6
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Windows Push Notifications contains a use-of-uninitialized-resource flaw (CWE-200) that enables a locally authenticated attacker to read sensitive information from memory without elevation of privilege. Affecting a wide range of Windows 10, Windows 11, and Windows Server builds, the vulnerability requires only low-privilege local access and no user interaction to trigger. No public exploit code has been identified at time of analysis, and CISA SSVC rates exploitation as none with partial technical impact, placing this in a lower-urgency remediation band despite the High confidentiality rating in the CVSS vector.

Information Disclosure Microsoft Windows 10 1607 +11
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Local information disclosure in Windows Hyper-V enables an authenticated low-privileged attacker to access sensitive data they are not authorized to read, without any user interaction. Affected systems span a broad range of Windows desktop and server editions from Server 2012 through Windows 11 26H1 and Server 2025. No public exploit identified at time of analysis and no CISA KEV listing; however, the high confidentiality impact (C:H) and breadth of affected versions make this a meaningful patching priority, particularly in multi-tenant virtualization environments.

Information Disclosure Microsoft
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Windows Push Notifications on multiple Windows 10, Windows 11, and Windows Server versions exposes sensitive memory contents through an uninitialized resource condition, allowing a low-privileged local user to read high-confidentiality data without any user interaction. The CVSS vector (AV:L/PR:L) confirms this is strictly a local privilege issue - no remote attack path exists - limiting its practical blast radius to insider threats and post-compromise lateral reconnaissance. No public exploit has been identified at time of analysis, and Microsoft has released patches addressing all listed affected versions.

Information Disclosure Microsoft Windows 10 1607 +11
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Windows Push Notifications contains a use-of-uninitialized-resource flaw (CWE-200) that enables authenticated local attackers to disclose sensitive information across a wide breadth of Microsoft Windows desktop and server platforms. Spanning Windows 10 through Windows 11 25H2 and Windows Server 2012 through Server 2025, the vulnerability carries a CVSS 5.5 Medium score with high confidentiality impact (C:H) but no integrity or availability impact. Microsoft has released patches via the June 2026 Patch Tuesday cycle; no public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Information Disclosure Microsoft Windows 10 1607 +12
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Windows Push Notifications on a broad range of Windows 10, Windows 11, and Windows Server editions leaks sensitive memory contents to locally authenticated low-privileged users through an uninitialized resource condition (CWE-908). The CVSS vector confirms local attack vector with low-privilege authentication requirement, no user interaction needed, and high confidentiality impact - meaning an attacker who has already obtained a standard user account can read residual memory data that could include tokens, credentials, or other sensitive artifacts. No public exploit code exists and no active exploitation has been identified at time of analysis; a vendor-released patch is available via Microsoft Security Response Center.

Information Disclosure Microsoft
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in the Windows Telephony Service exposes sensitive memory contents to locally authenticated attackers across a broad range of Windows client and server versions. The flaw (CWE-125) is exploitable with only low privileges and no user interaction, yielding high confidentiality impact while leaving integrity and availability unaffected. No public exploit code or active exploitation has been identified; CISA's SSVC framework rates this as non-automatable with partial technical impact, placing it at medium operational priority.

Information Disclosure Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows NT OS Kernel allows an authenticated low-privileged user to elevate to higher privileges through an integer underflow condition. The flaw carries a CVSS 7.8 (High) rating with no public exploit identified at time of analysis, but Microsoft has issued a patch via MSRC. Defenders should treat this as a standard Patch-Tuesday-class kernel EoP that becomes a critical post-compromise pivot once initial access is achieved.

Information Disclosure Microsoft Integer Overflow +13
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Denial-of-service in the Windows TCP/IP stack allows an authenticated attacker on an adjacent network to crash the networking subsystem of affected Windows hosts via an incorrect buffer size calculation. Affected systems span Windows 10 (21H2, 22H2), Windows 11 (23H2 through 26H1), Windows Server 2022, and Windows Server 2025 - all unpatched builds within Microsoft-documented version ranges. No public exploit identified at time of analysis, though Microsoft has released fixes addressable via Windows Update; the vulnerability is not listed in the CISA KEV catalog.

Information Disclosure Microsoft Windows 10 21h2 +7
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH Exploit Unlikely This Month

Windows Kerberos out-of-bounds read (CWE-125) allows a low-privilege network attacker to crash the Kerberos authentication service across all actively supported Windows client and server platforms, from Windows Server 2012 through Windows Server 2025 and Windows 11 26H1. The attack requires prior domain authentication and high-complexity triggering conditions (CVSS AC:H), limiting opportunistic mass exploitation, though a successful attack against a domain controller can deny authentication domain-wide by crashing the KDC. Vendor patches are available via the Microsoft MSRC advisory; no public exploit code exists and SSVC confirms no observed exploitation at time of analysis.

Denial Of Service Information Disclosure Microsoft +14
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows Telephony Service allows an authenticated low-privileged attacker to elevate to higher privileges by exploiting a race condition in concurrent access to a shared resource. The flaw carries a CVSS 7.0 (High) rating with high attack complexity, and no public exploit identified at time of analysis. Successful exploitation grants full confidentiality, integrity, and availability impact on the affected host.

Information Disclosure Microsoft Race Condition
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Ancillary Function Driver for WinSock (afd.sys) allows an authenticated low-privileged user to elevate to SYSTEM via a use-after-free condition. The flaw affects Microsoft Windows installations using the standard WinSock kernel driver and has a vendor-released patch available through Microsoft's security update guide. No public exploit has been identified at time of analysis, though afd.sys has historically been a frequent target for elevation-of-privilege exploitation.

Microsoft Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Hotpatch Monitoring Service enables an authenticated low-privileged attacker to gain elevated privileges through an out-of-bounds write (CWE-787) memory corruption flaw. The CVSS 7.8 (AV:L/AC:L/PR:L) reflects local attack vector with low complexity once a foothold is obtained, and no public exploit identified at time of analysis. The vulnerability was reported by Microsoft's own security team (secure@microsoft.com), suggesting internal discovery prior to disclosure.

Microsoft Memory Corruption Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Information disclosure in Microsoft Windows Remote Desktop Protocol (RDP) allows unauthenticated remote attackers to read out-of-bounds memory contents over the network, potentially leaking sensitive data from the RDP service process. The vulnerability requires no authentication or user interaction and is rated CVSS 7.5 with high confidentiality impact only. At time of analysis there is no public exploit identified and the issue is not listed in CISA KEV.

Information Disclosure Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH Exploit Unlikely This Month

Information disclosure in Windows Shell exposes sensitive data to authenticated low-privileged attackers, with a confirmed vendor patch available. The vulnerability stems from CWE-200 improper information exposure within the Windows Shell component, allowing confidentiality compromise with no integrity or availability impact. No public exploit code or CISA KEV listing has been identified at time of analysis, but the high confidentiality impact score (C:H) and low attack complexity elevate practical concern for environments where lateral movement or credential harvesting are threat vectors.

Information Disclosure Microsoft Windows 10 1809 +9
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Windows Shell exposes sensitive information to locally authenticated, low-privileged attackers without requiring user interaction or elevated privileges. The vulnerability (CWE-200) results in high confidentiality impact, allowing disclosure of sensitive data accessible through the Shell component. No active exploitation has been confirmed by CISA KEV and no public exploit code has been identified at time of analysis, though the Microsoft Security Response Center (MSRC) has acknowledged the issue via advisory.

Information Disclosure Microsoft
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Windows Desktop Window Manager (DWM) Core Library enables an authorized low-privilege user to elevate to higher privileges via a use-after-free condition. The flaw carries a CVSS 7.8 (High) and no public exploit identified at time of analysis, though Microsoft has acknowledged the issue through MSRC. Successful exploitation grants full confidentiality, integrity, and availability impact on the affected host.

Microsoft Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Privilege elevation in the Windows TCP/IP networking stack allows an unauthenticated attacker on an adjacent network to gain elevated privileges by triggering a heap-based buffer overflow (CWE-122). The CVSS 9.6 score with scope change (S:C) indicates the compromise crosses security boundaries beyond the vulnerable component itself. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Null pointer dereference in Windows Kerberos enables an authenticated network attacker to crash the Kerberos service, causing denial of service. The CVSS vector (AV:N/AC:L/PR:L/UI:N) confirms exploitation is achievable over the network by any low-privilege authenticated user with no user interaction required, resulting in high availability impact (A:H) with no confidentiality or integrity consequences. No active exploitation confirmed (not in CISA KEV), and no public exploit code has been identified at time of analysis.

Denial Of Service Null Pointer Dereference Microsoft
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft PowerToys allows an authenticated low-privileged user on a Windows system with PowerToys installed to elevate to higher privileges by abusing an improper authorization check (CWE-285). The flaw requires existing local access and low-level credentials, with no public exploit identified at time of analysis and no CISA KEV listing. Successful exploitation yields full confidentiality, integrity, and availability impact on the affected host.

Authentication Bypass Microsoft Powertoys
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Projected File System (ProjFS) Filter Driver allows an authenticated low-privileged user on a Windows host to escalate to higher privileges by triggering a buffer over-read in the kernel-mode driver. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but the CVSS 7.8 with low attack complexity and no user interaction makes it an attractive post-compromise target for endpoint operators.

Information Disclosure Microsoft Buffer Overflow +10
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH Exploit Unlikely This Week

Information disclosure in Microsoft Teams for Android allows an authenticated remote attacker to extract sensitive data via an injection flaw (CWE-74) in output passed to a downstream component. The CVSS 8.1 rating reflects high confidentiality and availability impact over the network with low privileges and no user interaction, though no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

Information Disclosure Google Microsoft +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Administrator Protection allows an authorized attacker with low-privilege access to bypass a security feature on affected Windows systems. The flaw stems from improper access control (CWE-284) in the Administrator Protection mechanism, and while no public exploit identified at time of analysis, the high CVSS 7.8 reflects the meaningful impact on confidentiality, integrity, and availability once the bypass is achieved. The issue was reported by Microsoft (secure@microsoft.com) and is tracked through MSRC rather than CISA KEV.

Authentication Bypass Microsoft
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Projected File System (ProjFS) Filter Driver enables an authorized low-privileged user to elevate to higher privileges through a buffer over-read condition. The flaw affects Microsoft Windows installations where the ProjFS filter driver is present, and exploitation yields high impact across confidentiality, integrity, and availability. There is no public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Act Now

Local privilege escalation in Microsoft Windows DNS allows an authenticated low-privileged user to gain elevated privileges via a heap-based buffer overflow (CWE-122). The CVSS 7.0 score reflects high attack complexity and local-only access, and no public exploit is identified at time of analysis. The flaw was reported privately by Microsoft (MSRC) and is tracked under MSRC advisory CVE-2026-41108.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH Exploit Unlikely This Week

Stored or reflected cross-site scripting in Microsoft Azure Stack Edge enables an authenticated high-privileged attacker to inject malicious script into the management web interface, leading to spoofing attacks across a network with scope change to other components. With CVSS 8.4 reflecting high confidentiality, integrity, and availability impact plus required user interaction, successful exploitation could compromise adjacent Azure resources or administrative sessions. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

XSS Microsoft
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Kinect allows an authenticated low-privileged user to elevate to higher privileges due to improper access control (CWE-284). The vulnerability carries a CVSS 7.8 (High) rating with local attack vector and low complexity, and no public exploit identified at time of analysis. Successful exploitation yields high impact to confidentiality, integrity, and availability on the affected host.

Authentication Bypass Microsoft
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Elevation of privilege in the Microsoft Windows Universal Disk Format File System (UDFS) driver allows a local authenticated attacker to escalate to SYSTEM-level privileges with high impact on confidentiality, integrity, and availability. The CVSS 7.8 vector indicates local attack with low complexity and low privileges required, and no public exploit identified at time of analysis. The vulnerability stems from a numeric truncation error (CWE-197) in kernel-mode file system code, a class historically favored by post-compromise privilege escalation chains.

Information Disclosure Microsoft
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Universal Disk Format File System (UDFS) driver allows an authenticated low-privileged user to gain SYSTEM-level code execution by triggering a heap-based buffer overflow (CWE-122). The flaw affects Windows endpoints where the UDFS kernel driver parses attacker-controlled UDF-formatted media (typically optical discs or mounted disc images). No public exploit identified at time of analysis and the issue is not currently listed on CISA KEV.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Privilege escalation in Microsoft Dynamics 365 (on-premises) allows a remote authenticated attacker with low-level access to gain elevated privileges across the network due to improper handling of insufficient permissions. With a CVSS score of 8.8 and full impact on confidentiality, integrity, and availability, this issue is significant for organizations running on-premises Dynamics 365 deployments. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Information Disclosure Microsoft
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Act Now

Local privilege escalation in the Windows Ancillary Function Driver for WinSock (AFD.sys) allows an authenticated low-privileged user to elevate to SYSTEM by triggering a use-after-free condition in the kernel-mode driver. No public exploit identified at time of analysis and the issue is not listed in CISA KEV, but AFD.sys has a long history of being targeted for kernel EoP, making this a likely candidate for future weaponization. CVSS 7.0 reflects the high attack complexity required to reliably win the underlying race or reuse condition.

Microsoft Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in Microsoft Windows Attestation allows an authenticated local user with low privileges to gain elevated permissions on the host through a trust boundary violation (CWE-501). The flaw is rated CVSS 7.8 with high impact across confidentiality, integrity, and availability, and there is no public exploit identified at time of analysis. The issue is tagged as Information Disclosure by the reporter, but the CVSS vector indicates full system compromise potential once exploited.

Information Disclosure Microsoft
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH Exploit Unlikely This Month

Cross-site scripting in Microsoft SharePoint enables network-based spoofing attacks by injecting malicious scripts into web page output. The vulnerability (CWE-79) targets users of the SharePoint web interface and, when triggered via user interaction, allows an attacker to manipulate page content or impersonate legitimate UI elements - degrading both confidentiality and integrity. No public exploit or active exploitation has been identified at time of analysis, though the low-complexity network vector lowers the bar for opportunistic abuse.

XSS Microsoft Sharepoint Server
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Local privilege escalation and code execution in Microsoft Azure Kubernetes Service (AKS) is possible via a path traversal flaw (CWE-22) that allows an authorized attacker on the local system to break out of restricted directory boundaries and execute code with elevated privileges. The CVSS 3.1 score of 8.8 reflects the scope change (S:C) where exploitation impacts resources beyond the vulnerable component, enabling full confidentiality, integrity, and availability compromise. No public exploit identified at time of analysis.

Microsoft Kubernetes Path Traversal +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Arbitrary VQL execution in Rapid7 Velociraptor before 0.76.6 allows attackers to compromise analyst workstations by supplying a malicious collection ZIP whose client_info.json hostname field breaks out of a YAML template generated by the Windows.Collectors.Remapping artifact. Triggered when an analyst loads the resulting remapping file with --remap, the injected VQL runs under NullACLManager with full permissions and no sandbox. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

Code Injection Microsoft
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Uninitialized memory use in the Video component of Google Chrome on Windows (prior to 149.0.7827.103) allows an attacker who has already compromised the renderer process to read potentially sensitive data from process memory by directing the victim to a crafted HTML page. The vulnerability is Windows-specific, rated High severity by Chromium's internal scale, and carries a CVSS 5.3 due to the high attack complexity and required user interaction stacking atop the renderer-compromise prerequisite. No public exploit identified at time of analysis; Google has released a fix in version 149.0.7827.103.

Information Disclosure Google Microsoft +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome on Windows prior to 149.0.7827.103 allows attackers to run arbitrary code inside the renderer sandbox when a victim visits a crafted HTML page, triggering a use-after-free condition in the Media component. The flaw carries a CVSS 8.8 (High) rating and is tagged by Chromium as High severity. No public exploit has been identified at time of analysis, and the issue is not listed in CISA KEV.

Google Memory Corruption RCE +5
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on Windows before 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free in the Codecs component triggered by a crafted HTML page. Google rates this Chromium security severity as High, and a vendor patch is available; no public exploit was identified at time of analysis, though the scope-changed CVSS 8.3 reflects the cross-boundary impact of breaching the sandbox.

Google Memory Corruption Use After Free +4
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Out-of-bounds read in Dawn, Chrome's WebGPU graphics API layer, on Windows enables unauthenticated remote attackers to leak cross-origin data by serving a crafted HTML page. Affected versions of Google Chrome on Windows are all releases prior to 149.0.7827.103. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) confirms this is a network-exploitable, low-complexity information disclosure with no authentication requirement - limited only by the need for a user to visit the attacker-controlled page. No public exploit code or CISA KEV listing has been identified at time of analysis.

Information Disclosure Google Microsoft +3
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on Windows prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free in the Views component, triggered through a crafted HTML page. Google rates this Chromium security severity High and a vendor patch is available; no public exploit identified at time of analysis and the bug is not currently listed in CISA KEV.

Google Memory Corruption Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap corruption via use-after-free in Google Chrome's FullScreen component on Windows prior to 149.0.7827.103 enables remote attackers to potentially achieve code execution when a victim visits a malicious HTML page. Chromium rates this High severity and a vendor patch is available, though no public exploit has been identified at time of analysis. The CVSS 8.8 score reflects the network-reachable, low-complexity nature of the bug, tempered by required user interaction (UI:R).

Google Memory Corruption Use After Free +4
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote code execution in Google Chrome on Windows prior to 149.0.7827.103 can be triggered via a use-after-free flaw in the Bluetooth component, allowing a remote attacker to execute arbitrary code when a victim visits a crafted HTML page and performs specific UI gestures. Chromium rates the severity as Critical, though the CVSS 3.1 score of 7.5 reflects high attack complexity and required user interaction. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Google Memory Corruption RCE +5
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Heap corruption in Google Chrome's Autofill component on Windows versions prior to 149.0.7827.103 allows remote attackers to potentially achieve code execution by luring users to a malicious HTML page and convincing them to perform specific UI interactions. Chromium rates the underlying flaw as Critical severity, though CVSS scores it 7.5 due to required user interaction and high attack complexity. No public exploit identified at time of analysis.

Google Memory Corruption Use After Free +4
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Windows prior to 149.0.7827.103 allows remote attackers to exploit a use-after-free flaw in the Gamepad component via a crafted HTML page, requiring only that a victim visit a malicious site. Chromium rates this Critical severity and the CVSS score of 9.6 reflects scope change (sandbox escape) with high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, but the bug class and Critical Chromium rating make it a high-priority browser patch.

Google Memory Corruption Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on Windows versions prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page exploiting a use-after-free in the Aura UI framework. Google rates the underlying Chromium issue as Critical severity, though exploitation requires a prior renderer compromise and user interaction (visiting a malicious page). No public exploit has been identified at time of analysis and the CVE is not listed in CISA KEV.

Google Memory Corruption Use After Free +4
NVD VulDB
EPSS 0% CVSS 3.3
LOW PATCH Monitor

Path traversal in Dulwich's porcelain.format_patch function allows patch files to be written outside the intended output directory by processing commits with malicious subject lines. Any service passing untrusted commits to dulwich.porcelain.format_patch(outdir=...) - such as CI pipelines, PR review platforms, or developer tooling processing third-party repositories - is affected in versions 0.24.0 through 1.2.4. No public exploit identified at time of analysis and no CISA KEV listing, but the attack pattern is trivially reproducible from the advisory description alone; exploitation requires no special tooling beyond crafting a commit with a subject like 'x/../../target'.

Microsoft Path Traversal
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

CSV Injection in Poweradmin's log export functionality allows a high-privileged attacker to embed spreadsheet formulas in usernames that execute when an administrator exports activity logs and opens the resulting CSV in Excel, LibreOffice Calc, or Google Sheets. All four log export controllers pass username fields directly to PHP's fputcsv() without neutralizing formula trigger characters (=, +, -, @), enabling phishing via rendered hyperlinks and silent data exfiltration via =IMPORTXML() or similar functions targeting victim administrators. Publicly available exploit code exists per GHSA-3h6h-67x3-cv5x; the vulnerability is not listed in CISA KEV.

Google PHP Information Disclosure +2
NVD GitHub
EPSS 0% CVSS 7.1
HIGH POC This Week

Credential disclosure in OpenBullet2 through 0.3.2 on Windows allows authenticated remote attackers to coerce SMB authentication and capture NTLMv2 hashes by configuring a job's proxy source with an attacker-controlled UNC path. Captured hashes can be relayed against other services or cracked offline to recover the password of the account running the application. Publicly available exploit code exists per VulnCheck advisory; no CISA KEV listing at time of analysis.

Information Disclosure Microsoft Openbullet2
NVD VulDB
EPSS 0% 5.8 CVSS 9.3
CRITICAL POC KEV THREAT Emergency

Authentication bypass in Check Point Quantum Security Gateway and Spark Firewalls allows unauthenticated remote attackers to establish Remote Access and Mobile Access VPN sessions without valid credentials by abusing a logic flaw in deprecated IKEv1 certificate validation. The flaw (CVSS 9.3, CWE-287) was reported by Check Point themselves and publicly available exploit code exists, though EPSS exploitation probability remains very low (0.01%) and the issue is not currently listed in CISA KEV. Affected deployments include multiple Quantum R80.40-R82.10 trains and Spark R80.20.X-R82.00.X firmware.

Authentication Bypass Microsoft
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH Act Now

Certificate validation bypass in Check Point Quantum Security Gateway and Spark Firewalls allows network-positioned attackers to subvert IKEv1 certificate-based authentication in site-to-site VPN tunnels. A man-in-the-middle adversary can intercept or modify traffic traversing the tunnel without possessing valid credentials. No public exploit identified at time of analysis, and the issue is constrained to the deprecated IKEv1 protocol path.

Authentication Bypass Microsoft
NVD VulDB
EPSS 0% CVSS 8.7
HIGH POC This Week

Remote denial of service in Comodo Internet Security's Inspect.sys firewall driver lets an unauthenticated attacker crash any Windows host running the product by sending a single crafted IPv6 packet, even when all ports are blocked at the firewall. The flaw is an integer underflow (CWE-191) in IPv6 extension-header parsing that occurs before firewall rule enforcement, producing an out-of-bounds read and an oversized memcpy at DISPATCH_LEVEL and an immediate BSOD. Publicly available exploit code exists, published alongside MalwareTech's technical writeup and a working PoC named ComoDoS.

Microsoft Integer Overflow Buffer Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.6
HIGH PATCH This Week

Remote code execution in Markdown Preview Enhanced before 0.8.28 on Windows allows attackers to inject OS commands through crafted markdown documents that abuse the diagram filename attribute, imported file paths, or the latex_engine code-chunk attribute, all of which were passed through a shell without validation. Exploitation requires the victim to preview the malicious document (UI:A), and no public exploit identified at time of analysis, though VulnCheck-published advisory details and a tagged fix release make weaponization straightforward.

Microsoft Command Injection
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

OAuth authorization code exchange in NocoDB versions up to 2026.05.0 is vulnerable to a race condition that breaks the single-use guarantee enforced by PKCE. By submitting two or more concurrent token-exchange requests before the server atomically marks the authorization code as consumed, an attacker who controls a malicious OAuth client can obtain multiple valid (access_token, refresh_token) pairs from a single authorization code, resulting in unauthorized long-lived session access alongside the legitimate token. Fixed in 2026.05.1 via an atomic compare-and-swap database operation; no public exploit has been identified at time of analysis and this vulnerability is not listed in the CISA KEV catalog.

Information Disclosure Microsoft Race Condition
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Off-by-one heap out-of-bounds read in 7-Zip's WIM archive handler (versions 9.34-26.00) allows a remote unauthenticated attacker to trigger denial of service - and potentially minor information disclosure - by delivering a crafted WIM file. The vulnerability is zero-click exploitable in the GUI: 7zFM.exe automatically calls GetRawProp(kpidNtSecure) for every listed item, triggering the OOB read without any additional user interaction beyond opening or navigating to the malicious archive. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Denial Of Service Information Disclosure Microsoft +2
NVD GitHub VulDB
EPSS 0% CVSS 5.9
MEDIUM This Month

Out-of-bounds memory access in Samsung Android USB Driver for Windows (all versions prior to 1.9.5.0) allows a local attacker without elevated privileges to corrupt or read memory beyond allocated bounds, resulting in high availability impact and low integrity impact on the affected Windows host. Samsung has released version 1.9.5.0 as the corrective patch, documented under EUVD-2026-34810. No public exploit code exists and the vulnerability is not listed in CISA KEV at time of analysis, though the CVSS 4.0 AT:P modifier signals a required target-specific condition that narrows exploitability.

Google Microsoft Samsung +3
NVD VulDB
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

Integer overflow in Chrome's Chromoting (Remote Desktop) component on Windows exposes process memory contents to local authenticated attackers via crafted ETW (Event Tracing for Windows) events. Affected versions are all Chrome releases on Windows prior to 149.0.7827.53. With CVSS confidentiality impact rated High and no public exploit identified at time of analysis, the practical risk is constrained by the local access and user interaction requirements, though sensitive data such as credentials or session tokens resident in process memory could be disclosed. EPSS score of 0.01% (1st percentile) confirms low observed exploitation probability.

Information Disclosure Google Microsoft +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome's ANGLE graphics layer on Windows allows a remote unauthenticated attacker to read sensitive cross-origin memory contents by delivering a crafted HTML page to a victim. Affected are all Chrome versions on Windows prior to 149.0.7827.53. The root cause is an uninitialized memory use (CWE-457) within ANGLE, Chrome's graphics abstraction library. No public exploit has been identified at time of analysis, EPSS is very low at 0.03% (11th percentile), and the vulnerability is not listed in the CISA KEV catalog, consistent with the vendor's own 'Low' severity rating.

Information Disclosure Google Microsoft
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Remote code execution in Google Chrome on Windows prior to version 149.0.7827.53 allows a remote attacker to run arbitrary code when a victim is lured into performing specific UI gestures involving a malicious file delivered through the PlatformIntegration component. The flaw stems from improper input validation (CWE-20) and, while a vendor patch is available, no public exploit has been identified at time of analysis and EPSS scoring (0.04%) indicates very low near-term exploitation probability.

Google Microsoft RCE +3
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome on Windows prior to 149.0.7827.53 allows attackers to run arbitrary code within the browser sandbox by enticing a user to visit a crafted HTML page that triggers a use-after-free in the WebML component. Although Chromium rates the severity as Medium, the CVSS 3.1 base score is 8.8 (High), reflecting high impact across confidentiality, integrity, and availability with low attack complexity. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Google Memory Corruption RCE +6
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker to exploit a use-after-free condition in the Views component via a crafted HTML page. The flaw carries a CVSS 3.1 score of 8.8 with network attack vector and requires user interaction (visiting a malicious page), and no public exploit has been identified at time of analysis despite Google's vendor patch being released.

Google Memory Corruption RCE +6
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Local privilege escalation in Google Chrome on Windows prior to 149.0.7827.53 stems from a use-after-free condition in the Updater component, allowing a local attacker who can place a malicious file to elevate to OS-level privileges. The flaw was reported by Google's Chrome security team with no public exploit identified at time of analysis, and EPSS scoring is very low at 0.01% reflecting minimal predicted exploitation activity. Chromium rates the severity as Medium while the CVSS base score of 7.3 reflects the high impact of OS-level privilege escalation.

Privilege Escalation Google Memory Corruption +4
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in Google Chrome on Windows prior to version 149.0.7827.53 allows an attacker with local access to elevate to OS-level privileges by planting a malicious file that the Chrome Installer processes inappropriately. The flaw stems from improper privilege management (CWE-269) in the Installer component and requires user interaction to trigger, with no public exploit identified at time of analysis and an EPSS score of 0.01% indicating very low predicted exploitation likelihood.

Google Microsoft Privilege Escalation +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Uninitialized memory use in the Dawn WebGPU engine of Google Chrome on Windows (all versions prior to 149.0.7827.53) enables a remote unauthenticated attacker to leak cross-origin data from a victim's browser session. Exploitation requires the victim to visit a crafted HTML page, breaking same-origin isolation by surfacing residual memory contents from other browsing contexts. No public exploit has been identified and EPSS sits at 0.03% (11th percentile), indicating low current exploitation probability; however, the High confidentiality CVSS impact warrants prompt patching in environments handling sensitive cross-origin data.

Information Disclosure Google Microsoft +1
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free in the Codecs component triggered by a crafted HTML page. The flaw requires user interaction (visiting a malicious page) and chains with a prior renderer compromise; no public exploit identified at time of analysis and EPSS exploitation probability is very low (0.03%, 11th percentile).

Google Memory Corruption Use After Free +3
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Windows versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer/network process to break out of the browser sandbox via crafted Chromoting (Chrome Remote Desktop) network traffic. The flaw is rated CVSS 9.6 due to the scope change from sandboxed process to host, though Google classifies the Chromium severity as Medium. EPSS is very low (0.05%) and no public exploit identified at time of analysis, but a vendor patch is available.

Information Disclosure Google Microsoft +1
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Windows before 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that abuses the WebNN (Web Neural Network) API. The flaw stems from insufficient validation of untrusted input (CWE-20) reaching the WebNN component, and exploitation requires user interaction (visiting an attacker-controlled page) plus a prior renderer-compromise primitive. There is no public exploit identified at time of analysis, and the EPSS probability is very low (0.04%).

Information Disclosure Google Microsoft +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome on Windows prior to version 149.0.7827.53 allows a remote attacker to escape memory safety boundaries within the renderer sandbox via a crafted HTML page. The flaw stems from a use-after-free condition in the Media component and requires user interaction (visiting a malicious page); no public exploit has been identified at time of analysis. With a CVSS of 8.8 and confirmed Chromium classification, this is a typical browser memory-corruption bug that historically attracts exploit chains.

Google Memory Corruption RCE +6
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Privilege escalation in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via an integer overflow in the CredentialProvider component. Exploitation requires user interaction with a crafted HTML page and a prior renderer compromise, and no public exploit has been identified at time of analysis. Chromium rates the security severity as Medium despite the CVSS 7.5 score.

Google Microsoft Privilege Escalation +3
NVD
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the Site Isolation sandbox via a crafted HTML page. The flaw stems from insufficient validation of untrusted input in the Site Isolation component (CWE-20) and is rated CVSS 9.6 due to scope change, though Chromium itself classifies the underlying severity as Medium. No public exploit has been identified at time of analysis and EPSS is very low (0.05%, 15th percentile), but the chained-exploit potential makes it a meaningful browser-security risk.

Information Disclosure Google Microsoft +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome on Windows prior to 149.0.7827.53 allows attackers to run arbitrary code inside the renderer sandbox by luring a user to a crafted HTML page that triggers a use-after-free in the ANGLE graphics layer. The flaw carries a CVSS 8.8 score and requires user interaction (visiting a malicious page), and no public exploit identified at time of analysis. The sandbox containment limits direct system impact, but the bug is a strong candidate for chaining with a sandbox escape.

Google Memory Corruption RCE +6
NVD
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Windows versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that triggers a type confusion in the GPU process. The CVSS score of 9.6 reflects the scope-changing nature of escaping the sandbox boundary, though exploitation requires user interaction (visiting a malicious page) and a pre-existing renderer compromise. No public exploit identified at time of analysis, and EPSS is low at 0.03%.

Microsoft Information Disclosure Google +2
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw resides in the Base component and is rated Medium severity by Chromium despite the CVSS 9.6 score, reflecting the prerequisite of a prior renderer compromise. No public exploit identified at time of analysis, and EPSS exploitation probability is very low at 0.05%.

Information Disclosure Google Microsoft +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 enables a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that exploits insufficient input validation in the Media component. The flaw requires user interaction (visiting a malicious page) and a prior renderer compromise, making it a second-stage capability typically chained with another bug; no public exploit identified at time of analysis and EPSS exploitation probability is low at 0.05%.

Information Disclosure Google Microsoft +1
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that exploits insufficient input validation in the GPU component. The CVSS 9.6 score reflects the scope change from renderer to host, but real-world exploitation requires chaining with a separate renderer compromise and user interaction. EPSS is low at 0.05% and no public exploit is identified at time of analysis.

Information Disclosure Google Microsoft +3
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Windows versions prior to 149.0.7827.53 can be triggered by a remote attacker via a crafted HTML page that exploits a use-after-free condition in the USB component. The flaw carries a CVSS score of 9.6 due to its scope-changing impact, though Google rated the underlying Chromium security severity as Medium, and no public exploit has been identified at time of analysis with an EPSS score of just 0.03%.

Google Memory Corruption Use After Free +3
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Out-of-bounds read in Chrome's ANGLE graphics layer on Windows exposes sensitive process memory to an attacker who has already achieved renderer compromise. Affected are all Chrome for Windows installations prior to 149.0.7827.53; macOS, Linux, Android, and iOS are not in scope per available data. No public exploit code exists and no active exploitation is confirmed - EPSS at 0.03% (11th percentile) and SSVC exploitation status of 'none' jointly indicate this is a low-priority real-world threat, functioning primarily as a post-exploitation information-disclosure step in a multi-stage browser attack chain rather than a standalone critical vulnerability.

Information Disclosure Google Microsoft +3
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Integer overflow in Chrome's ANGLE graphics layer on Windows enables process memory disclosure for attackers who have already compromised the renderer process. Affected versions are all Google Chrome releases prior to 149.0.7827.53 on Windows. An attacker who has first achieved renderer compromise can trigger the ANGLE integer overflow via a crafted HTML page to read potentially sensitive data from process memory - functioning as a second-stage information leak within a chained exploit. No public exploit identified at time of analysis, and EPSS at 0.03% (11th percentile) reflects low observed exploitation probability.

Information Disclosure Google Microsoft +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome on Windows prior to version 149.0.7827.53 stems from a use-after-free flaw in the Chromoting (Chrome Remote Desktop) component. A remote attacker can deliver malicious network traffic that, combined with minimal user interaction, allows arbitrary code execution within the browser's renderer context. No public exploit identified at time of analysis, but Google rates the underlying Chromium severity as High.

Google Memory Corruption RCE +6
NVD VulDB
Prev Page 12 of 193 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy