Skip to main content

Microsoft

17281 CVEs vendor

Monthly

CVE-2026-50456 MEDIUM PATCH This Month

Windows File Explorer on a wide range of Microsoft Windows client and server versions exposes sensitive information to locally authenticated standard users, achieving high confidentiality impact without requiring elevated privileges. The flaw (CWE-200) is confined to the local attack surface - CVSS AV:L/PR:L - meaning the attacker must already hold an interactive session on the target system. No public exploit code and no CISA KEV listing have been identified at time of analysis; a vendor patch is available through Microsoft Security Response Center.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-50389 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +11
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2026-50442 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +11
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-50473 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +11
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-50457 HIGH PATCH This Week

Local privilege escalation in the Windows Runtime (WinRT) component of Windows 10, Windows 11, and Windows Server allows an authenticated attacker to run arbitrary code with elevated (SYSTEM-level) privileges by triggering a use-after-free memory-corruption condition (CWE-416). Microsoft has released a patch, but there is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV. The CVSS 3.1 score of 7.8 (High) with a fully local vector reflects meaningful post-compromise impact but requires the attacker to already have a foothold on the host.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1809 +9
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50462 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Ancillary Function Driver for WinSock (AFD.sys) allows an already-authenticated local attacker to gain elevated (SYSTEM-level) privileges across a broad range of Windows client and server releases from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. Reported internally by Microsoft with a patch available, the flaw carries CVSS 7.8 with full confidentiality, integrity, and availability impact but no confirmed active exploitation; no public exploit identified at time of analysis.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50439 HIGH PATCH Exploit Unlikely This Week

Remote code execution in the Microsoft Message Queuing (MSMQ) Queue Manager affects a broad range of Windows client and server releases, from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. An unauthenticated network attacker who can reach the MSMQ service (TCP 1801) can trigger a use-after-free (CWE-416) in the Queue Manager to execute arbitrary code in the service context. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV, but the high CVSS (8.1), network attack vector, and lack of any authentication requirement make patched deployment urgent; exploitation is tempered by the High attack complexity (AC:H).

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +17
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2026-50465 HIGH PATCH Exploit Unlikely This Week

Local integrity and availability tampering in the Microsoft Windows DNS component affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 (including Server Core), where an authorized attacker with low privileges can abuse improper access control to modify DNS data or disrupt the service. Microsoft self-reported the issue and has released a patch. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV, so exploitation would currently require local access on an already-compromised or shared host.

Authentication Bypass Microsoft Windows 11 Version 24H2 Windows 11 Version 25H2 Windows 11 Version 26H1 +2
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2026-50441 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows Resilient File System (ReFS) lets an authenticated local attacker gain elevated (SYSTEM-level) privileges by triggering an untrusted pointer dereference in the ReFS driver. It affects a broad range of Windows 10, Windows 11, and Windows Server 2016-2025 builds. Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV, so risk is currently patch-and-move rather than emergency.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +11
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50409 MEDIUM PATCH Exploit Unlikely This Month

Exposure of sensitive information to an unauthorized actor in Windows Overlay Filter allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +11
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-50435 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Overlay Filter (WOF) driver affects a broad range of Windows client and server releases, from Windows 10 1607 and Server 2012 R2 through Windows 11 26H1 and Server 2025. An authenticated local attacker with low privileges can trigger a buffer over-read (CWE-126) in the filter to elevate to higher privileges, gaining full confidentiality, integrity, and availability impact on the host. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +13
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50402 HIGH PATCH This Week

Local privilege escalation in the Windows NTFS file-system driver lets an authenticated low-privileged user gain elevated (likely SYSTEM) privileges by exploiting an incorrect conversion between numeric types (CWE-681). Affected platforms span Windows 10 (1607 through 22H2), Windows 11 (24H2, 25H2, 26H1), and Windows Server 2012 through 2025. Microsoft reported the flaw and has shipped a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50466 HIGH PATCH This Week

Local privilege escalation in the Windows Brokering File System component affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a use-after-free memory corruption (CWE-416) lets an already-authenticated local user elevate to higher privileges. Microsoft rates it CVSS 7.8 with full confidentiality, integrity, and availability impact, and has released a patch. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 24H2 +4
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50451 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Routing and Remote Access Service (RRAS) allows a low-privileged authenticated user to elevate to higher privileges on affected Windows 10, Windows 11, and Windows Server 2012 through 2025 systems. The flaw stems from a missing authentication check on a critical RRAS function (CWE-306), letting an already-authorized local attacker invoke privileged functionality without proper authorization. Microsoft has released a patch; there is no public exploit identified at time of analysis.

Authentication Bypass Microsoft Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2026-50383 MEDIUM PATCH Exploit Unlikely This Month

Buffer over-read in Windows Print Spooler Components allows an authorized attacker to disclose information locally.

Buffer Overflow Microsoft Windows 10 Version 1809 Windows 10 Version 21H2 Windows 10 Version 22H2 +8
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2026-50367 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Sensor Data Service allows an authenticated low-privileged user to gain full SYSTEM-level control on affected Windows 10, Windows 11, and Windows Server (2019-2025) systems. The flaw stems from incorrect access to an indexable resource (a range/bounds error, CWE-118) and yields high confidentiality, integrity, and availability impact per the CVSS 7.8 vector. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but Microsoft has released a patch.

Microsoft Information Disclosure Windows 10 Version 1809 Windows 10 Version 21H2 Windows 10 Version 22H2 +8
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50374 MEDIUM PATCH Exploit Unlikely This Month

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges with a physical attack.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1809 +10
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2026-50421 HIGH PATCH This Week

Local privilege escalation in the Windows Connected User Experiences and Telemetry service (DiagTrack) lets an already-authenticated user run arbitrary code with SYSTEM-level rights by triggering a CWE-843 type-confusion condition. The flaw affects a broad range of currently-supported Windows client and server builds, from Windows 10 1607 through Windows 11 26H1 and Windows Server 2016 through 2025. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Microsoft Memory Corruption Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50422 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows NTFS file-system driver lets an already-authenticated low-privileged user read memory outside allocated bounds (CWE-125) to gain elevated privileges. It affects a broad Windows fleet spanning Windows 10 (1607 through 22H2), Windows 11 (24H2, 25H2, 26H1), and Windows Server 2012 through 2025. Reported by Microsoft with a patch available; no public exploit identified at time of analysis and it is not listed in CISA KEV.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50413 HIGH PATCH Exploit Unlikely This Week

Privilege escalation in Windows Runtime (WinRT) via a use-after-free memory corruption flaw enables a locally authenticated low-privilege attacker to elevate to SYSTEM-level access on Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025. The CVSS scope change (S:C) confirms the exploit crosses a security boundary, yielding full confidentiality, integrity, and availability impact beyond the originating process. No public exploit identified at time of analysis; Microsoft has released a patch via MSRC.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 24H2 +4
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-50385 HIGH PATCH This Week

Local privilege escalation in the Windows Runtime affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a race condition (CWE-362) in the improperly synchronized handling of a shared resource lets an already-authenticated attacker win a timing window to gain higher privileges. Microsoft reported and patched the issue; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The CVSS 8.8 with scope-changed impact reflects that a low-privileged local user could reach full SYSTEM-level control of confidentiality, integrity, and availability.

Microsoft Race Condition Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 +3
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-50365 HIGH PATCH Exploit Unlikely This Week

Elevation of privilege in the Microsoft Windows RPC API lets an unauthenticated attacker on an adjacent network gain higher privileges by exploiting an improper authentication weakness (CWE-287), provided a user is lured into an interaction. The flaw spans a broad range of client and server builds from Windows Server 2012 through Windows Server 2025 and Windows 10 1607 through Windows 11 26H1. No public exploit identified at time of analysis; the issue was reported by Microsoft, which has released a fix.

Authentication Bypass Microsoft Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
8.0
EPSS
0.5%
CVE-2026-50454 HIGH PATCH Exploit Likely This Week

Local privilege escalation in Windows User Interface Core (UI Core) affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a relative path traversal flaw lets an already-authenticated low-privileged user escalate to higher privileges on the local machine. The CVSS 3.1 score of 7.8 reflects full confidentiality, integrity, and availability impact once triggered, though attack requires local access and existing low-level privileges. Reported by Microsoft with a patch available; no public exploit identified at time of analysis and it is not listed in CISA KEV.

Microsoft Path Traversal Windows 11 Version 24H2 Windows 11 Version 25H2 Windows 11 Version 26H1 +2
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2026-50469 HIGH PATCH This Week

Local privilege escalation in the Windows Projected File System (ProjFS) driver lets an authenticated low-privileged attacker abuse a symbolic-link/junction race (CWE-59 link following) to redirect a privileged file operation and gain SYSTEM-level rights across Windows 10 (1809-22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2019/2022/2025. Microsoft has released a patch; there is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.

Microsoft Information Disclosure Windows 10 Version 1809 Windows 10 Version 21H2 Windows 10 Version 22H2 +8
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50369 HIGH PATCH Exploit Unlikely This Week

Privilege escalation in Windows Remote Desktop Services (RDS) lets an authenticated, low-privileged attacker elevate to higher privileges across a network by triggering a use-after-free (CWE-416) memory-corruption condition in the RDS component. The flaw spans a broad range of supported Windows client and server releases (Windows 10/11 and Windows Server 2012 through 2025). Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +17
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2026-50471 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows NTFS (the New Technology File System driver) arises from a heap-based buffer overflow that lets an attacker run arbitrary code with the privileges of the affected process. The flaw affects a broad swath of supported Windows client and server builds, from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. Microsoft (the reporter) has shipped a patch; there is no public exploit identified at time of analysis, and the CVSS vector requires local access plus user interaction, so it is a privilege-escalation/code-execution primitive rather than a remotely-wormable bug.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +17
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50437 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2026-50436 HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Windows Kernel affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 (including Server Core), where an authorized attacker can exploit a use-after-free (CWE-416) memory-corruption condition to elevate privileges to SYSTEM. The flaw was reported by Microsoft, which has released a patch, and carries a CVSS 7.8 rating driven entirely by high confidentiality, integrity, and availability impact once local access is obtained. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 24H2 +4
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2026-50382 HIGH PATCH NEWS Exploit Unlikely This Week

Local code execution in the Windows DirectX graphics component (CVE-2026-50382) lets an already-authenticated user run arbitrary code and, because the CVSS scope is Changed, break out of the calling security context to compromise the wider system. It affects a broad range of Windows client and server builds from Windows 10 1809 through Windows 11 26H1 and Windows Server 2019 through 2025. Microsoft has issued a patch; there is no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

Microsoft Information Disclosure Windows 10 Version 1809 Windows 10 Version 21H2 Windows 10 Version 22H2 +8
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-50352 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Cryptographic Services allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2026-50344 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows OLE (Object Linking and Embedding) component allows an already-authenticated, low-privileged user on affected Windows and Windows Server builds to elevate to higher privileges through an improper authorization check (CWE-285). Microsoft has released a patch, and no public exploit has been identified at time of analysis. Impact is high across confidentiality, integrity, and availability, though exploitation requires prior local code execution.

Authentication Bypass Microsoft Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50445 MEDIUM PATCH Exploit Unlikely This Month

Buffer over-read in Windows RDP allows an unauthorized attacker to disclose information over a network.

Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2026-50334 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Notification allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-50387 HIGH PATCH Exploit Likely This Week

Local privilege elevation in the Windows Graphics Device Interface (GDI) component allows an already-authenticated, low-privileged user to run code at a higher privilege level by triggering a stack-based buffer overflow (CWE-121). Affected platforms span Windows 10 (1607 through 22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2012 through 2025, including Server Core installations. Reported by Microsoft with a patch available; no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Buffer Overflow Stack Overflow Microsoft Microsoft Office 365 For Mac Microsoft Office For Android +20
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2026-50448 HIGH PATCH Exploit Unlikely This Week

Local code execution in the Microsoft Windows NTFS file-system driver lets an attacker run arbitrary code by triggering a heap-based buffer overflow (CWE-122) when Windows parses crafted file-system metadata. The flaw spans a broad range of supported releases, from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. It carries a CVSS 7.8 (Important) rating, requires user interaction, has a vendor patch available, and no public exploit identified at time of analysis.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50405 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Filtering Platform (WFP) lets an authenticated low-privileged user gain higher privileges on affected Windows 10, Windows 11, and Windows Server systems (Server 2012 through Server 2025). Rooted in insufficient access-control granularity (CWE-1220), a local attacker with a valid session can manipulate WFP to reach SYSTEM-level access. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but Microsoft rates the confidentiality, integrity, and availability impact as High.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50397 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Kernel lets an already-authenticated attacker win a use-after-free race (CWE-416) to gain SYSTEM-level control, affecting a broad range of client and server builds from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. Microsoft has released a patch and there is no public exploit identified at time of analysis. The moderate 7.0 score reflects high attack complexity (a timing-dependent race) offset by full confidentiality, integrity and availability impact once triggered.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +17
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-50376 MEDIUM PATCH Exploit Unlikely This Month

Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2026-50401 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows Cloud Files Mini Filter Driver allows an authorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 1809 Windows 10 Version 21H2 +9
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2026-50378 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Key Guard affecting Windows 10 (1809/21H2/22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2019/2022/2025 allows an already-authenticated local attacker to win a race condition (CWE-362) and gain higher privileges. Reported by Microsoft with a patch now available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The CVSS 7.8 rating reflects full confidentiality, integrity, and availability impact once the timing window is exploited.

Microsoft Race Condition Information Disclosure Windows 10 Version 1809 Windows 10 Version 21H2 +9
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50423 HIGH POC PATCH Exploit Likely This Week

Local privilege escalation in the Microsoft Windows Kernel allows an already-authenticated attacker to elevate to SYSTEM-level privileges across a wide range of Windows 10, Windows 11, and Windows Server builds. The flaw stems from improper access control (CWE-284) in kernel-mode code and requires local low-privileged access with no user interaction. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the trivial attack complexity and SYSTEM-level impact make it a standard patch-Tuesday priority.

Authentication Bypass Microsoft Windows 10 Version 21H2 Windows 10 Version 22H2 Windows 11 Version 24H2 +5
NVD
CVSS 3.1
7.8
EPSS
2.5%
CVE-2026-50418 MEDIUM PATCH This Month

Improper access control in Windows System allows an unauthorized attacker to bypass a security feature locally.

Authentication Bypass Microsoft Windows 11 Version 24H2 Windows 11 Version 25H2 Windows 11 Version 26H1 +3
NVD
CVSS 3.1
5.1
EPSS
0.2%
CVE-2026-50391 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Group Policy component allows an already-authenticated user to elevate to higher privileges (up to SYSTEM) on affected Windows 10, Windows 11, and Windows Server 2012-2025 systems. The flaw stems from improper privilege management (CWE-269) and is reported by Microsoft with a patch available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. With CVSS 7.8 and full confidentiality, integrity, and availability impact, it is a strong candidate for the monthly patch cycle on endpoints and domain-joined servers.

Microsoft Privilege Escalation Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50433 HIGH PATCH Exploit Likely This Week

Local privilege escalation in Microsoft Windows Media (the Windows Media component/codec subsystem) allows an already-authenticated local attacker to elevate to SYSTEM by triggering a use-after-free (CWE-416) memory corruption condition. The flaw affects a broad range of currently-supported Windows client and server releases, from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +17
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2026-50403 HIGH PATCH This Week

Local privilege escalation in the Windows Runtime component of Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 allows an already-authenticated local attacker to win a race condition and gain higher privileges. The flaw was reported by Microsoft, which has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The high CVSS complexity (AC:H) reflects that the attacker must reliably win a timing window, tempering real-world exploitability despite the full compromise of confidentiality, integrity, and availability once triggered.

Microsoft Race Condition Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 +3
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-50460 HIGH PATCH This Week

Elevation of privilege in Microsoft Windows Runtime (WinRT) lets a remote, unauthenticated attacker win a timing window in a shared-resource race condition and gain higher privileges across a broad range of Windows client and server releases (Windows 10 1809 through Windows 11 26H1 and Windows Server 2019/2022/2025). Microsoft-reported and patched, the flaw carries CVSS 8.1, driven by full confidentiality, integrity, and availability impact but tempered by high attack complexity. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Authentication Bypass Microsoft Race Condition Windows 10 Version 1809 Windows 10 Version 21H2 +9
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2026-50463 HIGH PATCH Exploit Unlikely This Week

Information disclosure in the Windows Kernel allows a remote, unauthenticated attacker to read out-of-bounds memory and leak sensitive data across all currently supported Windows client and server builds (Windows 10 1809/21H2/22H2, Windows 11 24H2/25H2/26H1, and Windows Server 2019/2022/2025). The CVSS 3.1 base score is 7.5 (AV:N/AC:L/PR:N/UI:N, high confidentiality impact only). There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the network-reachable, no-privilege, no-interaction profile makes it a broadly applicable patch-now item.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 1809 Windows 10 Version 21H2 +9
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2026-50379 HIGH PATCH This Week

Elevation of privilege in the Windows Media component of Windows 11 (versions 24H2, 25H2, and 26H1) allows an authorized attacker to win a race condition and gain higher privileges over a network. The CVSS 3.1 base score is 7.5 with full confidentiality, integrity, and availability impact, though the high attack complexity reflects the timing precision needed to exploit the flaw. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Microsoft Race Condition Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 +1
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-50414 HIGH PATCH This Week

Elevation of privilege in the Windows Media component of Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 allows an already-authorized (PR:L) network attacker to win a race condition and gain higher privileges, with full confidentiality, integrity, and availability impact. Microsoft self-reported the flaw and has released a patch; there is no public exploit identified at time of analysis and it is not on the CISA KEV list. High attack complexity (AC:H) reflects the timing precision needed to exploit the race reliably.

Microsoft Race Condition Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 +3
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2026-50398 HIGH PATCH This Week

Elevation of privilege in the Windows Media component of Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 allows an authenticated attacker to win a race condition and gain higher privileges over the network. The CVSS 3.1 score of 8.8 reflects low-privilege network exploitation with high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and this CVE is not listed in CISA KEV, though Microsoft has released a patch.

Microsoft Race Condition Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 +3
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2026-50336 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Media component of Windows 11 (versions 24H2, 25H2, and 26H1) allows an already-authenticated low-privileged user to run code with elevated (typically SYSTEM) rights by triggering a heap-based buffer overflow. Microsoft, the reporting party, has released a patch through its Update Guide. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV, so there is no evidence of active exploitation, though EIP-class memory-corruption bugs in core OS components are attractive follow-on targets after initial access.

Heap Overflow Buffer Overflow Microsoft Windows 11 Version 24H2 Windows 11 Version 25H2 +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50371 HIGH PATCH This Week

Local privilege escalation in Microsoft Windows via the LUAFV (LUA File Virtualization, luafv.sys) driver allows an already-authenticated low-privileged user to win a timing race and elevate to SYSTEM/administrator on affected Windows client and server builds. The flaw stems from improper synchronization around a shared resource (CWE-362) and carries a CVSS 7.0 (AV:L/AC:H/PR:L) reflecting a local, high-complexity attack. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but Microsoft has released a patch.

Microsoft Race Condition Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-50449 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Runtime (WinRT) affects a broad range of supported Windows client and server releases, from Windows 10 1809 and Windows Server 2019 through Windows 11 26H1 and Windows Server 2025. An authorized local attacker who can execute low-privilege code can trigger a use-after-free (CWE-416) memory-corruption condition to elevate privileges, yielding full confidentiality, integrity, and availability impact on the host. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; Microsoft has released a patch.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1809 +10
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-50410 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows Runtime (WinRT) affects a broad range of Windows client and server builds, from Windows 10 1809 through Windows 11 26H1 and Windows Server 2019 through 2025. An authorized local attacker who can run low-privileged code can trigger a use-after-free memory-corruption condition to elevate to higher privileges, with high confidentiality, integrity, and availability impact implying a path to SYSTEM. No public exploit identified at time of analysis, and the flaw is not on CISA KEV; a vendor patch is available.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1809 +10
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-50388 HIGH PATCH Exploit Unlikely This Week

Local code execution in the Microsoft Windows NTFS driver stems from an out-of-bounds read (CWE-125) that an attacker can leverage to run arbitrary code on affected systems, spanning Windows 10 (1607 through 22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2012 through 2025. Exploitation requires local access and user interaction (AV:L/UI:R), typically opening or mounting a maliciously crafted file or volume, but no prior authentication (PR:N). Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2026-50353 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows DirectX graphics kernel subsystem allows an authenticated attacker to elevate to SYSTEM by triggering a use-after-free (CWE-416) memory-corruption condition across Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025. The CVSS 3.1 vector (7.8, AV:L/PR:L) confirms local access and low existing privileges are required with no user interaction, yielding full confidentiality, integrity, and availability impact. Reported by Microsoft with a vendor patch available; no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 24H2 +4
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50373 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Search component lets an already-authenticated low-privilege user gain SYSTEM-level rights through improper access control (CWE-284). It affects all currently supported Windows client and server builds from Windows 10 1809 through Windows 11 26H1 and Windows Server 2019 through 2025. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV, but Microsoft has released a patch.

Authentication Bypass Microsoft Windows 10 Version 1809 Windows 10 Version 21H2 Windows 10 Version 22H2 +8
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50428 HIGH PATCH Exploit Unlikely This Week

Local information disclosure in the Windows Container Isolation FS Filter Driver (unionfs.sys) on Windows 11 version 26H1 allows an authorized low-privileged user to read memory outside intended bounds and disclose sensitive kernel or process data. The flaw was reported by Microsoft, a vendor patch is available, and there is no public exploit identified at time of analysis. CVSS 7.1 (AV:L) reflects local access with low privileges but high confidentiality impact.

Buffer Overflow Microsoft Information Disclosure Windows 11 Version 26H1
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2026-50358 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Media component affects a broad range of Microsoft Windows client and server editions (Windows 10 1607 through Windows 11 26H1, and Windows Server 2016 through 2025). A low-privileged authenticated attacker can abuse a use-after-free (CWE-416) memory corruption flaw to elevate to higher privileges, achieving full confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and the flaw is not on CISA KEV, but the high attack complexity (a likely race condition) is the main barrier to reliable exploitation.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +13
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2026-50416 LOW PATCH Exploit Unlikely Monitor

Exposure of sensitive information to an unauthorized actor in Windows Win32K allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 Windows 11 Version 26H1 +2
NVD
CVSS 3.1
3.3
EPSS
0.4%
CVE-2026-50404 HIGH PATCH This Week

Local privilege elevation in the Windows Media component of Windows 11 (versions 24H2, 25H2, and 26H1) allows an already-authenticated local attacker to win a race condition and gain higher privileges on the host. The flaw is a concurrency/synchronization defect (CWE-362) reported by Microsoft itself; no public exploit identified at time of analysis and it is not listed in CISA KEV. Exploitation is rated high-complexity because the attacker must reliably win a timing window, which tempers the otherwise high confidentiality, integrity, and availability impact.

Microsoft Race Condition Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 +1
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-50340 HIGH PATCH This Week

Elevation of privilege in the Windows Runtime (WinRT) component of Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 allows an authenticated attacker to gain higher privileges by exploiting a use-after-free memory-corruption flaw over the network. Microsoft, who reported the issue, has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The high CVSS (8.5) is driven by a scope change and full confidentiality/integrity/availability impact, though high attack complexity tempers real-world exploitability.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 24H2 +4
NVD
CVSS 3.1
8.5
EPSS
0.5%
CVE-2026-50317 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 lets an already-authenticated, low-privileged attacker win a race condition (CWE-362) over an improperly synchronized shared resource to elevate privileges. Reported by Microsoft itself, the flaw carries a CVSS 7.0 and per SSVC has total technical impact but is not automatable and shows no observed exploitation; no public exploit is identified at time of analysis. EPSS is low at 0.24% (16th percentile), consistent with the high attack complexity of reliably timing the race.

Microsoft Race Condition Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 +3
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-50361 HIGH PATCH This Week

Local privilege elevation in the Windows Brokering File System (bfs.sys/brokering component) lets an authenticated low-privileged user corrupt kernel memory via a double free (CWE-415) to gain SYSTEM-level privileges on Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025. A Microsoft-released patch is available. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; EPSS data was not provided.

Microsoft Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 Windows 11 Version 26H1 +2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50375 MEDIUM PATCH Exploit Likely This Month

Heap-based buffer overflow in Windows DirectX allows an authorized attacker to elevate privileges locally.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1809 Windows 10 Version 21H2 +9
NVD
CVSS 3.1
6.3
EPSS
1.5%
CVE-2026-50335 HIGH PATCH Exploit Unlikely This Week

Elevation of privilege in Microsoft Windows (Windows 10 1809/21H2/22H2, Windows 11 24H2/25H2/26H1, and Windows Server 2019/2022/2025) allows a locally authenticated attacker to escalate to higher privileges via an improper access control weakness (CWE-284). An attacker who already holds a low-privilege foothold on the host can gain full confidentiality, integrity, and availability impact over the system. No public exploit identified at time of analysis, though the flaw was reported by Microsoft and a vendor patch is available.

Authentication Bypass Microsoft Windows 10 Version 1809 Windows 10 Version 21H2 Windows 10 Version 22H2 +8
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50322 HIGH PATCH This Week

Local privilege escalation in the Windows Runtime (WinRT) affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a race condition (CWE-362) in the handling of a shared resource allows an already-authenticated low-privileged attacker to win a timing window and elevate to higher privileges. Exploitation requires winning a non-deterministic race (AC:H) and low-level access to the target host (PR:L, AV:L), and there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Microsoft has published an advisory and released a patch.

Microsoft Race Condition Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 +3
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-50345 HIGH PATCH This Week

Local privilege escalation in the Windows Runtime (WinRT) component of Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 allows an authenticated local attacker to win a race condition and gain higher privileges. The flaw stems from improper synchronization of a shared resource (CWE-362); successful exploitation yields high confidentiality, integrity, and availability impact. No public exploit is identified at time of analysis, and it is not listed in CISA KEV; Microsoft has released a patch.

Microsoft Race Condition Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 +3
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-50348 HIGH PATCH This Week

Privilege escalation in the Windows Runtime (WinRT) allows a network-based, unauthenticated attacker to win a race condition and gain elevated privileges on affected Windows 10, Windows 11 (through 26H1), and Windows Server 2019-2025 systems. Microsoft self-reported the flaw and has shipped a fix; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The CVSS vector (AV:N/AC:H) reflects a real but timing-dependent attack that is non-trivial to reproduce reliably.

Authentication Bypass Microsoft Race Condition Windows 10 Version 1809 Windows 10 Version 21H2 +9
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2026-50452 HIGH PATCH This Week

Network-based privilege elevation in the Windows Runtime (WinRT) affects a broad range of Microsoft platforms including Windows 10 (1809 through 22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2019/2022/2025. An unauthorized attacker who wins a timing race in the improperly synchronized shared-resource handling can gain elevated privileges, with the vulnerability carrying an implicit authentication-bypass characteristic per vendor tags. No public exploit has been identified at time of analysis, and the high attack complexity (AC:H) reflects the need to reliably win a race window.

Authentication Bypass Microsoft Race Condition Windows 10 Version 1809 Windows 10 Version 21H2 +9
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2026-50390 HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Windows Kernel (CVE-2026-50390) lets an already-authenticated attacker abuse a type-confusion condition to run code with elevated (SYSTEM-level) privileges on affected Windows client and server builds ranging from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025. Microsoft has shipped a fix and there is no public exploit identified at time of analysis, but as a kernel EoP it is a classic second-stage building block for turning a foothold into full host compromise. CVSS is 7.0 (High), reflecting high attack complexity but full confidentiality, integrity, and availability impact once triggered.

Microsoft Memory Corruption Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2026-50377 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-50357 HIGH PATCH This Week

Local code execution in Microsoft's Resilient File System (ReFS) driver lets an already-authenticated, low-privileged user on affected Windows 10, Windows 11, and Windows Server 2016–2025 systems escalate to code execution through a numeric truncation flaw (CWE-197). No public exploit has been identified at time of analysis, and it is not on CISA KEV, but Microsoft has released a patch. Note a data conflict: the description states code execution and the CVSS carries C:H/I:H/A:H, yet the vendor tags label it 'Information Disclosure' — the CVSS-backed local elevation-of-privilege reading is treated as authoritative here.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +11
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50312 HIGH PATCH Exploit Unlikely This Week

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +17
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50310 MEDIUM PATCH Exploit Unlikely This Month

Integer overflow or wraparound in Windows Devices Human Interface allows an authorized attacker to disclose information locally.

Information Disclosure Microsoft Integer Overflow Windows 10 Version 1809 Windows 10 Version 21H2 +9
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2026-50430 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +11
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-50339 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1809 Windows 10 Version 21H2 Windows 10 Version 22H2 +8
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-50434 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 21H2 Windows 10 Version 22H2 Windows 11 Version 24H2 +5
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-50315 HIGH PATCH This Week

Local privilege escalation in Windows Image Acquisition (WIA) affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a NULL pointer dereference can be leveraged by an already-authenticated local user to elevate privileges. Microsoft rates it 7.8 (High) with full confidentiality, integrity, and availability impact despite the flaw class typically causing denial of service. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.

Microsoft Denial Of Service Null Pointer Dereference Windows 11 Version 24H2 Windows 11 Version 25H2 +3
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50425 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Internal System User Profile component allows an already-authenticated attacker to gain elevated (SYSTEM-level) privileges by triggering a use-after-free memory corruption condition (CWE-416). The flaw affects Windows 10 (21H2/22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2025 including Server Core. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the CVSS 7.8 rating and full high impact on confidentiality, integrity, and availability make it a meaningful patch-cycle priority.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 21H2 +6
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50321 HIGH PATCH This Week

Local privilege escalation in the Microsoft Windows USB driver stack lets an already-authenticated low-privileged user win a race condition (CWE-362) to gain SYSTEM-level control across Windows 10 (1607-22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2012 through 2025. Reported by Microsoft with a patch available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. EPSS is low (0.19%, 9th percentile) and SSVC rates exploitation as none but technical impact as total, indicating high damage potential if a working exploit is developed.

Microsoft Race Condition Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-50347 HIGH PATCH This Week

Local code execution in Microsoft Windows arises from a heap-based buffer overflow in a Windows Data DLL, letting an attacker who can get a victim to open crafted content run arbitrary code with the victim's privileges. Affected builds span Windows 10 (1607 through 22H2), Windows 11 (24H2, 25H2, 26H1), and Windows Server 2012 through 2025. Microsoft (the reporter) has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2026-50370 HIGH PATCH NEWS Exploit Likely This Week

Remote code execution in the Microsoft Windows DHCP Server role allows an unauthenticated, adjacent-network attacker to run arbitrary code by triggering a heap-based buffer overflow (CWE-122) in DHCP message parsing. Affected systems span Windows Server 2012 through Windows Server 2025 (including Server Core installations) plus the DHCP service on Windows 10 versions 1607 and 1809, with full confidentiality, integrity, and availability impact. Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +11
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2026-50396 HIGH PATCH This Week

Local privilege escalation in Windows Kernel-Mode Drivers on Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 lets an authenticated local attacker corrupt kernel memory via a use-after-free and gain SYSTEM-level control. Rated CVSS 7.0 (Important) and reported by Microsoft itself; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The high attack complexity (AC:H) reflects the race-condition nature typical of kernel UAF bugs, which tempers real-world exploitability despite full C/I/A impact.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 24H2 +4
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-50343 HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Microsoft Install Service (Windows Installer) affects supported Windows 10, Windows 11, and Windows Server 2019-2025 builds, letting an already-authenticated local user with limited rights (PR:L) elevate to SYSTEM. The flaw stems from improper privilege management (CWE-269) in how the service handles operations, yielding full confidentiality, integrity, and availability impact. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Microsoft Privilege Escalation Windows 10 Version 1809 Windows 10 Version 21H2 Windows 10 Version 22H2 +8
NVD
CVSS 3.1
7.8
EPSS
2.5%
CVE-2026-50331 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Application Model (the subsystem underlying UWP/packaged app lifecycle and activation) lets an authorized attacker with an existing low-privileged foothold gain SYSTEM-level control by triggering a use-after-free memory-corruption condition. All supported Windows client and server builds from Windows 10 1607 through Windows 11 26H1 and Windows Server 2016 through Server 2025 are affected. This is a Microsoft-reported flaw with a vendor patch available; there is no public exploit identified at time of analysis and it is not on CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +13
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50407 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Resilient File System (ReFS) driver allows an authenticated attacker to run code with SYSTEM-level privileges by triggering a heap-based buffer overflow. The flaw (CVSS 7.8) affects a broad range of Windows 10, Windows 11, and Windows Server 2016-2025 builds and carries high confidentiality, integrity, and availability impact. It is a Microsoft-reported issue with a vendor patch available, and there is no public exploit identified at time of analysis.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50341 MEDIUM PATCH Exploit Unlikely This Month

Buffer over-read in Windows NTFS allows an authorized attacker to disclose information locally.

Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2026-50327 HIGH PATCH NEWS Exploit Likely This Week

Local code execution in the Windows Media component of Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 allows an authenticated local attacker to run arbitrary code by triggering a heap-based buffer overflow. Successful exploitation yields high confidentiality, integrity, and availability impact within the current security context, and Microsoft has released a patch. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft Windows 11 Version 24H2 Windows 11 Version 25H2 +3
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2026-50380 CRITICAL PATCH NEWS Exploit Unlikely Act Now

Remote code execution in Microsoft Windows GDI+ (gdiplus) lets an unauthenticated network attacker run arbitrary code when a victim opens or renders a specially crafted image, via a heap-based buffer overflow (CWE-122). The flaw affects a broad range of supported Windows client and server builds (Windows 10 1607 through Windows 11 26H1, and Windows Server 2012 through 2025). It carries a critical CVSS 9.6 with a scope-changed impact, but requires user interaction and currently has no public exploit identified at time of analysis.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
9.6
EPSS
0.6%
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Windows File Explorer on a wide range of Microsoft Windows client and server versions exposes sensitive information to locally authenticated standard users, achieving high confidentiality impact without requiring elevated privileges. The flaw (CWE-200) is confined to the local attack surface - CVSS AV:L/PR:L - meaning the attacker must already hold an interactive session on the target system. No public exploit code and no CISA KEV listing have been identified at time of analysis; a vendor patch is available through Microsoft Security Response Center.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 +13
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 +13
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 +13
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in the Windows Runtime (WinRT) component of Windows 10, Windows 11, and Windows Server allows an authenticated attacker to run arbitrary code with elevated (SYSTEM-level) privileges by triggering a use-after-free memory-corruption condition (CWE-416). Microsoft has released a patch, but there is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV. The CVSS 3.1 score of 7.8 (High) with a fully local vector reflects meaningful post-compromise impact but requires the attacker to already have a foothold on the host.

Use After Free Memory Corruption Denial Of Service +11
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Ancillary Function Driver for WinSock (AFD.sys) allows an already-authenticated local attacker to gain elevated (SYSTEM-level) privileges across a broad range of Windows client and server releases from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. Reported internally by Microsoft with a patch available, the flaw carries CVSS 7.8 with full confidentiality, integrity, and availability impact but no confirmed active exploitation; no public exploit identified at time of analysis.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 1% CVSS 8.1
HIGH PATCH Exploit Unlikely This Week

Remote code execution in the Microsoft Message Queuing (MSMQ) Queue Manager affects a broad range of Windows client and server releases, from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. An unauthenticated network attacker who can reach the MSMQ service (TCP 1801) can trigger a use-after-free (CWE-416) in the Queue Manager to execute arbitrary code in the service context. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV, but the high CVSS (8.1), network attack vector, and lack of any authentication requirement make patched deployment urgent; exploitation is tempered by the High attack complexity (AC:H).

Use After Free Memory Corruption Denial Of Service +19
NVD
EPSS 0% CVSS 7.1
HIGH PATCH Exploit Unlikely This Week

Local integrity and availability tampering in the Microsoft Windows DNS component affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 (including Server Core), where an authorized attacker with low privileges can abuse improper access control to modify DNS data or disrupt the service. Microsoft self-reported the issue and has released a patch. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV, so exploitation would currently require local access on an already-compromised or shared host.

Authentication Bypass Microsoft Windows 11 Version 24H2 +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows Resilient File System (ReFS) lets an authenticated local attacker gain elevated (SYSTEM-level) privileges by triggering an untrusted pointer dereference in the ReFS driver. It affects a broad range of Windows 10, Windows 11, and Windows Server 2016-2025 builds. Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV, so risk is currently patch-and-move rather than emergency.

Microsoft Information Disclosure Windows 10 Version 1607 +13
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Exposure of sensitive information to an unauthorized actor in Windows Overlay Filter allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 +13
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Overlay Filter (WOF) driver affects a broad range of Windows client and server releases, from Windows 10 1607 and Server 2012 R2 through Windows 11 26H1 and Server 2025. An authenticated local attacker with low privileges can trigger a buffer over-read (CWE-126) in the filter to elevate to higher privileges, gaining full confidentiality, integrity, and availability impact on the host. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Buffer Overflow Microsoft Windows 10 Version 1607 +15
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in the Windows NTFS file-system driver lets an authenticated low-privileged user gain elevated (likely SYSTEM) privileges by exploiting an incorrect conversion between numeric types (CWE-681). Affected platforms span Windows 10 (1607 through 22H2), Windows 11 (24H2, 25H2, 26H1), and Windows Server 2012 through 2025. Microsoft reported the flaw and has shipped a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in the Windows Brokering File System component affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a use-after-free memory corruption (CWE-416) lets an already-authenticated local user elevate to higher privileges. Microsoft rates it CVSS 7.8 with full confidentiality, integrity, and availability impact, and has released a patch. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service +6
NVD
EPSS 0% CVSS 7.1
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Routing and Remote Access Service (RRAS) allows a low-privileged authenticated user to elevate to higher privileges on affected Windows 10, Windows 11, and Windows Server 2012 through 2025 systems. The flaw stems from a missing authentication check on a critical RRAS function (CWE-306), letting an already-authorized local attacker invoke privileged functionality without proper authorization. Microsoft has released a patch; there is no public exploit identified at time of analysis.

Authentication Bypass Microsoft Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH Exploit Unlikely This Month

Buffer over-read in Windows Print Spooler Components allows an authorized attacker to disclose information locally.

Buffer Overflow Microsoft Windows 10 Version 1809 +10
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Sensor Data Service allows an authenticated low-privileged user to gain full SYSTEM-level control on affected Windows 10, Windows 11, and Windows Server (2019-2025) systems. The flaw stems from incorrect access to an indexable resource (a range/bounds error, CWE-118) and yields high confidentiality, integrity, and availability impact per the CVSS 7.8 vector. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but Microsoft has released a patch.

Microsoft Information Disclosure Windows 10 Version 1809 +10
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH Exploit Unlikely This Month

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges with a physical attack.

Use After Free Memory Corruption Denial Of Service +12
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in the Windows Connected User Experiences and Telemetry service (DiagTrack) lets an already-authenticated user run arbitrary code with SYSTEM-level rights by triggering a CWE-843 type-confusion condition. The flaw affects a broad range of currently-supported Windows client and server builds, from Windows 10 1607 through Windows 11 26H1 and Windows Server 2016 through 2025. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Microsoft Memory Corruption Information Disclosure +14
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows NTFS file-system driver lets an already-authenticated low-privileged user read memory outside allocated bounds (CWE-125) to gain elevated privileges. It affects a broad Windows fleet spanning Windows 10 (1607 through 22H2), Windows 11 (24H2, 25H2, 26H1), and Windows Server 2012 through 2025. Reported by Microsoft with a patch available; no public exploit identified at time of analysis and it is not listed in CISA KEV.

Buffer Overflow Microsoft Information Disclosure +18
NVD
EPSS 0% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Privilege escalation in Windows Runtime (WinRT) via a use-after-free memory corruption flaw enables a locally authenticated low-privilege attacker to elevate to SYSTEM-level access on Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025. The CVSS scope change (S:C) confirms the exploit crosses a security boundary, yielding full confidentiality, integrity, and availability impact beyond the originating process. No public exploit identified at time of analysis; Microsoft has released a patch via MSRC.

Use After Free Memory Corruption Denial Of Service +6
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Local privilege escalation in the Windows Runtime affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a race condition (CWE-362) in the improperly synchronized handling of a shared resource lets an already-authenticated attacker win a timing window to gain higher privileges. Microsoft reported and patched the issue; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The CVSS 8.8 with scope-changed impact reflects that a low-privileged local user could reach full SYSTEM-level control of confidentiality, integrity, and availability.

Microsoft Race Condition Information Disclosure +5
NVD
EPSS 0% CVSS 8.0
HIGH PATCH Exploit Unlikely This Week

Elevation of privilege in the Microsoft Windows RPC API lets an unauthenticated attacker on an adjacent network gain higher privileges by exploiting an improper authentication weakness (CWE-287), provided a user is lured into an interaction. The flaw spans a broad range of client and server builds from Windows Server 2012 through Windows Server 2025 and Windows 10 1607 through Windows 11 26H1. No public exploit identified at time of analysis; the issue was reported by Microsoft, which has released a fix.

Authentication Bypass Microsoft Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Local privilege escalation in Windows User Interface Core (UI Core) affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a relative path traversal flaw lets an already-authenticated low-privileged user escalate to higher privileges on the local machine. The CVSS 3.1 score of 7.8 reflects full confidentiality, integrity, and availability impact once triggered, though attack requires local access and existing low-level privileges. Reported by Microsoft with a patch available; no public exploit identified at time of analysis and it is not listed in CISA KEV.

Microsoft Path Traversal Windows 11 Version 24H2 +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in the Windows Projected File System (ProjFS) driver lets an authenticated low-privileged attacker abuse a symbolic-link/junction race (CWE-59 link following) to redirect a privileged file operation and gain SYSTEM-level rights across Windows 10 (1809-22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2019/2022/2025. Microsoft has released a patch; there is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.

Microsoft Information Disclosure Windows 10 Version 1809 +10
NVD
EPSS 1% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Privilege escalation in Windows Remote Desktop Services (RDS) lets an authenticated, low-privileged attacker elevate to higher privileges across a network by triggering a use-after-free (CWE-416) memory-corruption condition in the RDS component. The flaw spans a broad range of supported Windows client and server releases (Windows 10/11 and Windows Server 2012 through 2025). Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service +19
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows NTFS (the New Technology File System driver) arises from a heap-based buffer overflow that lets an attacker run arbitrary code with the privileges of the affected process. The flaw affects a broad swath of supported Windows client and server builds, from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. Microsoft (the reporter) has shipped a patch; there is no public exploit identified at time of analysis, and the CVSS vector requires local access plus user interaction, so it is a privilege-escalation/code-execution primitive rather than a remotely-wormable bug.

Heap Overflow Buffer Overflow Microsoft +19
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure +14
NVD
EPSS 2% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Windows Kernel affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 (including Server Core), where an authorized attacker can exploit a use-after-free (CWE-416) memory-corruption condition to elevate privileges to SYSTEM. The flaw was reported by Microsoft, which has released a patch, and carries a CVSS 7.8 rating driven entirely by high confidentiality, integrity, and availability impact once local access is obtained. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service +6
NVD
EPSS 0% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in the Windows DirectX graphics component (CVE-2026-50382) lets an already-authenticated user run arbitrary code and, because the CVSS scope is Changed, break out of the calling security context to compromise the wider system. It affects a broad range of Windows client and server builds from Windows 10 1809 through Windows 11 26H1 and Windows Server 2019 through 2025. Microsoft has issued a patch; there is no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

Microsoft Information Disclosure Windows 10 Version 1809 +10
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Cryptographic Services allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows OLE (Object Linking and Embedding) component allows an already-authenticated, low-privileged user on affected Windows and Windows Server builds to elevate to higher privileges through an improper authorization check (CWE-285). Microsoft has released a patch, and no public exploit has been identified at time of analysis. Impact is high across confidentiality, integrity, and availability, though exploitation requires prior local code execution.

Authentication Bypass Microsoft Windows 10 Version 1607 +17
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH Exploit Unlikely This Month

Buffer over-read in Windows RDP allows an unauthorized attacker to disclose information over a network.

Buffer Overflow Microsoft Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Notification allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 2% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Local privilege elevation in the Windows Graphics Device Interface (GDI) component allows an already-authenticated, low-privileged user to run code at a higher privilege level by triggering a stack-based buffer overflow (CWE-121). Affected platforms span Windows 10 (1607 through 22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2012 through 2025, including Server Core installations. Reported by Microsoft with a patch available; no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Buffer Overflow Stack Overflow Microsoft +22
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in the Microsoft Windows NTFS file-system driver lets an attacker run arbitrary code by triggering a heap-based buffer overflow (CWE-122) when Windows parses crafted file-system metadata. The flaw spans a broad range of supported releases, from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. It carries a CVSS 7.8 (Important) rating, requires user interaction, has a vendor patch available, and no public exploit identified at time of analysis.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Filtering Platform (WFP) lets an authenticated low-privileged user gain higher privileges on affected Windows 10, Windows 11, and Windows Server systems (Server 2012 through Server 2025). Rooted in insufficient access-control granularity (CWE-1220), a local attacker with a valid session can manipulate WFP to reach SYSTEM-level access. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but Microsoft rates the confidentiality, integrity, and availability impact as High.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Kernel lets an already-authenticated attacker win a use-after-free race (CWE-416) to gain SYSTEM-level control, affecting a broad range of client and server builds from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. Microsoft has released a patch and there is no public exploit identified at time of analysis. The moderate 7.0 score reflects high attack complexity (a timing-dependent race) offset by full confidentiality, integrity and availability impact once triggered.

Use After Free Memory Corruption Denial Of Service +19
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH Exploit Unlikely This Month

Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows Cloud Files Mini Filter Driver allows an authorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure +11
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Key Guard affecting Windows 10 (1809/21H2/22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2019/2022/2025 allows an already-authenticated local attacker to win a race condition (CWE-362) and gain higher privileges. Reported by Microsoft with a patch now available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The CVSS 7.8 rating reflects full confidentiality, integrity, and availability impact once the timing window is exploited.

Microsoft Race Condition Information Disclosure +11
NVD
EPSS 2% CVSS 7.8
HIGH POC PATCH Exploit Likely This Week

Local privilege escalation in the Microsoft Windows Kernel allows an already-authenticated attacker to elevate to SYSTEM-level privileges across a wide range of Windows 10, Windows 11, and Windows Server builds. The flaw stems from improper access control (CWE-284) in kernel-mode code and requires local low-privileged access with no user interaction. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the trivial attack complexity and SYSTEM-level impact make it a standard patch-Tuesday priority.

Authentication Bypass Microsoft Windows 10 Version 21H2 +7
NVD
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Improper access control in Windows System allows an unauthorized attacker to bypass a security feature locally.

Authentication Bypass Microsoft Windows 11 Version 24H2 +5
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Group Policy component allows an already-authenticated user to elevate to higher privileges (up to SYSTEM) on affected Windows 10, Windows 11, and Windows Server 2012-2025 systems. The flaw stems from improper privilege management (CWE-269) and is reported by Microsoft with a patch available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. With CVSS 7.8 and full confidentiality, integrity, and availability impact, it is a strong candidate for the monthly patch cycle on endpoints and domain-joined servers.

Microsoft Privilege Escalation Windows 10 Version 1607 +17
NVD
EPSS 2% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Local privilege escalation in Microsoft Windows Media (the Windows Media component/codec subsystem) allows an already-authenticated local attacker to elevate to SYSTEM by triggering a use-after-free (CWE-416) memory corruption condition. The flaw affects a broad range of currently-supported Windows client and server releases, from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service +19
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege escalation in the Windows Runtime component of Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 allows an already-authenticated local attacker to win a race condition and gain higher privileges. The flaw was reported by Microsoft, which has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The high CVSS complexity (AC:H) reflects that the attacker must reliably win a timing window, tempering real-world exploitability despite the full compromise of confidentiality, integrity, and availability once triggered.

Microsoft Race Condition Information Disclosure +5
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Elevation of privilege in Microsoft Windows Runtime (WinRT) lets a remote, unauthenticated attacker win a timing window in a shared-resource race condition and gain higher privileges across a broad range of Windows client and server releases (Windows 10 1809 through Windows 11 26H1 and Windows Server 2019/2022/2025). Microsoft-reported and patched, the flaw carries CVSS 8.1, driven by full confidentiality, integrity, and availability impact but tempered by high attack complexity. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Authentication Bypass Microsoft Race Condition +11
NVD
EPSS 1% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Information disclosure in the Windows Kernel allows a remote, unauthenticated attacker to read out-of-bounds memory and leak sensitive data across all currently supported Windows client and server builds (Windows 10 1809/21H2/22H2, Windows 11 24H2/25H2/26H1, and Windows Server 2019/2022/2025). The CVSS 3.1 base score is 7.5 (AV:N/AC:L/PR:N/UI:N, high confidentiality impact only). There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the network-reachable, no-privilege, no-interaction profile makes it a broadly applicable patch-now item.

Buffer Overflow Microsoft Information Disclosure +11
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Elevation of privilege in the Windows Media component of Windows 11 (versions 24H2, 25H2, and 26H1) allows an authorized attacker to win a race condition and gain higher privileges over a network. The CVSS 3.1 base score is 7.5 with full confidentiality, integrity, and availability impact, though the high attack complexity reflects the timing precision needed to exploit the flaw. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Microsoft Race Condition Information Disclosure +3
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Elevation of privilege in the Windows Media component of Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 allows an already-authorized (PR:L) network attacker to win a race condition and gain higher privileges, with full confidentiality, integrity, and availability impact. Microsoft self-reported the flaw and has released a patch; there is no public exploit identified at time of analysis and it is not on the CISA KEV list. High attack complexity (AC:H) reflects the timing precision needed to exploit the race reliably.

Microsoft Race Condition Information Disclosure +5
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Elevation of privilege in the Windows Media component of Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 allows an authenticated attacker to win a race condition and gain higher privileges over the network. The CVSS 3.1 score of 8.8 reflects low-privilege network exploitation with high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and this CVE is not listed in CISA KEV, though Microsoft has released a patch.

Microsoft Race Condition Information Disclosure +5
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Media component of Windows 11 (versions 24H2, 25H2, and 26H1) allows an already-authenticated low-privileged user to run code with elevated (typically SYSTEM) rights by triggering a heap-based buffer overflow. Microsoft, the reporting party, has released a patch through its Update Guide. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV, so there is no evidence of active exploitation, though EIP-class memory-corruption bugs in core OS components are attractive follow-on targets after initial access.

Heap Overflow Buffer Overflow Microsoft +3
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege escalation in Microsoft Windows via the LUAFV (LUA File Virtualization, luafv.sys) driver allows an already-authenticated low-privileged user to win a timing race and elevate to SYSTEM/administrator on affected Windows client and server builds. The flaw stems from improper synchronization around a shared resource (CWE-362) and carries a CVSS 7.0 (AV:L/AC:H/PR:L) reflecting a local, high-complexity attack. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but Microsoft has released a patch.

Microsoft Race Condition Information Disclosure +18
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Runtime (WinRT) affects a broad range of supported Windows client and server releases, from Windows 10 1809 and Windows Server 2019 through Windows 11 26H1 and Windows Server 2025. An authorized local attacker who can execute low-privilege code can trigger a use-after-free (CWE-416) memory-corruption condition to elevate privileges, yielding full confidentiality, integrity, and availability impact on the host. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; Microsoft has released a patch.

Use After Free Memory Corruption Denial Of Service +12
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows Runtime (WinRT) affects a broad range of Windows client and server builds, from Windows 10 1809 through Windows 11 26H1 and Windows Server 2019 through 2025. An authorized local attacker who can run low-privileged code can trigger a use-after-free memory-corruption condition to elevate to higher privileges, with high confidentiality, integrity, and availability impact implying a path to SYSTEM. No public exploit identified at time of analysis, and the flaw is not on CISA KEV; a vendor patch is available.

Use After Free Memory Corruption Denial Of Service +12
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in the Microsoft Windows NTFS driver stems from an out-of-bounds read (CWE-125) that an attacker can leverage to run arbitrary code on affected systems, spanning Windows 10 (1607 through 22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2012 through 2025. Exploitation requires local access and user interaction (AV:L/UI:R), typically opening or mounting a maliciously crafted file or volume, but no prior authentication (PR:N). Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Buffer Overflow Microsoft Information Disclosure +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows DirectX graphics kernel subsystem allows an authenticated attacker to elevate to SYSTEM by triggering a use-after-free (CWE-416) memory-corruption condition across Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025. The CVSS 3.1 vector (7.8, AV:L/PR:L) confirms local access and low existing privileges are required with no user interaction, yielding full confidentiality, integrity, and availability impact. Reported by Microsoft with a vendor patch available; no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service +6
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Search component lets an already-authenticated low-privilege user gain SYSTEM-level rights through improper access control (CWE-284). It affects all currently supported Windows client and server builds from Windows 10 1809 through Windows 11 26H1 and Windows Server 2019 through 2025. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV, but Microsoft has released a patch.

Authentication Bypass Microsoft Windows 10 Version 1809 +10
NVD
EPSS 0% CVSS 7.1
HIGH PATCH Exploit Unlikely This Week

Local information disclosure in the Windows Container Isolation FS Filter Driver (unionfs.sys) on Windows 11 version 26H1 allows an authorized low-privileged user to read memory outside intended bounds and disclose sensitive kernel or process data. The flaw was reported by Microsoft, a vendor patch is available, and there is no public exploit identified at time of analysis. CVSS 7.1 (AV:L) reflects local access with low privileges but high confidentiality impact.

Buffer Overflow Microsoft Information Disclosure +1
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Media component affects a broad range of Microsoft Windows client and server editions (Windows 10 1607 through Windows 11 26H1, and Windows Server 2016 through 2025). A low-privileged authenticated attacker can abuse a use-after-free (CWE-416) memory corruption flaw to elevate to higher privileges, achieving full confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and the flaw is not on CISA KEV, but the high attack complexity (a likely race condition) is the main barrier to reliable exploitation.

Use After Free Memory Corruption Denial Of Service +15
NVD
EPSS 0% CVSS 3.3
LOW PATCH Exploit Unlikely Monitor

Exposure of sensitive information to an unauthorized actor in Windows Win32K allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 11 Version 24H2 +4
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege elevation in the Windows Media component of Windows 11 (versions 24H2, 25H2, and 26H1) allows an already-authenticated local attacker to win a race condition and gain higher privileges on the host. The flaw is a concurrency/synchronization defect (CWE-362) reported by Microsoft itself; no public exploit identified at time of analysis and it is not listed in CISA KEV. Exploitation is rated high-complexity because the attacker must reliably win a timing window, which tempers the otherwise high confidentiality, integrity, and availability impact.

Microsoft Race Condition Information Disclosure +3
NVD
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Elevation of privilege in the Windows Runtime (WinRT) component of Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 allows an authenticated attacker to gain higher privileges by exploiting a use-after-free memory-corruption flaw over the network. Microsoft, who reported the issue, has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The high CVSS (8.5) is driven by a scope change and full confidentiality/integrity/availability impact, though high attack complexity tempers real-world exploitability.

Use After Free Memory Corruption Denial Of Service +6
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 lets an already-authenticated, low-privileged attacker win a race condition (CWE-362) over an improperly synchronized shared resource to elevate privileges. Reported by Microsoft itself, the flaw carries a CVSS 7.0 and per SSVC has total technical impact but is not automatable and shows no observed exploitation; no public exploit is identified at time of analysis. EPSS is low at 0.24% (16th percentile), consistent with the high attack complexity of reliably timing the race.

Microsoft Race Condition Information Disclosure +5
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege elevation in the Windows Brokering File System (bfs.sys/brokering component) lets an authenticated low-privileged user corrupt kernel memory via a double free (CWE-415) to gain SYSTEM-level privileges on Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025. A Microsoft-released patch is available. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; EPSS data was not provided.

Microsoft Information Disclosure Windows 11 Version 24H2 +4
NVD
EPSS 2% CVSS 6.3
MEDIUM PATCH Exploit Likely This Month

Heap-based buffer overflow in Windows DirectX allows an authorized attacker to elevate privileges locally.

Heap Overflow Buffer Overflow Microsoft +11
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Elevation of privilege in Microsoft Windows (Windows 10 1809/21H2/22H2, Windows 11 24H2/25H2/26H1, and Windows Server 2019/2022/2025) allows a locally authenticated attacker to escalate to higher privileges via an improper access control weakness (CWE-284). An attacker who already holds a low-privilege foothold on the host can gain full confidentiality, integrity, and availability impact over the system. No public exploit identified at time of analysis, though the flaw was reported by Microsoft and a vendor patch is available.

Authentication Bypass Microsoft Windows 10 Version 1809 +10
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege escalation in the Windows Runtime (WinRT) affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a race condition (CWE-362) in the handling of a shared resource allows an already-authenticated low-privileged attacker to win a timing window and elevate to higher privileges. Exploitation requires winning a non-deterministic race (AC:H) and low-level access to the target host (PR:L, AV:L), and there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Microsoft has published an advisory and released a patch.

Microsoft Race Condition Information Disclosure +5
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege escalation in the Windows Runtime (WinRT) component of Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 allows an authenticated local attacker to win a race condition and gain higher privileges. The flaw stems from improper synchronization of a shared resource (CWE-362); successful exploitation yields high confidentiality, integrity, and availability impact. No public exploit is identified at time of analysis, and it is not listed in CISA KEV; Microsoft has released a patch.

Microsoft Race Condition Information Disclosure +5
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Privilege escalation in the Windows Runtime (WinRT) allows a network-based, unauthenticated attacker to win a race condition and gain elevated privileges on affected Windows 10, Windows 11 (through 26H1), and Windows Server 2019-2025 systems. Microsoft self-reported the flaw and has shipped a fix; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The CVSS vector (AV:N/AC:H) reflects a real but timing-dependent attack that is non-trivial to reproduce reliably.

Authentication Bypass Microsoft Race Condition +11
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Network-based privilege elevation in the Windows Runtime (WinRT) affects a broad range of Microsoft platforms including Windows 10 (1809 through 22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2019/2022/2025. An unauthorized attacker who wins a timing race in the improperly synchronized shared-resource handling can gain elevated privileges, with the vulnerability carrying an implicit authentication-bypass characteristic per vendor tags. No public exploit has been identified at time of analysis, and the high attack complexity (AC:H) reflects the need to reliably win a race window.

Authentication Bypass Microsoft Race Condition +11
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Windows Kernel (CVE-2026-50390) lets an already-authenticated attacker abuse a type-confusion condition to run code with elevated (SYSTEM-level) privileges on affected Windows client and server builds ranging from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025. Microsoft has shipped a fix and there is no public exploit identified at time of analysis, but as a kernel EoP it is a classic second-stage building block for turning a foothold into full host compromise. CVSS is 7.0 (High), reflecting high attack complexity but full confidentiality, integrity, and availability impact once triggered.

Microsoft Memory Corruption Information Disclosure +18
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally.

Buffer Overflow Microsoft Information Disclosure +14
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local code execution in Microsoft's Resilient File System (ReFS) driver lets an already-authenticated, low-privileged user on affected Windows 10, Windows 11, and Windows Server 2016–2025 systems escalate to code execution through a numeric truncation flaw (CWE-197). No public exploit has been identified at time of analysis, and it is not on CISA KEV, but Microsoft has released a patch. Note a data conflict: the description states code execution and the CVSS carries C:H/I:H/A:H, yet the vendor tags label it 'Information Disclosure' — the CVSS-backed local elevation-of-privilege reading is treated as authoritative here.

Microsoft Information Disclosure Windows 10 Version 1607 +13
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Use After Free Memory Corruption Denial Of Service +19
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH Exploit Unlikely This Month

Integer overflow or wraparound in Windows Devices Human Interface allows an authorized attacker to disclose information locally.

Information Disclosure Microsoft Integer Overflow +11
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 +13
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1809 +10
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 21H2 +7
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in Windows Image Acquisition (WIA) affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a NULL pointer dereference can be leveraged by an already-authenticated local user to elevate privileges. Microsoft rates it 7.8 (High) with full confidentiality, integrity, and availability impact despite the flaw class typically causing denial of service. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.

Microsoft Denial Of Service Null Pointer Dereference +5
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Internal System User Profile component allows an already-authenticated attacker to gain elevated (SYSTEM-level) privileges by triggering a use-after-free memory corruption condition (CWE-416). The flaw affects Windows 10 (21H2/22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2025 including Server Core. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the CVSS 7.8 rating and full high impact on confidentiality, integrity, and availability make it a meaningful patch-cycle priority.

Use After Free Memory Corruption Denial Of Service +8
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege escalation in the Microsoft Windows USB driver stack lets an already-authenticated low-privileged user win a race condition (CWE-362) to gain SYSTEM-level control across Windows 10 (1607-22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2012 through 2025. Reported by Microsoft with a patch available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. EPSS is low (0.19%, 9th percentile) and SSVC rates exploitation as none but technical impact as total, indicating high damage potential if a working exploit is developed.

Microsoft Race Condition Information Disclosure +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local code execution in Microsoft Windows arises from a heap-based buffer overflow in a Windows Data DLL, letting an attacker who can get a victim to open crafted content run arbitrary code with the victim's privileges. Affected builds span Windows 10 (1607 through 22H2), Windows 11 (24H2, 25H2, 26H1), and Windows Server 2012 through 2025. Microsoft (the reporter) has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 1% CVSS 8.8
HIGH PATCH Exploit Likely This Week

Remote code execution in the Microsoft Windows DHCP Server role allows an unauthenticated, adjacent-network attacker to run arbitrary code by triggering a heap-based buffer overflow (CWE-122) in DHCP message parsing. Affected systems span Windows Server 2012 through Windows Server 2025 (including Server Core installations) plus the DHCP service on Windows 10 versions 1607 and 1809, with full confidentiality, integrity, and availability impact. Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft +13
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege escalation in Windows Kernel-Mode Drivers on Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 lets an authenticated local attacker corrupt kernel memory via a use-after-free and gain SYSTEM-level control. Rated CVSS 7.0 (Important) and reported by Microsoft itself; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The high attack complexity (AC:H) reflects the race-condition nature typical of kernel UAF bugs, which tempers real-world exploitability despite full C/I/A impact.

Use After Free Memory Corruption Denial Of Service +6
NVD
EPSS 3% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Microsoft Install Service (Windows Installer) affects supported Windows 10, Windows 11, and Windows Server 2019-2025 builds, letting an already-authenticated local user with limited rights (PR:L) elevate to SYSTEM. The flaw stems from improper privilege management (CWE-269) in how the service handles operations, yielding full confidentiality, integrity, and availability impact. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Microsoft Privilege Escalation Windows 10 Version 1809 +10
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Application Model (the subsystem underlying UWP/packaged app lifecycle and activation) lets an authorized attacker with an existing low-privileged foothold gain SYSTEM-level control by triggering a use-after-free memory-corruption condition. All supported Windows client and server builds from Windows 10 1607 through Windows 11 26H1 and Windows Server 2016 through Server 2025 are affected. This is a Microsoft-reported flaw with a vendor patch available; there is no public exploit identified at time of analysis and it is not on CISA KEV.

Use After Free Memory Corruption Denial Of Service +15
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Resilient File System (ReFS) driver allows an authenticated attacker to run code with SYSTEM-level privileges by triggering a heap-based buffer overflow. The flaw (CVSS 7.8) affects a broad range of Windows 10, Windows 11, and Windows Server 2016-2025 builds and carries high confidentiality, integrity, and availability impact. It is a Microsoft-reported issue with a vendor patch available, and there is no public exploit identified at time of analysis.

Heap Overflow Buffer Overflow Microsoft +14
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Buffer over-read in Windows NTFS allows an authorized attacker to disclose information locally.

Buffer Overflow Microsoft Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Local code execution in the Windows Media component of Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 allows an authenticated local attacker to run arbitrary code by triggering a heap-based buffer overflow. Successful exploitation yields high confidentiality, integrity, and availability impact within the current security context, and Microsoft has released a patch. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft +5
NVD
EPSS 1% CVSS 9.6
CRITICAL PATCH Exploit Unlikely Act Now

Remote code execution in Microsoft Windows GDI+ (gdiplus) lets an unauthenticated network attacker run arbitrary code when a victim opens or renders a specially crafted image, via a heap-based buffer overflow (CWE-122). The flaw affects a broad range of supported Windows client and server builds (Windows 10 1607 through Windows 11 26H1, and Windows Server 2012 through 2025). It carries a critical CVSS 9.6 with a scope-changed impact, but requires user interaction and currently has no public exploit identified at time of analysis.

Heap Overflow Buffer Overflow Microsoft +18
NVD
Prev Page 4 of 193 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy