Skip to main content

Windows Server 2019

4241 CVEs product

Monthly

CVE-2026-54122 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows GDI+ (the graphics rendering component) via a heap-based buffer overflow (CWE-122), affecting a broad range of Windows client and server releases from Windows 10 1607 through Windows 11 26H1 and Server 2012 through Server 2025. Per the supplied CVSS vector (PR:N), an unauthorized attacker who gets the vulnerable component to process crafted graphics data can achieve high-impact code execution (C:H/I:H/A:H) on the local system. Microsoft has published a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
8.4
EPSS
0.3%
CVE-2026-54995 HIGH PATCH NEWS This Week

Remote code execution in the Windows Reliable Multicast Transport Driver (RMCAST) lets an unauthenticated network attacker trigger a use-after-free (CWE-416) and run arbitrary code on a broad range of Windows 10, Windows 11, and Windows Server systems (Server 2012 through Server 2025). Rated CVSS 8.1, the flaw carries high impact to confidentiality, integrity, and availability but requires winning a race condition (AC:H), and no public exploit identified at time of analysis. Reported by Microsoft with a vendor patch available.

Use After Free Memory Corruption Denial Of Service Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2026-55003 MEDIUM PATCH This Month

Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2026-54999 HIGH PATCH NEWS Exploit Unlikely This Week

Remote code execution in the Microsoft Windows TCP/IP networking stack allows an unauthenticated attacker on the same physical or logical network segment to win a race condition and run arbitrary code on the target. The flaw spans a broad range of desktop and server builds from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025. There is no public exploit identified at time of analysis, but Microsoft has confirmed the issue and shipped a patch, and the high CVSS (8.8) plus network-facing kernel component make it a priority to remediate.

Authentication Bypass Microsoft Race Condition Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-54997 MEDIUM PATCH This Month

Information disclosure via uninitialized memory in the Windows SMB driver stack affects a broad range of Windows 10, Windows 11, and Windows Server versions. A locally authenticated, low-privileged attacker can trigger a code path that reads from uninitialized memory within the SMB subsystem, potentially leaking sensitive kernel or heap memory contents. No public exploit code or active exploitation has been identified at the time of analysis; Microsoft has released a patch via MSRC.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2026-54119 HIGH PATCH This Week

Denial of service in Windows Active Directory (spanning Windows 10, Windows 11, and Windows Server 2012 through 2025) lets a remote, unauthenticated attacker send crafted network traffic that drives an AD service into an infinite loop, exhausting CPU and rendering domain services unavailable. Because the CVSS vector is AV:N/AC:L/PR:N/UI:N with high availability impact and no confidentiality or integrity loss, this is a pure availability threat against domain controllers. Microsoft has released a patch; there is no public exploit identified at time of analysis and no CISA KEV listing.

Microsoft Denial Of Service Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2026-54114 HIGH PATCH Exploit Likely This Week

Local privilege escalation in Microsoft Windows Win32K (the kernel-mode GUI subsystem) allows an authenticated local user to elevate to SYSTEM by triggering a use-after-free (CWE-416) memory corruption condition. The flaw affects a broad range of supported builds spanning Windows 10 1809 through Windows 11 26H1 and Windows Server 2019 through 2025, including Server Core installations. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1809 +10
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2026-54982 HIGH PATCH NEWS Exploit Unlikely This Week

Remote code execution in the Windows Reliable Multicast Transport Driver (RMCAST) lets an unauthenticated attacker on the same network segment run arbitrary code by triggering an integer underflow (CWE-191) during multicast message processing. All supported Windows client and server builds from Windows Server 2012 through Windows Server 2025 and Windows 10 1607 through Windows 11 26H1 are affected. There is no public exploit identified at time of analysis, but the CVSS 8.8 adjacent-network unauthenticated profile and Microsoft's own reporting make this a high-priority patch.

Authentication Bypass Integer Overflow Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-54109 HIGH PATCH This Week

Local privilege escalation to code execution in the Windows Resilient File System (ReFS) driver affects a broad range of Windows 10/11 and Windows Server 2016 through 2025 releases, where an integer overflow (CWE-190) in filesystem processing lets an already-authenticated local user run arbitrary code in an elevated context. The CVSS 3.1 vector (AV:L/PR:L) confirms low-privileged local access is required rather than remote exploitation, and there is no public exploit identified at time of analysis. Microsoft has released a patch via MSRC.

Buffer Overflow Microsoft Integer Overflow Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-54992 HIGH POC PATCH NEWS Exploit Likely This Week

Local code execution in the Microsoft Message Queuing (MSMQ) Queue Manager affects a broad range of Windows client and server releases from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. A heap-based buffer overflow (CWE-122) lets an attacker who can reach the local MSMQ service run arbitrary code with high confidentiality, integrity, and availability impact; the CVSS 3.1 base score is 8.4 with a local attack vector but no privileges or user interaction required. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the vendor (Microsoft) has released a patch.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
8.4
EPSS
0.4%
CVE-2026-55004 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Printer Drivers component across Windows 10, Windows 11 (through 26H1), and Windows Server 2012 through 2025 lets an already-authenticated attacker corrupt kernel-adjacent memory to gain higher privileges. The flaw is a double free (CWE-415) triggered locally by a low-privileged user, yielding high confidentiality, integrity, and availability impact (CVSS 7.8). No public exploit identified at time of analysis, and it is not listed in CISA KEV.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-54112 HIGH PATCH This Week

Local privilege escalation in the Windows Win32K kernel-mode subsystem allows an already-authenticated attacker to win a race condition (CWE-362) and elevate to SYSTEM-level privileges across supported Windows 10, Windows 11, and Windows Server 2019-2025 builds. Reported by Microsoft with a vendor patch available; there is no public exploit identified at time of analysis and EPSS is low (0.16%, 5th percentile). CVSS 7.0 reflects high attack complexity (AC:H) driven by the timing-window nature of the flaw and the requirement for existing low-privilege access (PR:L).

Microsoft Race Condition Information Disclosure Windows 10 Version 1809 Windows 10 Version 21H2 +9
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-55001 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Active Directory certificate-validation path lets an already-authenticated attacker on Windows 10 (1607/1809) and Windows Server 2016 through 2025 (including Server Core) improperly validate a certificate to gain higher privileges. Microsoft reported and patched the flaw (CWE-295), but there is no public exploit identified at time of analysis and it is not on CISA KEV. The CVSS 7.8 vector (AV:L/PR:L) confirms an authenticated local attacker with full confidentiality, integrity, and availability impact upon success.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows Server 2016 +6
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-54993 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows Media Foundation lets an unauthorized attacker run arbitrary code by luring a user into opening a specially crafted media file. The flaw affects a broad range of Windows 10, Windows 11, and Windows Server builds (from 1809 through Windows 11 26H1 and Server 2025), and Microsoft has released patches. No public exploit identified at time of analysis, but the low attack complexity and full C/I/A impact make it a standard Patch-Tuesday priority.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1809 Windows 10 Version 21H2 +9
NVD VulDB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-54986 HIGH PATCH Exploit Likely This Week

Local privilege escalation in Microsoft Windows Win32K (the kernel-mode GUI subsystem) lets an already-authenticated low-privilege user corrupt kernel heap memory via a heap-based buffer overflow (CWE-122) to gain SYSTEM-level control. The flaw affects a broad range of client and server builds (Windows 10 1607 through Windows 11 26H1, and Windows Server 2016 through 2025). Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2026-54107 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Win32K kernel-mode subsystem allows an authenticated low-privileged user to win a race condition and elevate to SYSTEM across Windows 10, Windows 11 (through 26H1), and Windows Server 2012 through 2025. Reported by Microsoft with a patch available, it carries CVSS 7.0 but a high attack complexity (AC:H) reflecting the timing-sensitive nature of the flaw. There is no public exploit identified at time of analysis, and EPSS is low (0.19%, 9th percentile), consistent with CISA SSVC rating exploitation as 'none.'

Microsoft Race Condition Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-54132 MEDIUM PATCH Exploit Unlikely This Month

Heap-based buffer overflow in Windows Kernel allows an unauthorized attacker to elevate privileges with a physical attack.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +9
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2026-50697 HIGH PATCH This Week

Local privilege escalation in the Windows Common Log File System (CLFS) Driver allows an already-authenticated, low-privileged user to elevate to SYSTEM on a wide range of Windows client and server releases. Microsoft classifies the root cause as exposure of sensitive information (CWE-200), but the CVSS impact profile (C:H/I:H/A:H) reflects that the leaked kernel data enables full local privilege escalation. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, though CLFS has historically been a heavily exploited elevation-of-privilege target in Windows.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50696 HIGH PATCH This Week

Network denial of service in the Windows Internet Key Exchange (IKE) protocol implementation allows an unauthenticated remote attacker to crash affected systems by triggering a heap-based buffer overflow. All impact is to availability only (CVSS 7.5, A:H, no confidentiality or integrity loss), making this a reliability/uptime threat against IPsec/VPN-facing Windows 10, Windows 11, and Windows Server hosts rather than a code-execution vulnerability. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the low attack complexity and lack of authentication make it a meaningful patching priority for internet-exposed IPsec endpoints.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1809 Windows 10 Version 21H2 +9
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2026-54987 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Overlay Filter (WOF) driver allows an authenticated low-privileged user to elevate to SYSTEM by triggering a heap-based buffer overflow (CWE-122). The flaw spans a broad range of client and server SKUs from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 R2 through Server 2025. Microsoft has shipped a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +14
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-54989 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Quality Windows Audio/Video Experience (QWAVE) service lets an already-authenticated, low-privileged user elevate to higher privileges by exploiting a use-after-free (CWE-416) memory-corruption condition. The flaw spans a broad range of builds from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. Microsoft has released a patch; there is no public exploit identified at time of analysis, and the CVSS 3.1 base score is 7.0 (AV:L/AC:H/PR:L).

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +17
NVD VulDB
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-54129 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Hyper-V (CWE-416 use-after-free) allows an authenticated attacker already running low-privileged code on an affected host to elevate to higher privileges, with full confidentiality, integrity, and availability impact. Reported by Microsoft and affecting a broad range of Windows 10, Windows 11, and Windows Server builds including Server 2019/2022/2025. No public exploit identified at time of analysis, and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1809 +10
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-50695 HIGH PATCH This Week

Denial of service in Microsoft Active Directory Federation Services (AD FS) allows a remote, unauthenticated attacker to crash the service by triggering a stack-based buffer overflow over the network (CVSS 7.5, availability-only impact). Because AD FS brokers single sign-on and federated authentication, a successful attack can knock out login for every downstream application that relies on it. No public exploit has been identified at time of analysis, and it is not listed in CISA KEV.

Buffer Overflow Stack Overflow Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2026-54983 HIGH PATCH This Week

Denial of service in Microsoft Active Directory Federation Services (AD FS) lets a remote, unauthenticated attacker crash the service by triggering a stack-based buffer overflow (CWE-121) over the network. The flaw affects AD FS as shipped across a broad range of Windows client and server builds (Windows 10/11 and Windows Server 2012 through 2025). Microsoft - the reporting party - has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Buffer Overflow Stack Overflow Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2026-49784 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows App Store component (Windows 10 1607 through Windows 11 26H1, and Windows Server 2016 through 2025) allows an authorized low-privileged attacker to win a race condition on an improperly synchronized shared resource and gain higher privileges. Exploitation is local-only and high-complexity because it depends on reliably hitting a narrow timing window, and no public exploit has been identified at time of analysis. A vendor patch is available via Microsoft's MSRC update guide.

Microsoft Race Condition Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-49177 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows TCP/IP allows an authorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2026-49174 MEDIUM PATCH This Month

Missing authentication for critical function in Microsoft Windows DNS allows an authorized attacker to perform tampering locally.

Authentication Bypass Microsoft Windows 10 Version 1809 Windows 10 Version 21H2 Windows 10 Version 22H2 +8
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2026-49172 CRITICAL PATCH Exploit Unlikely Act Now

Remote code execution in the Microsoft Windows FTP Service allows an unauthenticated network attacker to run arbitrary code by triggering a heap-based buffer overflow (CWE-122). The flaw affects the FTP service across a broad range of Windows 10, Windows 11, and Windows Server (2019/2022/2025) builds and carries a critical CVSS 9.8 rating with no authentication or user interaction required. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the unauthenticated, network-reachable nature of the bug makes it a high-priority patch target.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +11
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2026-49176 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows WalletService allows an authenticated low-privileged attacker to gain SYSTEM-level rights on the host, per CVSS:3.1 AV:L/AC:L/PR:L (7.8, High). The flaw stems from improper privilege management (CWE-269) in the WalletService component and affects a broad range of Windows client and server builds. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but a vendor patch from Microsoft is available.

Microsoft Privilege Escalation Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +11
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-49171 HIGH PATCH Exploit Unlikely This Week

Local privilege elevation in the Windows Speech component (Text-to-Speech / speech runtime) affects a broad range of Windows 10, Windows 11, and Windows Server releases, where a use-after-free (CWE-416) lets an already-authenticated local user corrupt memory to run code at higher privilege. Exploitation is non-trivial - it requires local access, low-level authentication, user interaction, and winning a memory-timing condition - and the CVSS 7.5 rating reflects a scope-changed, high-impact outcome. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV, so this is a patch-on-cycle EoP rather than an emergency.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +13
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-49170 HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Windows StateRepository API lets an already-authenticated low-privileged user gain higher (typically SYSTEM-level) privileges due to insufficiently granular access control (CWE-1220). It affects a broad range of currently supported Windows client and server builds (Windows 10 1809 through Windows 11 26H1, and Windows Server 2019/2022/2025). The flaw was reported by Microsoft, a vendor patch is available, and there is no public exploit identified at time of analysis (not listed in CISA KEV).

Microsoft Information Disclosure Windows 10 Version 1809 Windows 10 Version 21H2 Windows 10 Version 22H2 +8
NVD
CVSS 3.1
7.8
EPSS
2.5%
CVE-2026-49168 MEDIUM PATCH Exploit Unlikely This Month

Integer overflow or wraparound in Windows Storage Spaces Direct allows an unauthorized attacker to elevate privileges with a physical attack.

Buffer Overflow Microsoft Integer Overflow Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2026-49167 MEDIUM PATCH Exploit Unlikely This Month

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1809 +10
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2026-49165 HIGH PATCH Exploit Unlikely This Week

Local information disclosure in the Microsoft Windows App Store (Store/AppX component) affects a broad range of Windows 10, Windows 11, and Windows Server releases (1607 through 26H1, Server 2016/2019/2022/2025). An authorized local attacker can leverage a use of uninitialized resource (CWE-908) to read memory contents that should not be exposed, with CVSS 7.1 reflecting high confidentiality impact but requiring low-privileged authenticated local access. There is no public exploit identified at time of analysis, it is not listed in CISA KEV, and Microsoft has released a patch via the MSRC update guide.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +11
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2026-49164 HIGH PATCH NEWS This Week

Remote code execution in Microsoft Active Directory Domain Services (AD DS) allows an unauthenticated network attacker to corrupt heap memory and run arbitrary code on affected domain controllers. The flaw (CVE-2026-49164, CVSS 8.1) spans a broad range of Windows client and server builds from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025, with full confidentiality, integrity, and availability impact. Microsoft has released a patch; there is no public exploit identified at time of analysis, and the high attack complexity (AC:H) tempers the practical exploitation likelihood.

Heap Overflow Buffer Overflow Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2026-42990 CRITICAL PATCH Act Now

Remote code execution in the Microsoft ODBC Driver for SQL Server (shipped across Windows 10, Windows 11, and Windows Server 2012 through 2025) stems from a heap-based buffer overflow that lets an attacker run arbitrary code over the network. The supplied CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N) scores it 9.8 and marks it unauthenticated, though as a database driver flaw the realistic trigger is a client connecting to a malicious or compromised SQL Server endpoint. There is no public exploit identified at time of analysis and no CISA KEV listing, so this is a high-severity but not yet actively-exploited issue.

Heap Overflow Buffer Overflow Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +16
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2026-42975 HIGH PATCH Exploit Unlikely This Week

Remote code execution in the Windows Bluetooth Port Driver lets an adjacent, unauthenticated attacker corrupt heap memory to run arbitrary code on the target after minimal user interaction. The flaw (CWE-122 heap-based buffer overflow) affects a broad range of client and server SKUs from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through 2025, with full confidentiality, integrity, and availability impact (CVSS 8.0). There is no public exploit identified at time of analysis, but a vendor patch is available from Microsoft.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2026-42900 HIGH PATCH This Week

Privilege elevation in the Windows App Store component affects a broad range of Microsoft Windows client and server releases (Windows 10 1607 through Windows 11 26H1, and Windows Server 2016 through 2025), where a race condition (CWE-362) lets an unauthorized attacker win a timing window to gain elevated privileges over a network. The CVSS 3.1 score is 8.1 with a network vector and no authentication (PR:N), but high attack complexity (AC:H) reflects the difficulty of reliably winning the race. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; a vendor patch is available from Microsoft.

Authentication Bypass Microsoft Race Condition Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2026-34346 MEDIUM PATCH Exploit Unlikely This Month

Cleartext transmission of sensitive information in Windows Ancillary Function Driver for WinSock allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +16
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2026-34349 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Media allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1809 Windows 10 Version 21H2 Windows 10 Version 22H2 +8
NVD VulDB
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-42982 HIGH PATCH NEWS Exploit Unlikely This Week

Local privilege escalation in Windows Secure Kernel Mode (SKM/VTL1) allows an already-authenticated attacker to elevate to higher privileges on affected Windows 10, Windows 11 (through 26H1), and Windows Server 2016-2025 systems. The flaw stems from improper consistency validation of input crossing the trust boundary into the isolated secure kernel (CWE-1288), yielding full confidentiality, integrity, and availability impact on the local host. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +12
NVD VulDB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50507 MEDIUM PATCH Exploit Likely This Month

BitLocker's protection mechanism on Windows fails to enforce a critical authentication or verification step, permitting a physically present attacker to bypass full-disk encryption without credentials, a recovery key, or elevated privileges. Despite a CVSS score of 6.8 (Medium) - moderated by the physical access requirement - the impact ratings are High across confidentiality, integrity, and availability, meaning successful exploitation grants complete access to encrypted data and the underlying system. No public exploit has been identified at time of analysis, and Microsoft has released a patch via the MSRC update guide.

Authentication Bypass Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +10
NVD VulDB
CVSS 3.1
6.8
EPSS
0.1%
CVE-2026-48578 HIGH PATCH Exploit Unlikely This Week

Security feature bypass in Windows Secure Boot enables a local high-privileged attacker to defeat the platform's boot-time integrity protections, achieving high confidentiality and integrity impact across a changed security scope. The flaw stems from a protection mechanism failure (CWE-284, Improper Access Control) that undermines the trust boundary Secure Boot is designed to enforce. At the time of analysis, no public exploit has been identified and the issue is not listed in CISA KEV, but the scope-changed CVSS of 7.9 reflects the severity of subverting a root-of-trust security control.

Authentication Bypass Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +10
NVD VulDB
CVSS 3.1
7.9
EPSS
0.1%
CVE-2026-48576 HIGH PATCH Exploit Unlikely This Week

Security feature bypass in Windows Secure Boot allows a high-privileged local attacker to circumvent the boot integrity protection mechanism, undermining trust in the Windows boot chain. The flaw (CWE-1329, reliance on a component that is not updateable) carries a CVSS 7.9 rating due to scope change and high impact on confidentiality and integrity, and no public exploit has been identified at time of analysis. Successful exploitation could enable pre-OS persistence such as bootkits, defeating a foundational Windows security control.

Authentication Bypass Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +10
NVD VulDB
CVSS 3.1
7.9
EPSS
0.3%
CVE-2026-48573 HIGH PATCH Exploit Unlikely This Week

Secure Boot bypass in Microsoft Windows allows an authorized local attacker with high privileges to defeat the platform's protection mechanism and tamper with the pre-OS boot chain. The CVSS 7.9 score reflects a scope-changing impact on confidentiality and integrity from a local vector, and no public exploit identified at time of analysis. The single MSRC reference indicates a Microsoft-tracked issue that primarily threatens code-integrity and boot-trust guarantees rather than runtime availability.

Authentication Bypass Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +10
NVD VulDB
CVSS 3.1
7.9
EPSS
0.3%
CVE-2026-48563 HIGH PATCH NEWS Exploit Unlikely This Week

Remote code execution in Microsoft Remote Desktop Client is possible via a heap-based buffer overflow that an unauthenticated remote attacker can trigger when a user is convinced to connect to a malicious RDP server. The flaw is rated CVSS 7.5 (High) with attack complexity High and required user interaction, and no public exploit identified at time of analysis. The CWE-416 classification combined with the vendor's tags points to a use-after-free condition reachable through crafted RDP server responses.

Buffer Overflow Memory Corruption Use After Free Windows 10 1809 Windows 10 21h2 +8
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-47654 HIGH PATCH NEWS This Week

Remote code execution in Microsoft Remote Desktop Client is possible when a victim connects to an attacker-controlled or compromised RDP server, triggering a heap-based buffer overflow that leads to arbitrary code execution on the client machine. The flaw is unauthenticated from the server side but requires user interaction and high attack complexity, and no public exploit identified at time of analysis. CVSS is rated 7.5 (High) with confidentiality, integrity, and availability impact.

Use After Free Memory Corruption Buffer Overflow Windows Server 2016 Windows Server 2019 +2
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-47653 HIGH PATCH This Week

Remote code execution in Microsoft Remote Desktop Client occurs when a user connects to an attacker-controlled RDP server, allowing the server to corrupt heap memory and execute arbitrary code on the client endpoint. The flaw carries a CVSS 8.8 (High) rating reflecting network reach with required user interaction, and no public exploit is identified at time of analysis. The attack pivots the traditional RDP threat model - attackers compromise clients that initiate outbound connections rather than exposed servers.

Use After Free Memory Corruption Buffer Overflow Windows 10 1607 Windows 10 1809 +11
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-47289 HIGH PATCH NEWS Exploit Unlikely This Week

Heap-based buffer overflow in Microsoft Remote Desktop Client enables remote code execution when a user connects to a malicious RDP server, with the attacker gaining the same privileges as the connecting user. The CVSS 8.8 score reflects network-reachable exploitation requiring only minimal user interaction (initiating an RDP session), and no public exploit has been identified at time of analysis. The flaw is reported by Microsoft Security Response Center (secure@microsoft.com) and is categorized as CWE-122 heap-based buffer overflow.

Heap Overflow Buffer Overflow Windows App Windows 10 1607 Windows 10 1809 +11
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-45658 MEDIUM PATCH Exploit Likely This Month

Security feature bypass in Microsoft Windows BitLocker allows an attacker with physical access to circumvent the drive encryption protection mechanism. Affected systems can have BitLocker-protected data accessed despite the encryption-at-rest control being enabled, undermining a core platform confidentiality boundary. There is no public exploit identified at time of analysis, but the vulnerability is reported by Microsoft (secure@microsoft.com) as a protection mechanism failure with high impact across confidentiality, integrity, and availability.

Authentication Bypass Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +10
NVD VulDB
CVSS 3.1
6.8
EPSS
0.1%
CVE-2026-45653 HIGH PATCH This Week

Local privilege escalation in Microsoft Windows Kernel allows an authenticated low-privilege attacker to elevate to SYSTEM by triggering a use-after-free condition in kernel memory. The flaw carries a CVSS 7.0 rating with high attack complexity, and no public exploit identified at time of analysis. Exploitation requires a race condition or specific timing to be won, which constrains reliable weaponization but does not eliminate the risk on multi-user or shared Windows hosts.

Denial Of Service Heap Overflow Microsoft Buffer Overflow Windows 10 1607 +12
NVD VulDB
CVSS 3.1
7.0
EPSS
0.1%
CVE-2026-45639 HIGH PATCH Exploit Unlikely This Week

Information disclosure in Microsoft Windows Remote Desktop Protocol (RDP) allows remote unauthenticated attackers to read out-of-bounds memory over the network, potentially exposing sensitive data from the RDP service process. The flaw is reachable without authentication or user interaction across any exposed RDP endpoint, and no public exploit identified at time of analysis. Microsoft has assigned the issue a CVSS 3.1 score of 7.5 reflecting high confidentiality impact with no integrity or availability effect.

Information Disclosure Microsoft Buffer Overflow Remote Desktop Client Windows App +13
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-45638 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Ancillary Function Driver (AFD.sys) for WinSock allows an authenticated low-privileged user to gain SYSTEM-level access through a use-after-free condition. The flaw was reported by Microsoft (MSRC) and carries a CVSS 7.8 score with high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, though the AFD.sys driver has a long history of similar bugs being weaponized post-disclosure.

Denial Of Service Heap Overflow Microsoft Buffer Overflow Windows 10 1607 +12
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-45635 HIGH PATCH Exploit Unlikely This Week

Remote code execution in the Microsoft Windows Universal Plug and Play stack (upnp.dll) allows unauthenticated network attackers to execute arbitrary code on affected hosts by triggering a memory-safety flaw in the UPnP service. The issue carries a CVSS 3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N), reflecting network reachability without credentials but high attack complexity. At time of analysis there is no public exploit identified and the CVE is not listed in CISA KEV.

Denial Of Service Memory Corruption Windows 10 1607 Windows 10 1809 Windows 10 21h2 +10
NVD VulDB
CVSS 3.1
8.1
EPSS
0.4%
CVE-2026-45634 MEDIUM PATCH This Month

Out-of-bounds read in the Windows DHCP Server service enables a locally authenticated, low-privileged attacker to disclose contents of process memory on affected systems. The CVSS vector (AV:L/AC:L/PR:L/UI:N) confirms this is a local, low-complexity attack requiring only standard user privileges - no elevated rights or user interaction needed. Exploitation is constrained to hosts where the Windows DHCP Server role is actively installed and running, which significantly limits the attack surface to designated infrastructure servers rather than general workstations. No public exploit code has been identified at time of analysis, and this CVE does not appear in the CISA KEV catalog.

Information Disclosure Microsoft Buffer Overflow Windows 10 1607 Windows 10 1809 +11
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-45608 MEDIUM PATCH This Month

Out-of-bounds read in Windows DHCP Server exposes adjacent memory contents and can crash the service, yielding both information disclosure and a high-severity denial-of-service condition on affected Windows systems. The flaw (CWE-125) is exploitable locally with low attack complexity and no user interaction, targeting systems where the DHCP Server role is installed across a broad range of Windows 10, 11, and Server editions from 2012 through 2025. No public exploit has been identified at time of analysis, and Microsoft has released patched builds via the MSRC update guide (CVE-2026-45608).

Information Disclosure Microsoft Buffer Overflow Windows 10 1607 Windows 10 1809 +11
NVD VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-45603 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Ancillary Function Driver for WinSock (afd.sys) allows an authenticated low-privileged user to elevate to SYSTEM by winning a race condition that triggers a use-after-free. The flaw is reported by Microsoft (MSRC) and carries CVSS 7.0 with high attack complexity, but no public exploit is identified at time of analysis and it is not listed in CISA KEV.

Denial Of Service Microsoft Race Condition Windows 10 1607 Windows 10 1809 +11
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-45602 CRITICAL PATCH Exploit Unlikely Act Now

Remote tampering in Microsoft Windows DHCP Server allows unauthenticated network attackers to manipulate critical data with high confidentiality and integrity impact, as reflected by the 9.1 CVSS score. The vulnerability is reachable over the network without privileges or user interaction, and no public exploit identified at time of analysis. The combination of authentication bypass tagging and DHCP's role as a core network infrastructure service makes this a high-priority issue for any Windows environment running the DHCP Server role.

Authentication Bypass Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +10
NVD VulDB
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-45601 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Ancillary Function Driver for WinSock (AFD.sys) allows an authenticated low-privileged attacker to win a race condition and gain SYSTEM-level execution. The flaw is a use-after-free triggered through concurrent WinSock operations, and at time of analysis no public exploit has been identified and the CVE is not on the CISA KEV list.

Denial Of Service Microsoft Race Condition Windows 10 1607 Windows 10 1809 +11
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-45598 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Ancillary Function Driver for WinSock (afd.sys) allows an authenticated low-privileged user to win a race condition and trigger a use-after-free, enabling code execution at kernel level. No public exploit identified at time of analysis, but AFD.sys has a long history of being a preferred LPE target and Microsoft has marked the issue as important. EPSS data was not provided in the source feed.

Denial Of Service Microsoft Race Condition Windows 10 1607 Windows 10 1809 +11
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-44812 HIGH PATCH NEWS Exploit Likely Act Now

Local code execution in Microsoft Windows Win32K GRFX (graphics) subsystem allows an attacker with low-privilege local access to run arbitrary code by triggering an integer overflow, after coaxing a user into interacting with a crafted graphics object. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, though Win32K bugs historically attract rapid exploit development for privilege escalation in post-compromise chains.

Microsoft Integer Overflow Buffer Overflow Excel Powerpoint +14
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-44803 HIGH PATCH NEWS Exploit Likely Act Now

Local code execution in the Windows Win32K GRFX (graphics) subsystem allows an unauthorized attacker with the ability to run code locally to escalate privileges through an integer overflow. The flaw was reported by Microsoft (MSRC) and carries a CVSS 7.8, but requires user interaction (UI:R) and local access (AV:L), and no public exploit identified at time of analysis.

Microsoft Integer Overflow Buffer Overflow Excel Powerpoint +14
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-44802 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Desktop Window Manager (DWM) Core Library allows an authenticated low-privilege attacker to gain higher privileges through a use-after-free memory corruption flaw. The vulnerability carries a CVSS score of 7.8 with high impact across confidentiality, integrity, and availability, and no public exploit identified at time of analysis. Successful exploitation typically yields SYSTEM-level code execution on the affected Windows host.

Microsoft Use After Free Memory Corruption Denial Of Service Windows 10 1809 +9
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-44801 HIGH PATCH NEWS Exploit Unlikely This Week

Remote code execution in Microsoft Remote Desktop Client is possible when a victim connects to an attacker-controlled RDP server, where a heap-based buffer overflow (linked to use-after-free memory corruption per vendor tags) enables arbitrary code execution on the client machine. The CVSS 7.5 score reflects high attack complexity and required user interaction, and no public exploit identified at time of analysis. SSVC assessment from CISA rates exploitation as 'none' and automatable as 'no', though technical impact is total.

Use After Free Memory Corruption Buffer Overflow Remote Desktop Client Windows App +13
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-44799 HIGH PATCH NEWS Exploit Unlikely This Week

Remote code execution in Microsoft Remote Desktop Client arises from a heap-based buffer overflow (CWE-122) that an unauthenticated network attacker can trigger when a victim connects to or interacts with a malicious server. Microsoft (secure@microsoft.com) is the originating reporter and has published an advisory in the MSRC update guide, with no public exploit identified at time of analysis. The CVSS 7.5 (High) rating reflects high attack complexity and required user interaction, but successful exploitation yields full confidentiality, integrity, and availability impact on the client host.

Heap Overflow Buffer Overflow Remote Desktop Client Windows App Windows 10 1607 +12
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-42992 HIGH PATCH NEWS Exploit Unlikely This Week

Remote code execution in Microsoft Remote Desktop Client is possible when a user is enticed to connect to an attacker-controlled RDP server, triggering a heap-based buffer overflow (CWE-122). The flaw scores CVSS 7.5 (AV:N/AC:H/PR:N/UI:R) and, while no public exploit is identified at time of analysis, the network-reachable nature and full CIA impact make it a meaningful client-side risk for users connecting to untrusted endpoints.

Buffer Overflow Heap Overflow Windows App Windows 10 1607 Windows 10 1809 +10
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-42986 HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Microsoft Graphics Component allows an authenticated low-privileged attacker to gain elevated rights via a use-after-free memory corruption flaw (CWE-416). The issue carries a CVSS 7.8 (High) rating with full confidentiality, integrity, and availability impact on the affected host. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Microsoft Denial Of Service Memory Corruption Use After Free Windows 10 1607 +12
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-42985 HIGH PATCH NEWS Exploit Likely This Week

Remote code execution in Microsoft Remote Desktop Client is possible when a victim connects to an attacker-controlled or compromised RDP server, triggering a heap-based buffer overflow that runs attacker code in the client's context. The flaw (CWE-416 use-after-free / heap corruption) carries CVSS 8.8 and requires user interaction, with no public exploit identified at time of analysis. A vendor patch is available via Microsoft MSRC.

Use After Free Memory Corruption Buffer Overflow Remote Desktop Client Windows App +13
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-42973 MEDIUM PATCH Exploit Unlikely This Month

Windows Push Notifications contains a use-of-uninitialized-resource flaw (CWE-200) that enables a locally authenticated attacker to read sensitive information from memory without elevation of privilege. Affecting a wide range of Windows 10, Windows 11, and Windows Server builds, the vulnerability requires only low-privilege local access and no user interaction to trigger. No public exploit code has been identified at time of analysis, and CISA SSVC rates exploitation as none with partial technical impact, placing this in a lower-urgency remediation band despite the High confidentiality rating in the CVSS vector.

Information Disclosure Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +9
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-42971 MEDIUM PATCH Exploit Unlikely This Month

Windows Push Notifications on multiple Windows 10, Windows 11, and Windows Server versions exposes sensitive memory contents through an uninitialized resource condition, allowing a low-privileged local user to read high-confidentiality data without any user interaction. The CVSS vector (AV:L/PR:L) confirms this is strictly a local privilege issue - no remote attack path exists - limiting its practical blast radius to insider threats and post-compromise lateral reconnaissance. No public exploit has been identified at time of analysis, and Microsoft has released patches addressing all listed affected versions.

Information Disclosure Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +9
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-42970 MEDIUM PATCH Exploit Unlikely This Month

Windows Push Notifications contains a use-of-uninitialized-resource flaw (CWE-200) that enables authenticated local attackers to disclose sensitive information across a wide breadth of Microsoft Windows desktop and server platforms. Spanning Windows 10 through Windows 11 25H2 and Windows Server 2012 through Server 2025, the vulnerability carries a CVSS 5.5 Medium score with high confidentiality impact (C:H) but no integrity or availability impact. Microsoft has released patches via the June 2026 Patch Tuesday cycle; no public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Information Disclosure Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +10
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-42916 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows NT OS Kernel allows an authenticated low-privileged user to elevate to higher privileges through an integer underflow condition. The flaw carries a CVSS 7.8 (High) rating with no public exploit identified at time of analysis, but Microsoft has issued a patch via MSRC. Defenders should treat this as a standard Patch-Tuesday-class kernel EoP that becomes a critical post-compromise pivot once initial access is achieved.

Information Disclosure Microsoft Integer Overflow Windows 10 1607 Windows 10 1809 +11
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-42914 MEDIUM PATCH Exploit Unlikely This Month

Windows Kerberos out-of-bounds read (CWE-125) allows a low-privilege network attacker to crash the Kerberos authentication service across all actively supported Windows client and server platforms, from Windows Server 2012 through Windows Server 2025 and Windows 11 26H1. The attack requires prior domain authentication and high-complexity triggering conditions (CVSS AC:H), limiting opportunistic mass exploitation, though a successful attack against a domain controller can deny authentication domain-wide by crashing the KDC. Vendor patches are available via the Microsoft MSRC advisory; no public exploit code exists and SSVC confirms no observed exploitation at time of analysis.

Denial Of Service Information Disclosure Microsoft Buffer Overflow Windows 10 1607 +12
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-42909 HIGH PATCH This Week

Remote code execution in Microsoft Remote Desktop Client is possible when a user connects to an attacker-controlled or compromised RDP endpoint, where a race condition (CWE-362) can be triggered to corrupt heap memory and execute arbitrary code in the client process. The flaw is unauthenticated from the network attacker's perspective but requires user interaction to initiate the connection, and no public exploit has been identified at time of analysis.

Race Condition Buffer Overflow Remote Desktop Client Windows App Windows 10 1607 +12
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-42907 MEDIUM PATCH Exploit Unlikely This Month

Information disclosure in Windows Shell exposes sensitive data to authenticated low-privileged attackers, with a confirmed vendor patch available. The vulnerability stems from CWE-200 improper information exposure within the Windows Shell component, allowing confidentiality compromise with no integrity or availability impact. No public exploit code or CISA KEV listing has been identified at time of analysis, but the high confidentiality impact score (C:H) and low attack complexity elevate practical concern for environments where lateral movement or credential harvesting are threat vectors.

Information Disclosure Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +7
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-42837 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Projected File System (ProjFS) Filter Driver allows an authenticated low-privileged user on a Windows host to escalate to higher privileges by triggering a buffer over-read in the kernel-mode driver. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but the CVSS 7.8 with low attack complexity and no user interaction makes it an attractive post-compromise target for endpoint operators.

Information Disclosure Microsoft Buffer Overflow Windows 10 1809 Windows 10 21h2 +8
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-26111 HIGH POC PATCH This Week

Remote code execution in Windows RRAS across Server 2016, 2022, and 2025 via an integer overflow vulnerability allows authenticated attackers to execute arbitrary code over the network with high privileges. Public exploit code exists for this vulnerability, and no patch is currently available. Authenticated users with network access can trigger the vulnerability through a simple interaction to gain complete system compromise.

Buffer Overflow Heap Overflow Microsoft Windows Server 2022 Windows Server 2016 +4
NVD VulDB GitHub
CVSS 3.1
8.0
EPSS
0.1%
CVE-2026-25190 HIGH PATCH This Week

Untrusted search path in Windows GDI allows an unauthorized attacker to execute code locally. [CVSS 7.8 HIGH]

Authentication Bypass Microsoft Windows Server 2022 23h2 Windows Server 2022 Windows 11 26h1 +12
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-25189 HIGH PATCH This Week

Privilege escalation in Windows DWM Core Library affects Windows 10 versions 21H2 and 1809 through a use-after-free memory corruption vulnerability that allows authenticated local attackers to gain system-level privileges. The vulnerability requires local access and valid user credentials but no user interaction, creating a significant risk for multi-user systems. No patch is currently available.

Use After Free Microsoft Denial Of Service Memory Corruption Windows 10 21h2 +5
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-25188 HIGH PATCH This Week

Privilege escalation in Windows Telephony Service through heap buffer overflow affects Windows 10 1607, Windows 11 25h2, and Windows Server 2012, allowing adjacent network attackers to gain elevated system access without authentication. The vulnerability has a high CVSS score of 8.8 but currently lacks a patch, creating significant risk for exposed systems. Exploitation requires network proximity but no user interaction.

Buffer Overflow Heap Overflow Microsoft Windows 10 1607 Windows 11 25h2 +13
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-25186 MEDIUM PATCH This Month

Unauthorized disclosure of sensitive information in Windows Accessibility Infrastructure (ATBroker.exe) affects Windows Server 2019, 2025, Windows 10 22h2, and Windows 11 25h2, allowing local authenticated attackers to read confidential data. The vulnerability requires user privileges and local access but poses no risk to system integrity or availability. No patch is currently available for this issue.

Information Disclosure Microsoft Windows Server 2019 Windows 10 22h2 Windows Server 2025 +12
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-25185 MEDIUM PATCH This Month

Windows Shell Link Processing leaks sensitive information over the network in Windows Server 2012, 2019, and 2022, enabling remote spoofing attacks without authentication or user interaction. An unauthenticated attacker can exploit this information disclosure to conduct spoofing attacks against affected systems. No patch is currently available.

Information Disclosure Microsoft Windows Server 2022 23h2 Windows Server 2012 Windows Server 2022 +12
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-25181 HIGH PATCH This Week

Information disclosure in Windows GDI+ affects Windows 11 (24h2, 25h2) and Windows Server 2012/2016, allowing unauthenticated attackers to read sensitive data remotely through an out-of-bounds memory access vulnerability. The flaw requires no user interaction and can be exploited over the network to compromise confidentiality without modifying system data or availability. No patch is currently available for this high-severity vulnerability.

Information Disclosure Buffer Overflow Microsoft Windows 11 24h2 Windows Server 2012 +13
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-25179 HIGH PATCH This Week

Windows Ancillary Function Driver for WinSock in Windows Server 2025, 2022, and Windows 10 1809 contains insufficient input validation that allows authenticated local users to escalate privileges. An attacker with local access and valid credentials can exploit this vulnerability to gain elevated system permissions, though no patch is currently available. This HIGH severity vulnerability affects multiple Windows Server and client versions with no active exploit mitigation path.

Information Disclosure Microsoft Windows Server 2025 Windows Server 2022 Windows Server 2022 23h2 +12
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-25178 HIGH PATCH This Week

Windows Ancillary Function Driver for WinSock (AFD) in Windows 11 versions 24h2 and 26h1 contains a use-after-free vulnerability (CWE-416) that allows authenticated local attackers to escalate privileges through memory corruption. An attacker with local access could exploit this flaw to gain elevated system permissions, though no official patch is currently available.

Use After Free Microsoft Denial Of Service Memory Corruption Windows 11 26h1 +14
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-25177 HIGH PATCH This Week

Privilege escalation in Windows Active Directory Domain Services (AD DS) across Windows 11, Windows 10, and Windows Server platforms allows authenticated network attackers to gain elevated privileges by exploiting improper validation of resource naming restrictions. An attacker with valid domain credentials can leverage this vulnerability to escalate their access level without user interaction. Currently, no patch is available, leaving all affected Windows versions vulnerable.

Information Disclosure Windows 11 23h2 Windows 11 26h1 Windows Server 2025 Windows 10 22h2 +11
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-25176 HIGH PATCH This Week

Windows Ancillary Function Driver for WinSock in Windows 10 (all versions) and Windows 11 contains an access control weakness that enables authenticated local attackers to escalate privileges to system level. An attacker with standard user credentials can exploit this flaw to gain elevated rights on affected systems. No patch is currently available for this vulnerability.

Authentication Bypass Microsoft Windows 10 22h2 Windows 10 1607 Windows Server 2019 +12
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-25175 HIGH PATCH This Week

Out-of-bounds read in Windows NTFS allows an authorized attacker to elevate privileges locally. [CVSS 7.8 HIGH]

Information Disclosure Buffer Overflow Microsoft Windows Server 2019 Windows 10 1607 +9
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-25174 HIGH PATCH This Week

Windows Extensible File Allocation (exFAT) contains an out-of-bounds read vulnerability affecting Windows Server 2022, Windows 10 1607, and Windows 11 versions 23h2/25h2, enabling authenticated local users to escalate privileges with high impact on confidentiality, integrity, and availability. The vulnerability requires local access and user-level privileges to exploit, with no patch currently available. This flaw carries a CVSS score of 7.8 and affects multiple supported Windows versions across server and client platforms.

Information Disclosure Buffer Overflow Microsoft Windows Server 2022 Windows 10 1607 +13
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-25173 HIGH POC PATCH This Week

Remote code execution in Windows RRAS affects Windows 10 1607 and Windows Server 2022 23h2 through an integer overflow vulnerability exploitable by authenticated network attackers. Public exploit code exists for this vulnerability, enabling authenticated users to execute arbitrary code with high integrity and confidentiality impact. No patch is currently available, making this a critical exposure for affected Windows environments.

Microsoft Buffer Overflow Heap Overflow Windows Server 2022 23h2 Windows 10 1607 +13
NVD VulDB GitHub
CVSS 3.1
8.0
EPSS
0.1%
EPSS 0% CVSS 8.4
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows GDI+ (the graphics rendering component) via a heap-based buffer overflow (CWE-122), affecting a broad range of Windows client and server releases from Windows 10 1607 through Windows 11 26H1 and Server 2012 through Server 2025. Per the supplied CVSS vector (PR:N), an unauthorized attacker who gets the vulnerable component to process crafted graphics data can achieve high-impact code execution (C:H/I:H/A:H) on the local system. Microsoft has published a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Remote code execution in the Windows Reliable Multicast Transport Driver (RMCAST) lets an unauthenticated network attacker trigger a use-after-free (CWE-416) and run arbitrary code on a broad range of Windows 10, Windows 11, and Windows Server systems (Server 2012 through Server 2025). Rated CVSS 8.1, the flaw carries high impact to confidentiality, integrity, and availability but requires winning a race condition (AC:H), and no public exploit identified at time of analysis. Reported by Microsoft with a vendor patch available.

Use After Free Memory Corruption Denial Of Service +18
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Remote code execution in the Microsoft Windows TCP/IP networking stack allows an unauthenticated attacker on the same physical or logical network segment to win a race condition and run arbitrary code on the target. The flaw spans a broad range of desktop and server builds from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025. There is no public exploit identified at time of analysis, but Microsoft has confirmed the issue and shipped a patch, and the high CVSS (8.8) plus network-facing kernel component make it a priority to remediate.

Authentication Bypass Microsoft Race Condition +18
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Information disclosure via uninitialized memory in the Windows SMB driver stack affects a broad range of Windows 10, Windows 11, and Windows Server versions. A locally authenticated, low-privileged attacker can trigger a code path that reads from uninitialized memory within the SMB subsystem, potentially leaking sensitive kernel or heap memory contents. No public exploit code or active exploitation has been identified at the time of analysis; Microsoft has released a patch via MSRC.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Denial of service in Windows Active Directory (spanning Windows 10, Windows 11, and Windows Server 2012 through 2025) lets a remote, unauthenticated attacker send crafted network traffic that drives an AD service into an infinite loop, exhausting CPU and rendering domain services unavailable. Because the CVSS vector is AV:N/AC:L/PR:N/UI:N with high availability impact and no confidentiality or integrity loss, this is a pure availability threat against domain controllers. Microsoft has released a patch; there is no public exploit identified at time of analysis and no CISA KEV listing.

Microsoft Denial Of Service Windows 10 Version 1607 +17
NVD
EPSS 2% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Local privilege escalation in Microsoft Windows Win32K (the kernel-mode GUI subsystem) allows an authenticated local user to elevate to SYSTEM by triggering a use-after-free (CWE-416) memory corruption condition. The flaw affects a broad range of supported builds spanning Windows 10 1809 through Windows 11 26H1 and Windows Server 2019 through 2025, including Server Core installations. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service +12
NVD
EPSS 0% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Remote code execution in the Windows Reliable Multicast Transport Driver (RMCAST) lets an unauthenticated attacker on the same network segment run arbitrary code by triggering an integer underflow (CWE-191) during multicast message processing. All supported Windows client and server builds from Windows Server 2012 through Windows Server 2025 and Windows 10 1607 through Windows 11 26H1 are affected. There is no public exploit identified at time of analysis, but the CVSS 8.8 adjacent-network unauthenticated profile and Microsoft's own reporting make this a high-priority patch.

Authentication Bypass Integer Overflow Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation to code execution in the Windows Resilient File System (ReFS) driver affects a broad range of Windows 10/11 and Windows Server 2016 through 2025 releases, where an integer overflow (CWE-190) in filesystem processing lets an already-authenticated local user run arbitrary code in an elevated context. The CVSS 3.1 vector (AV:L/PR:L) confirms low-privileged local access is required rather than remote exploitation, and there is no public exploit identified at time of analysis. Microsoft has released a patch via MSRC.

Buffer Overflow Microsoft Integer Overflow +14
NVD
EPSS 0% CVSS 8.4
HIGH POC PATCH Exploit Likely This Week

Local code execution in the Microsoft Message Queuing (MSMQ) Queue Manager affects a broad range of Windows client and server releases from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. A heap-based buffer overflow (CWE-122) lets an attacker who can reach the local MSMQ service run arbitrary code with high confidentiality, integrity, and availability impact; the CVSS 3.1 base score is 8.4 with a local attack vector but no privileges or user interaction required. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the vendor (Microsoft) has released a patch.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Printer Drivers component across Windows 10, Windows 11 (through 26H1), and Windows Server 2012 through 2025 lets an already-authenticated attacker corrupt kernel-adjacent memory to gain higher privileges. The flaw is a double free (CWE-415) triggered locally by a low-privileged user, yielding high confidentiality, integrity, and availability impact (CVSS 7.8). No public exploit identified at time of analysis, and it is not listed in CISA KEV.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege escalation in the Windows Win32K kernel-mode subsystem allows an already-authenticated attacker to win a race condition (CWE-362) and elevate to SYSTEM-level privileges across supported Windows 10, Windows 11, and Windows Server 2019-2025 builds. Reported by Microsoft with a vendor patch available; there is no public exploit identified at time of analysis and EPSS is low (0.16%, 5th percentile). CVSS 7.0 reflects high attack complexity (AC:H) driven by the timing-window nature of the flaw and the requirement for existing low-privilege access (PR:L).

Microsoft Race Condition Information Disclosure +11
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Active Directory certificate-validation path lets an already-authenticated attacker on Windows 10 (1607/1809) and Windows Server 2016 through 2025 (including Server Core) improperly validate a certificate to gain higher privileges. Microsoft reported and patched the flaw (CWE-295), but there is no public exploit identified at time of analysis and it is not on CISA KEV. The CVSS 7.8 vector (AV:L/PR:L) confirms an authenticated local attacker with full confidentiality, integrity, and availability impact upon success.

Microsoft Information Disclosure Windows 10 Version 1607 +8
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows Media Foundation lets an unauthorized attacker run arbitrary code by luring a user into opening a specially crafted media file. The flaw affects a broad range of Windows 10, Windows 11, and Windows Server builds (from 1809 through Windows 11 26H1 and Server 2025), and Microsoft has released patches. No public exploit identified at time of analysis, but the low attack complexity and full C/I/A impact make it a standard Patch-Tuesday priority.

Heap Overflow Buffer Overflow Microsoft +11
NVD VulDB
EPSS 2% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Local privilege escalation in Microsoft Windows Win32K (the kernel-mode GUI subsystem) lets an already-authenticated low-privilege user corrupt kernel heap memory via a heap-based buffer overflow (CWE-122) to gain SYSTEM-level control. The flaw affects a broad range of client and server builds (Windows 10 1607 through Windows 11 26H1, and Windows Server 2016 through 2025). Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft +14
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Win32K kernel-mode subsystem allows an authenticated low-privileged user to win a race condition and elevate to SYSTEM across Windows 10, Windows 11 (through 26H1), and Windows Server 2012 through 2025. Reported by Microsoft with a patch available, it carries CVSS 7.0 but a high attack complexity (AC:H) reflecting the timing-sensitive nature of the flaw. There is no public exploit identified at time of analysis, and EPSS is low (0.19%, 9th percentile), consistent with CISA SSVC rating exploitation as 'none.'

Microsoft Race Condition Information Disclosure +18
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH Exploit Unlikely This Month

Heap-based buffer overflow in Windows Kernel allows an unauthorized attacker to elevate privileges with a physical attack.

Heap Overflow Buffer Overflow Microsoft +11
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in the Windows Common Log File System (CLFS) Driver allows an already-authenticated, low-privileged user to elevate to SYSTEM on a wide range of Windows client and server releases. Microsoft classifies the root cause as exposure of sensitive information (CWE-200), but the CVSS impact profile (C:H/I:H/A:H) reflects that the leaked kernel data enables full local privilege escalation. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, though CLFS has historically been a heavily exploited elevation-of-privilege target in Windows.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Network denial of service in the Windows Internet Key Exchange (IKE) protocol implementation allows an unauthenticated remote attacker to crash affected systems by triggering a heap-based buffer overflow. All impact is to availability only (CVSS 7.5, A:H, no confidentiality or integrity loss), making this a reliability/uptime threat against IPsec/VPN-facing Windows 10, Windows 11, and Windows Server hosts rather than a code-execution vulnerability. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the low attack complexity and lack of authentication make it a meaningful patching priority for internet-exposed IPsec endpoints.

Heap Overflow Buffer Overflow Microsoft +11
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Overlay Filter (WOF) driver allows an authenticated low-privileged user to elevate to SYSTEM by triggering a heap-based buffer overflow (CWE-122). The flaw spans a broad range of client and server SKUs from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 R2 through Server 2025. Microsoft has shipped a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft +16
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Quality Windows Audio/Video Experience (QWAVE) service lets an already-authenticated, low-privileged user elevate to higher privileges by exploiting a use-after-free (CWE-416) memory-corruption condition. The flaw spans a broad range of builds from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. Microsoft has released a patch; there is no public exploit identified at time of analysis, and the CVSS 3.1 base score is 7.0 (AV:L/AC:H/PR:L).

Use After Free Memory Corruption Denial Of Service +19
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Hyper-V (CWE-416 use-after-free) allows an authenticated attacker already running low-privileged code on an affected host to elevate to higher privileges, with full confidentiality, integrity, and availability impact. Reported by Microsoft and affecting a broad range of Windows 10, Windows 11, and Windows Server builds including Server 2019/2022/2025. No public exploit identified at time of analysis, and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service +12
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Denial of service in Microsoft Active Directory Federation Services (AD FS) allows a remote, unauthenticated attacker to crash the service by triggering a stack-based buffer overflow over the network (CVSS 7.5, availability-only impact). Because AD FS brokers single sign-on and federated authentication, a successful attack can knock out login for every downstream application that relies on it. No public exploit has been identified at time of analysis, and it is not listed in CISA KEV.

Buffer Overflow Stack Overflow Windows 10 Version 1607 +17
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Denial of service in Microsoft Active Directory Federation Services (AD FS) lets a remote, unauthenticated attacker crash the service by triggering a stack-based buffer overflow (CWE-121) over the network. The flaw affects AD FS as shipped across a broad range of Windows client and server builds (Windows 10/11 and Windows Server 2012 through 2025). Microsoft - the reporting party - has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Buffer Overflow Stack Overflow Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows App Store component (Windows 10 1607 through Windows 11 26H1, and Windows Server 2016 through 2025) allows an authorized low-privileged attacker to win a race condition on an improperly synchronized shared resource and gain higher privileges. Exploitation is local-only and high-complexity because it depends on reliably hitting a narrow timing window, and no public exploit has been identified at time of analysis. A vendor patch is available via Microsoft's MSRC update guide.

Microsoft Race Condition Information Disclosure +14
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows TCP/IP allows an authorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure +18
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Missing authentication for critical function in Microsoft Windows DNS allows an authorized attacker to perform tampering locally.

Authentication Bypass Microsoft Windows 10 Version 1809 +10
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Exploit Unlikely Act Now

Remote code execution in the Microsoft Windows FTP Service allows an unauthenticated network attacker to run arbitrary code by triggering a heap-based buffer overflow (CWE-122). The flaw affects the FTP service across a broad range of Windows 10, Windows 11, and Windows Server (2019/2022/2025) builds and carries a critical CVSS 9.8 rating with no authentication or user interaction required. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the unauthenticated, network-reachable nature of the bug makes it a high-priority patch target.

Heap Overflow Buffer Overflow Microsoft +13
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows WalletService allows an authenticated low-privileged attacker to gain SYSTEM-level rights on the host, per CVSS:3.1 AV:L/AC:L/PR:L (7.8, High). The flaw stems from improper privilege management (CWE-269) in the WalletService component and affects a broad range of Windows client and server builds. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but a vendor patch from Microsoft is available.

Microsoft Privilege Escalation Windows 10 Version 1607 +13
NVD
EPSS 0% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Local privilege elevation in the Windows Speech component (Text-to-Speech / speech runtime) affects a broad range of Windows 10, Windows 11, and Windows Server releases, where a use-after-free (CWE-416) lets an already-authenticated local user corrupt memory to run code at higher privilege. Exploitation is non-trivial - it requires local access, low-level authentication, user interaction, and winning a memory-timing condition - and the CVSS 7.5 rating reflects a scope-changed, high-impact outcome. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV, so this is a patch-on-cycle EoP rather than an emergency.

Use After Free Memory Corruption Denial Of Service +15
NVD
EPSS 3% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Windows StateRepository API lets an already-authenticated low-privileged user gain higher (typically SYSTEM-level) privileges due to insufficiently granular access control (CWE-1220). It affects a broad range of currently supported Windows client and server builds (Windows 10 1809 through Windows 11 26H1, and Windows Server 2019/2022/2025). The flaw was reported by Microsoft, a vendor patch is available, and there is no public exploit identified at time of analysis (not listed in CISA KEV).

Microsoft Information Disclosure Windows 10 Version 1809 +10
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH Exploit Unlikely This Month

Integer overflow or wraparound in Windows Storage Spaces Direct allows an unauthorized attacker to elevate privileges with a physical attack.

Buffer Overflow Microsoft Integer Overflow +14
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH Exploit Unlikely This Month

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

Use After Free Memory Corruption Denial Of Service +12
NVD
EPSS 0% CVSS 7.1
HIGH PATCH Exploit Unlikely This Week

Local information disclosure in the Microsoft Windows App Store (Store/AppX component) affects a broad range of Windows 10, Windows 11, and Windows Server releases (1607 through 26H1, Server 2016/2019/2022/2025). An authorized local attacker can leverage a use of uninitialized resource (CWE-908) to read memory contents that should not be exposed, with CVSS 7.1 reflecting high confidentiality impact but requiring low-privileged authenticated local access. There is no public exploit identified at time of analysis, it is not listed in CISA KEV, and Microsoft has released a patch via the MSRC update guide.

Microsoft Information Disclosure Windows 10 Version 1607 +13
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Remote code execution in Microsoft Active Directory Domain Services (AD DS) allows an unauthenticated network attacker to corrupt heap memory and run arbitrary code on affected domain controllers. The flaw (CVE-2026-49164, CVSS 8.1) spans a broad range of Windows client and server builds from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025, with full confidentiality, integrity, and availability impact. Microsoft has released a patch; there is no public exploit identified at time of analysis, and the high attack complexity (AC:H) tempers the practical exploitation likelihood.

Heap Overflow Buffer Overflow Windows 10 Version 1607 +17
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Remote code execution in the Microsoft ODBC Driver for SQL Server (shipped across Windows 10, Windows 11, and Windows Server 2012 through 2025) stems from a heap-based buffer overflow that lets an attacker run arbitrary code over the network. The supplied CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N) scores it 9.8 and marks it unauthenticated, though as a database driver flaw the realistic trigger is a client connecting to a malicious or compromised SQL Server endpoint. There is no public exploit identified at time of analysis and no CISA KEV listing, so this is a high-severity but not yet actively-exploited issue.

Heap Overflow Buffer Overflow Windows 10 Version 1607 +18
NVD
EPSS 0% CVSS 8.0
HIGH PATCH Exploit Unlikely This Week

Remote code execution in the Windows Bluetooth Port Driver lets an adjacent, unauthenticated attacker corrupt heap memory to run arbitrary code on the target after minimal user interaction. The flaw (CWE-122 heap-based buffer overflow) affects a broad range of client and server SKUs from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through 2025, with full confidentiality, integrity, and availability impact (CVSS 8.0). There is no public exploit identified at time of analysis, but a vendor patch is available from Microsoft.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Privilege elevation in the Windows App Store component affects a broad range of Microsoft Windows client and server releases (Windows 10 1607 through Windows 11 26H1, and Windows Server 2016 through 2025), where a race condition (CWE-362) lets an unauthorized attacker win a timing window to gain elevated privileges over a network. The CVSS 3.1 score is 8.1 with a network vector and no authentication (PR:N), but high attack complexity (AC:H) reflects the difficulty of reliably winning the race. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; a vendor patch is available from Microsoft.

Authentication Bypass Microsoft Race Condition +14
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Cleartext transmission of sensitive information in Windows Ancillary Function Driver for WinSock allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 +18
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Media allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1809 +10
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Secure Kernel Mode (SKM/VTL1) allows an already-authenticated attacker to elevate to higher privileges on affected Windows 10, Windows 11 (through 26H1), and Windows Server 2016-2025 systems. The flaw stems from improper consistency validation of input crossing the trust boundary into the isolated secure kernel (CWE-1288), yielding full confidentiality, integrity, and availability impact on the local host. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Microsoft Information Disclosure Windows 10 Version 1607 +14
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH Exploit Likely This Month

BitLocker's protection mechanism on Windows fails to enforce a critical authentication or verification step, permitting a physically present attacker to bypass full-disk encryption without credentials, a recovery key, or elevated privileges. Despite a CVSS score of 6.8 (Medium) - moderated by the physical access requirement - the impact ratings are High across confidentiality, integrity, and availability, meaning successful exploitation grants complete access to encrypted data and the underlying system. No public exploit has been identified at time of analysis, and Microsoft has released a patch via the MSRC update guide.

Authentication Bypass Microsoft Windows 10 1607 +12
NVD VulDB
EPSS 0% CVSS 7.9
HIGH PATCH Exploit Unlikely This Week

Security feature bypass in Windows Secure Boot enables a local high-privileged attacker to defeat the platform's boot-time integrity protections, achieving high confidentiality and integrity impact across a changed security scope. The flaw stems from a protection mechanism failure (CWE-284, Improper Access Control) that undermines the trust boundary Secure Boot is designed to enforce. At the time of analysis, no public exploit has been identified and the issue is not listed in CISA KEV, but the scope-changed CVSS of 7.9 reflects the severity of subverting a root-of-trust security control.

Authentication Bypass Microsoft Windows 10 1607 +12
NVD VulDB
EPSS 0% CVSS 7.9
HIGH PATCH Exploit Unlikely This Week

Security feature bypass in Windows Secure Boot allows a high-privileged local attacker to circumvent the boot integrity protection mechanism, undermining trust in the Windows boot chain. The flaw (CWE-1329, reliance on a component that is not updateable) carries a CVSS 7.9 rating due to scope change and high impact on confidentiality and integrity, and no public exploit has been identified at time of analysis. Successful exploitation could enable pre-OS persistence such as bootkits, defeating a foundational Windows security control.

Authentication Bypass Microsoft Windows 10 1607 +12
NVD VulDB
EPSS 0% CVSS 7.9
HIGH PATCH Exploit Unlikely This Week

Secure Boot bypass in Microsoft Windows allows an authorized local attacker with high privileges to defeat the platform's protection mechanism and tamper with the pre-OS boot chain. The CVSS 7.9 score reflects a scope-changing impact on confidentiality and integrity from a local vector, and no public exploit identified at time of analysis. The single MSRC reference indicates a Microsoft-tracked issue that primarily threatens code-integrity and boot-trust guarantees rather than runtime availability.

Authentication Bypass Microsoft Windows 10 1607 +12
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft Remote Desktop Client is possible via a heap-based buffer overflow that an unauthenticated remote attacker can trigger when a user is convinced to connect to a malicious RDP server. The flaw is rated CVSS 7.5 (High) with attack complexity High and required user interaction, and no public exploit identified at time of analysis. The CWE-416 classification combined with the vendor's tags points to a use-after-free condition reachable through crafted RDP server responses.

Buffer Overflow Memory Corruption Use After Free +10
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote code execution in Microsoft Remote Desktop Client is possible when a victim connects to an attacker-controlled or compromised RDP server, triggering a heap-based buffer overflow that leads to arbitrary code execution on the client machine. The flaw is unauthenticated from the server side but requires user interaction and high attack complexity, and no public exploit identified at time of analysis. CVSS is rated 7.5 (High) with confidentiality, integrity, and availability impact.

Use After Free Memory Corruption Buffer Overflow +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Microsoft Remote Desktop Client occurs when a user connects to an attacker-controlled RDP server, allowing the server to corrupt heap memory and execute arbitrary code on the client endpoint. The flaw carries a CVSS 8.8 (High) rating reflecting network reach with required user interaction, and no public exploit is identified at time of analysis. The attack pivots the traditional RDP threat model - attackers compromise clients that initiate outbound connections rather than exposed servers.

Use After Free Memory Corruption Buffer Overflow +13
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Heap-based buffer overflow in Microsoft Remote Desktop Client enables remote code execution when a user connects to a malicious RDP server, with the attacker gaining the same privileges as the connecting user. The CVSS 8.8 score reflects network-reachable exploitation requiring only minimal user interaction (initiating an RDP session), and no public exploit has been identified at time of analysis. The flaw is reported by Microsoft Security Response Center (secure@microsoft.com) and is categorized as CWE-122 heap-based buffer overflow.

Heap Overflow Buffer Overflow Windows App +13
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH Exploit Likely This Month

Security feature bypass in Microsoft Windows BitLocker allows an attacker with physical access to circumvent the drive encryption protection mechanism. Affected systems can have BitLocker-protected data accessed despite the encryption-at-rest control being enabled, undermining a core platform confidentiality boundary. There is no public exploit identified at time of analysis, but the vulnerability is reported by Microsoft (secure@microsoft.com) as a protection mechanism failure with high impact across confidentiality, integrity, and availability.

Authentication Bypass Microsoft Windows 10 1607 +12
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege escalation in Microsoft Windows Kernel allows an authenticated low-privilege attacker to elevate to SYSTEM by triggering a use-after-free condition in kernel memory. The flaw carries a CVSS 7.0 rating with high attack complexity, and no public exploit identified at time of analysis. Exploitation requires a race condition or specific timing to be won, which constrains reliable weaponization but does not eliminate the risk on multi-user or shared Windows hosts.

Denial Of Service Heap Overflow Microsoft +14
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Information disclosure in Microsoft Windows Remote Desktop Protocol (RDP) allows remote unauthenticated attackers to read out-of-bounds memory over the network, potentially exposing sensitive data from the RDP service process. The flaw is reachable without authentication or user interaction across any exposed RDP endpoint, and no public exploit identified at time of analysis. Microsoft has assigned the issue a CVSS 3.1 score of 7.5 reflecting high confidentiality impact with no integrity or availability effect.

Information Disclosure Microsoft Buffer Overflow +15
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Ancillary Function Driver (AFD.sys) for WinSock allows an authenticated low-privileged user to gain SYSTEM-level access through a use-after-free condition. The flaw was reported by Microsoft (MSRC) and carries a CVSS 7.8 score with high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, though the AFD.sys driver has a long history of similar bugs being weaponized post-disclosure.

Denial Of Service Heap Overflow Microsoft +14
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH Exploit Unlikely This Week

Remote code execution in the Microsoft Windows Universal Plug and Play stack (upnp.dll) allows unauthenticated network attackers to execute arbitrary code on affected hosts by triggering a memory-safety flaw in the UPnP service. The issue carries a CVSS 3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N), reflecting network reachability without credentials but high attack complexity. At time of analysis there is no public exploit identified and the CVE is not listed in CISA KEV.

Denial Of Service Memory Corruption Windows 10 1607 +12
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Out-of-bounds read in the Windows DHCP Server service enables a locally authenticated, low-privileged attacker to disclose contents of process memory on affected systems. The CVSS vector (AV:L/AC:L/PR:L/UI:N) confirms this is a local, low-complexity attack requiring only standard user privileges - no elevated rights or user interaction needed. Exploitation is constrained to hosts where the Windows DHCP Server role is actively installed and running, which significantly limits the attack surface to designated infrastructure servers rather than general workstations. No public exploit code has been identified at time of analysis, and this CVE does not appear in the CISA KEV catalog.

Information Disclosure Microsoft Buffer Overflow +13
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Out-of-bounds read in Windows DHCP Server exposes adjacent memory contents and can crash the service, yielding both information disclosure and a high-severity denial-of-service condition on affected Windows systems. The flaw (CWE-125) is exploitable locally with low attack complexity and no user interaction, targeting systems where the DHCP Server role is installed across a broad range of Windows 10, 11, and Server editions from 2012 through 2025. No public exploit has been identified at time of analysis, and Microsoft has released patched builds via the MSRC update guide (CVE-2026-45608).

Information Disclosure Microsoft Buffer Overflow +13
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Ancillary Function Driver for WinSock (afd.sys) allows an authenticated low-privileged user to elevate to SYSTEM by winning a race condition that triggers a use-after-free. The flaw is reported by Microsoft (MSRC) and carries CVSS 7.0 with high attack complexity, but no public exploit is identified at time of analysis and it is not listed in CISA KEV.

Denial Of Service Microsoft Race Condition +13
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Exploit Unlikely Act Now

Remote tampering in Microsoft Windows DHCP Server allows unauthenticated network attackers to manipulate critical data with high confidentiality and integrity impact, as reflected by the 9.1 CVSS score. The vulnerability is reachable over the network without privileges or user interaction, and no public exploit identified at time of analysis. The combination of authentication bypass tagging and DHCP's role as a core network infrastructure service makes this a high-priority issue for any Windows environment running the DHCP Server role.

Authentication Bypass Microsoft Windows 10 1607 +12
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Ancillary Function Driver for WinSock (AFD.sys) allows an authenticated low-privileged attacker to win a race condition and gain SYSTEM-level execution. The flaw is a use-after-free triggered through concurrent WinSock operations, and at time of analysis no public exploit has been identified and the CVE is not on the CISA KEV list.

Denial Of Service Microsoft Race Condition +13
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Ancillary Function Driver for WinSock (afd.sys) allows an authenticated low-privileged user to win a race condition and trigger a use-after-free, enabling code execution at kernel level. No public exploit identified at time of analysis, but AFD.sys has a long history of being a preferred LPE target and Microsoft has marked the issue as important. EPSS data was not provided in the source feed.

Denial Of Service Microsoft Race Condition +13
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Likely Act Now

Local code execution in Microsoft Windows Win32K GRFX (graphics) subsystem allows an attacker with low-privilege local access to run arbitrary code by triggering an integer overflow, after coaxing a user into interacting with a crafted graphics object. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, though Win32K bugs historically attract rapid exploit development for privilege escalation in post-compromise chains.

Microsoft Integer Overflow Buffer Overflow +16
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Likely Act Now

Local code execution in the Windows Win32K GRFX (graphics) subsystem allows an unauthorized attacker with the ability to run code locally to escalate privileges through an integer overflow. The flaw was reported by Microsoft (MSRC) and carries a CVSS 7.8, but requires user interaction (UI:R) and local access (AV:L), and no public exploit identified at time of analysis.

Microsoft Integer Overflow Buffer Overflow +16
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Desktop Window Manager (DWM) Core Library allows an authenticated low-privilege attacker to gain higher privileges through a use-after-free memory corruption flaw. The vulnerability carries a CVSS score of 7.8 with high impact across confidentiality, integrity, and availability, and no public exploit identified at time of analysis. Successful exploitation typically yields SYSTEM-level code execution on the affected Windows host.

Microsoft Use After Free Memory Corruption +11
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft Remote Desktop Client is possible when a victim connects to an attacker-controlled RDP server, where a heap-based buffer overflow (linked to use-after-free memory corruption per vendor tags) enables arbitrary code execution on the client machine. The CVSS 7.5 score reflects high attack complexity and required user interaction, and no public exploit identified at time of analysis. SSVC assessment from CISA rates exploitation as 'none' and automatable as 'no', though technical impact is total.

Use After Free Memory Corruption Buffer Overflow +15
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft Remote Desktop Client arises from a heap-based buffer overflow (CWE-122) that an unauthenticated network attacker can trigger when a victim connects to or interacts with a malicious server. Microsoft (secure@microsoft.com) is the originating reporter and has published an advisory in the MSRC update guide, with no public exploit identified at time of analysis. The CVSS 7.5 (High) rating reflects high attack complexity and required user interaction, but successful exploitation yields full confidentiality, integrity, and availability impact on the client host.

Heap Overflow Buffer Overflow Remote Desktop Client +14
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft Remote Desktop Client is possible when a user is enticed to connect to an attacker-controlled RDP server, triggering a heap-based buffer overflow (CWE-122). The flaw scores CVSS 7.5 (AV:N/AC:H/PR:N/UI:R) and, while no public exploit is identified at time of analysis, the network-reachable nature and full CIA impact make it a meaningful client-side risk for users connecting to untrusted endpoints.

Buffer Overflow Heap Overflow Windows App +12
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Microsoft Graphics Component allows an authenticated low-privileged attacker to gain elevated rights via a use-after-free memory corruption flaw (CWE-416). The issue carries a CVSS 7.8 (High) rating with full confidentiality, integrity, and availability impact on the affected host. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Microsoft Denial Of Service Memory Corruption +14
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH Exploit Likely This Week

Remote code execution in Microsoft Remote Desktop Client is possible when a victim connects to an attacker-controlled or compromised RDP server, triggering a heap-based buffer overflow that runs attacker code in the client's context. The flaw (CWE-416 use-after-free / heap corruption) carries CVSS 8.8 and requires user interaction, with no public exploit identified at time of analysis. A vendor patch is available via Microsoft MSRC.

Use After Free Memory Corruption Buffer Overflow +15
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Windows Push Notifications contains a use-of-uninitialized-resource flaw (CWE-200) that enables a locally authenticated attacker to read sensitive information from memory without elevation of privilege. Affecting a wide range of Windows 10, Windows 11, and Windows Server builds, the vulnerability requires only low-privilege local access and no user interaction to trigger. No public exploit code has been identified at time of analysis, and CISA SSVC rates exploitation as none with partial technical impact, placing this in a lower-urgency remediation band despite the High confidentiality rating in the CVSS vector.

Information Disclosure Microsoft Windows 10 1607 +11
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Windows Push Notifications on multiple Windows 10, Windows 11, and Windows Server versions exposes sensitive memory contents through an uninitialized resource condition, allowing a low-privileged local user to read high-confidentiality data without any user interaction. The CVSS vector (AV:L/PR:L) confirms this is strictly a local privilege issue - no remote attack path exists - limiting its practical blast radius to insider threats and post-compromise lateral reconnaissance. No public exploit has been identified at time of analysis, and Microsoft has released patches addressing all listed affected versions.

Information Disclosure Microsoft Windows 10 1607 +11
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Windows Push Notifications contains a use-of-uninitialized-resource flaw (CWE-200) that enables authenticated local attackers to disclose sensitive information across a wide breadth of Microsoft Windows desktop and server platforms. Spanning Windows 10 through Windows 11 25H2 and Windows Server 2012 through Server 2025, the vulnerability carries a CVSS 5.5 Medium score with high confidentiality impact (C:H) but no integrity or availability impact. Microsoft has released patches via the June 2026 Patch Tuesday cycle; no public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Information Disclosure Microsoft Windows 10 1607 +12
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows NT OS Kernel allows an authenticated low-privileged user to elevate to higher privileges through an integer underflow condition. The flaw carries a CVSS 7.8 (High) rating with no public exploit identified at time of analysis, but Microsoft has issued a patch via MSRC. Defenders should treat this as a standard Patch-Tuesday-class kernel EoP that becomes a critical post-compromise pivot once initial access is achieved.

Information Disclosure Microsoft Integer Overflow +13
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH Exploit Unlikely This Month

Windows Kerberos out-of-bounds read (CWE-125) allows a low-privilege network attacker to crash the Kerberos authentication service across all actively supported Windows client and server platforms, from Windows Server 2012 through Windows Server 2025 and Windows 11 26H1. The attack requires prior domain authentication and high-complexity triggering conditions (CVSS AC:H), limiting opportunistic mass exploitation, though a successful attack against a domain controller can deny authentication domain-wide by crashing the KDC. Vendor patches are available via the Microsoft MSRC advisory; no public exploit code exists and SSVC confirms no observed exploitation at time of analysis.

Denial Of Service Information Disclosure Microsoft +14
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote code execution in Microsoft Remote Desktop Client is possible when a user connects to an attacker-controlled or compromised RDP endpoint, where a race condition (CWE-362) can be triggered to corrupt heap memory and execute arbitrary code in the client process. The flaw is unauthenticated from the network attacker's perspective but requires user interaction to initiate the connection, and no public exploit has been identified at time of analysis.

Race Condition Buffer Overflow Remote Desktop Client +14
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH Exploit Unlikely This Month

Information disclosure in Windows Shell exposes sensitive data to authenticated low-privileged attackers, with a confirmed vendor patch available. The vulnerability stems from CWE-200 improper information exposure within the Windows Shell component, allowing confidentiality compromise with no integrity or availability impact. No public exploit code or CISA KEV listing has been identified at time of analysis, but the high confidentiality impact score (C:H) and low attack complexity elevate practical concern for environments where lateral movement or credential harvesting are threat vectors.

Information Disclosure Microsoft Windows 10 1809 +9
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Projected File System (ProjFS) Filter Driver allows an authenticated low-privileged user on a Windows host to escalate to higher privileges by triggering a buffer over-read in the kernel-mode driver. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but the CVSS 7.8 with low attack complexity and no user interaction makes it an attractive post-compromise target for endpoint operators.

Information Disclosure Microsoft Buffer Overflow +10
NVD VulDB
EPSS 0% CVSS 8.0
HIGH POC PATCH This Week

Remote code execution in Windows RRAS across Server 2016, 2022, and 2025 via an integer overflow vulnerability allows authenticated attackers to execute arbitrary code over the network with high privileges. Public exploit code exists for this vulnerability, and no patch is currently available. Authenticated users with network access can trigger the vulnerability through a simple interaction to gain complete system compromise.

Buffer Overflow Heap Overflow Microsoft +6
NVD VulDB GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Untrusted search path in Windows GDI allows an unauthorized attacker to execute code locally. [CVSS 7.8 HIGH]

Authentication Bypass Microsoft Windows Server 2022 23h2 +14
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Privilege escalation in Windows DWM Core Library affects Windows 10 versions 21H2 and 1809 through a use-after-free memory corruption vulnerability that allows authenticated local attackers to gain system-level privileges. The vulnerability requires local access and valid user credentials but no user interaction, creating a significant risk for multi-user systems. No patch is currently available.

Use After Free Microsoft Denial Of Service +7
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Privilege escalation in Windows Telephony Service through heap buffer overflow affects Windows 10 1607, Windows 11 25h2, and Windows Server 2012, allowing adjacent network attackers to gain elevated system access without authentication. The vulnerability has a high CVSS score of 8.8 but currently lacks a patch, creating significant risk for exposed systems. Exploitation requires network proximity but no user interaction.

Buffer Overflow Heap Overflow Microsoft +15
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Unauthorized disclosure of sensitive information in Windows Accessibility Infrastructure (ATBroker.exe) affects Windows Server 2019, 2025, Windows 10 22h2, and Windows 11 25h2, allowing local authenticated attackers to read confidential data. The vulnerability requires user privileges and local access but poses no risk to system integrity or availability. No patch is currently available for this issue.

Information Disclosure Microsoft Windows Server 2019 +14
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Windows Shell Link Processing leaks sensitive information over the network in Windows Server 2012, 2019, and 2022, enabling remote spoofing attacks without authentication or user interaction. An unauthenticated attacker can exploit this information disclosure to conduct spoofing attacks against affected systems. No patch is currently available.

Information Disclosure Microsoft Windows Server 2022 23h2 +14
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Information disclosure in Windows GDI+ affects Windows 11 (24h2, 25h2) and Windows Server 2012/2016, allowing unauthenticated attackers to read sensitive data remotely through an out-of-bounds memory access vulnerability. The flaw requires no user interaction and can be exploited over the network to compromise confidentiality without modifying system data or availability. No patch is currently available for this high-severity vulnerability.

Information Disclosure Buffer Overflow Microsoft +15
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Windows Ancillary Function Driver for WinSock in Windows Server 2025, 2022, and Windows 10 1809 contains insufficient input validation that allows authenticated local users to escalate privileges. An attacker with local access and valid credentials can exploit this vulnerability to gain elevated system permissions, though no patch is currently available. This HIGH severity vulnerability affects multiple Windows Server and client versions with no active exploit mitigation path.

Information Disclosure Microsoft Windows Server 2025 +14
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Windows Ancillary Function Driver for WinSock (AFD) in Windows 11 versions 24h2 and 26h1 contains a use-after-free vulnerability (CWE-416) that allows authenticated local attackers to escalate privileges through memory corruption. An attacker with local access could exploit this flaw to gain elevated system permissions, though no official patch is currently available.

Use After Free Microsoft Denial Of Service +16
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Privilege escalation in Windows Active Directory Domain Services (AD DS) across Windows 11, Windows 10, and Windows Server platforms allows authenticated network attackers to gain elevated privileges by exploiting improper validation of resource naming restrictions. An attacker with valid domain credentials can leverage this vulnerability to escalate their access level without user interaction. Currently, no patch is available, leaving all affected Windows versions vulnerable.

Information Disclosure Windows 11 23h2 Windows 11 26h1 +13
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Windows Ancillary Function Driver for WinSock in Windows 10 (all versions) and Windows 11 contains an access control weakness that enables authenticated local attackers to escalate privileges to system level. An attacker with standard user credentials can exploit this flaw to gain elevated rights on affected systems. No patch is currently available for this vulnerability.

Authentication Bypass Microsoft Windows 10 22h2 +14
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Out-of-bounds read in Windows NTFS allows an authorized attacker to elevate privileges locally. [CVSS 7.8 HIGH]

Information Disclosure Buffer Overflow Microsoft +11
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Windows Extensible File Allocation (exFAT) contains an out-of-bounds read vulnerability affecting Windows Server 2022, Windows 10 1607, and Windows 11 versions 23h2/25h2, enabling authenticated local users to escalate privileges with high impact on confidentiality, integrity, and availability. The vulnerability requires local access and user-level privileges to exploit, with no patch currently available. This flaw carries a CVSS score of 7.8 and affects multiple supported Windows versions across server and client platforms.

Information Disclosure Buffer Overflow Microsoft +15
NVD VulDB
EPSS 0% CVSS 8.0
HIGH POC PATCH This Week

Remote code execution in Windows RRAS affects Windows 10 1607 and Windows Server 2022 23h2 through an integer overflow vulnerability exploitable by authenticated network attackers. Public exploit code exists for this vulnerability, enabling authenticated users to execute arbitrary code with high integrity and confidentiality impact. No patch is currently available, making this a critical exposure for affected Windows environments.

Microsoft Buffer Overflow Heap Overflow +15
NVD VulDB GitHub
Prev Page 4 of 48 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy