Skip to main content

Windows Server 2025

1235 CVEs product

Monthly

CVE-2026-54987 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Overlay Filter (WOF) driver allows an authenticated low-privileged user to elevate to SYSTEM by triggering a heap-based buffer overflow (CWE-122). The flaw spans a broad range of client and server SKUs from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 R2 through Server 2025. Microsoft has shipped a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +14
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-54989 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Quality Windows Audio/Video Experience (QWAVE) service lets an already-authenticated, low-privileged user elevate to higher privileges by exploiting a use-after-free (CWE-416) memory-corruption condition. The flaw spans a broad range of builds from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. Microsoft has released a patch; there is no public exploit identified at time of analysis, and the CVSS 3.1 base score is 7.0 (AV:L/AC:H/PR:L).

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +17
NVD VulDB
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-54129 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Hyper-V (CWE-416 use-after-free) allows an authenticated attacker already running low-privileged code on an affected host to elevate to higher privileges, with full confidentiality, integrity, and availability impact. Reported by Microsoft and affecting a broad range of Windows 10, Windows 11, and Windows Server builds including Server 2019/2022/2025. No public exploit identified at time of analysis, and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1809 +10
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-50695 HIGH PATCH This Week

Denial of service in Microsoft Active Directory Federation Services (AD FS) allows a remote, unauthenticated attacker to crash the service by triggering a stack-based buffer overflow over the network (CVSS 7.5, availability-only impact). Because AD FS brokers single sign-on and federated authentication, a successful attack can knock out login for every downstream application that relies on it. No public exploit has been identified at time of analysis, and it is not listed in CISA KEV.

Buffer Overflow Stack Overflow Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2026-54983 HIGH PATCH This Week

Denial of service in Microsoft Active Directory Federation Services (AD FS) lets a remote, unauthenticated attacker crash the service by triggering a stack-based buffer overflow (CWE-121) over the network. The flaw affects AD FS as shipped across a broad range of Windows client and server builds (Windows 10/11 and Windows Server 2012 through 2025). Microsoft - the reporting party - has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Buffer Overflow Stack Overflow Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2026-49784 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows App Store component (Windows 10 1607 through Windows 11 26H1, and Windows Server 2016 through 2025) allows an authorized low-privileged attacker to win a race condition on an improperly synchronized shared resource and gain higher privileges. Exploitation is local-only and high-complexity because it depends on reliably hitting a narrow timing window, and no public exploit has been identified at time of analysis. A vendor patch is available via Microsoft's MSRC update guide.

Microsoft Race Condition Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-49177 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows TCP/IP allows an authorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2026-49174 MEDIUM PATCH This Month

Missing authentication for critical function in Microsoft Windows DNS allows an authorized attacker to perform tampering locally.

Authentication Bypass Microsoft Windows 10 Version 1809 Windows 10 Version 21H2 Windows 10 Version 22H2 +8
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2026-49172 CRITICAL PATCH Exploit Unlikely Act Now

Remote code execution in the Microsoft Windows FTP Service allows an unauthenticated network attacker to run arbitrary code by triggering a heap-based buffer overflow (CWE-122). The flaw affects the FTP service across a broad range of Windows 10, Windows 11, and Windows Server (2019/2022/2025) builds and carries a critical CVSS 9.8 rating with no authentication or user interaction required. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the unauthenticated, network-reachable nature of the bug makes it a high-priority patch target.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +11
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2026-49175 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows DNS lets an already-authenticated, low-privileged attacker corrupt heap memory to gain higher (likely SYSTEM) privileges on affected Windows 10, Windows 11, and Windows Server 2022/2025 systems. The flaw is a heap-based buffer overflow (CWE-122) reported by Microsoft itself, with a vendor patch available via MSRC. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, so it currently represents a patch-priority rather than an emergency.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 21H2 Windows 10 Version 22H2 +6
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-49176 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows WalletService allows an authenticated low-privileged attacker to gain SYSTEM-level rights on the host, per CVSS:3.1 AV:L/AC:L/PR:L (7.8, High). The flaw stems from improper privilege management (CWE-269) in the WalletService component and affects a broad range of Windows client and server builds. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but a vendor patch from Microsoft is available.

Microsoft Privilege Escalation Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +11
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-49171 HIGH PATCH Exploit Unlikely This Week

Local privilege elevation in the Windows Speech component (Text-to-Speech / speech runtime) affects a broad range of Windows 10, Windows 11, and Windows Server releases, where a use-after-free (CWE-416) lets an already-authenticated local user corrupt memory to run code at higher privilege. Exploitation is non-trivial - it requires local access, low-level authentication, user interaction, and winning a memory-timing condition - and the CVSS 7.5 rating reflects a scope-changed, high-impact outcome. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV, so this is a patch-on-cycle EoP rather than an emergency.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +13
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-49170 HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Windows StateRepository API lets an already-authenticated low-privileged user gain higher (typically SYSTEM-level) privileges due to insufficiently granular access control (CWE-1220). It affects a broad range of currently supported Windows client and server builds (Windows 10 1809 through Windows 11 26H1, and Windows Server 2019/2022/2025). The flaw was reported by Microsoft, a vendor patch is available, and there is no public exploit identified at time of analysis (not listed in CISA KEV).

Microsoft Information Disclosure Windows 10 Version 1809 Windows 10 Version 21H2 Windows 10 Version 22H2 +8
NVD
CVSS 3.1
7.8
EPSS
2.5%
CVE-2026-49169 HIGH PATCH Exploit Unlikely This Week

Remote code execution in the Windows Server 2025 DNS Server role allows a privileged, authenticated attacker to run arbitrary code over the network by triggering a use-after-free (CWE-416) memory-corruption condition. The flaw carries a CVSS 8.0 rating with a changed scope, meaning successful exploitation can affect resources beyond the vulnerable component. Microsoft has issued a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Windows Server 2025 Windows Server 2025 Server Core Installation
NVD
CVSS 3.1
8.0
EPSS
0.5%
CVE-2026-49168 MEDIUM PATCH Exploit Unlikely This Month

Integer overflow or wraparound in Windows Storage Spaces Direct allows an unauthorized attacker to elevate privileges with a physical attack.

Buffer Overflow Microsoft Integer Overflow Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2026-49167 MEDIUM PATCH Exploit Unlikely This Month

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1809 +10
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2026-49166 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Printer Drivers on Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 allows an authenticated local attacker to gain SYSTEM-level privileges by triggering a use-after-free memory-corruption condition. The flaw grants full confidentiality, integrity, and availability impact (C:H/I:H/A:H) once low-level local access is obtained. Reported by Microsoft with a patch available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 24H2 +4
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-49165 HIGH PATCH Exploit Unlikely This Week

Local information disclosure in the Microsoft Windows App Store (Store/AppX component) affects a broad range of Windows 10, Windows 11, and Windows Server releases (1607 through 26H1, Server 2016/2019/2022/2025). An authorized local attacker can leverage a use of uninitialized resource (CWE-908) to read memory contents that should not be exposed, with CVSS 7.1 reflecting high confidentiality impact but requiring low-privileged authenticated local access. There is no public exploit identified at time of analysis, it is not listed in CISA KEV, and Microsoft has released a patch via the MSRC update guide.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +11
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2026-49164 HIGH PATCH NEWS This Week

Remote code execution in Microsoft Active Directory Domain Services (AD DS) allows an unauthenticated network attacker to corrupt heap memory and run arbitrary code on affected domain controllers. The flaw (CVE-2026-49164, CVSS 8.1) spans a broad range of Windows client and server builds from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025, with full confidentiality, integrity, and availability impact. Microsoft has released a patch; there is no public exploit identified at time of analysis, and the high attack complexity (AC:H) tempers the practical exploitation likelihood.

Heap Overflow Buffer Overflow Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2026-49162 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Brokering File System (bfs.sys/Bfs component) affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 (including Server Core), where a use-after-free (CWE-416) lets an already-authenticated local attacker corrupt kernel/broker memory to gain SYSTEM-level privileges. Exploitation requires low privileges but high attack complexity, and there is no public exploit identified at time of analysis. Microsoft has released a patch via its MSRC update guide.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 24H2 +4
NVD VulDB
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-48571 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows App Installer (the AppX/MSIX deployment component) lets a low-privileged but authenticated user corrupt memory via a use-after-free (CWE-416) and gain higher privileges on the host. The flaw affects Windows 11 (23H2, 24H2, 25H2, 26H1) and Windows Server 2025, was reported by Microsoft, and has a vendor patch available. There is no public exploit identified at time of analysis and it is not on CISA KEV, though the CVSS 7.0 rating and full C/I/A impact make it a meaningful patch-cycle priority.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 23H2 +5
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-48572 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows App Installer (App Installer / MSIX handler) on Windows 11 (23H2 through 26H1) and Windows Server 2025 lets an already-authenticated local attacker win a timing race to elevate to higher privileges. The flaw stems from improper synchronization of a shared resource during concurrent execution, and Microsoft has released a patch. No public exploit identified at time of analysis, and it is not listed in CISA KEV.

Microsoft Race Condition Information Disclosure Windows 11 Version 23H2 Windows 11 Version 24H2 +4
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-42990 CRITICAL PATCH Act Now

Remote code execution in the Microsoft ODBC Driver for SQL Server (shipped across Windows 10, Windows 11, and Windows Server 2012 through 2025) stems from a heap-based buffer overflow that lets an attacker run arbitrary code over the network. The supplied CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N) scores it 9.8 and marks it unauthenticated, though as a database driver flaw the realistic trigger is a client connecting to a malicious or compromised SQL Server endpoint. There is no public exploit identified at time of analysis and no CISA KEV listing, so this is a high-severity but not yet actively-exploited issue.

Heap Overflow Buffer Overflow Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +16
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2026-42975 HIGH PATCH Exploit Unlikely This Week

Remote code execution in the Windows Bluetooth Port Driver lets an adjacent, unauthenticated attacker corrupt heap memory to run arbitrary code on the target after minimal user interaction. The flaw (CWE-122 heap-based buffer overflow) affects a broad range of client and server SKUs from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through 2025, with full confidentiality, integrity, and availability impact (CVSS 8.0). There is no public exploit identified at time of analysis, but a vendor patch is available from Microsoft.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2026-42900 HIGH PATCH This Week

Privilege elevation in the Windows App Store component affects a broad range of Microsoft Windows client and server releases (Windows 10 1607 through Windows 11 26H1, and Windows Server 2016 through 2025), where a race condition (CWE-362) lets an unauthorized attacker win a timing window to gain elevated privileges over a network. The CVSS 3.1 score is 8.1 with a network vector and no authentication (PR:N), but high attack complexity (AC:H) reflects the difficulty of reliably winning the race. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; a vendor patch is available from Microsoft.

Authentication Bypass Microsoft Race Condition Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2026-34346 MEDIUM PATCH Exploit Unlikely This Month

Cleartext transmission of sensitive information in Windows Ancillary Function Driver for WinSock allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +16
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2026-34349 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Media allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1809 Windows 10 Version 21H2 Windows 10 Version 22H2 +8
NVD VulDB
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-42982 HIGH PATCH NEWS Exploit Unlikely This Week

Local privilege escalation in Windows Secure Kernel Mode (SKM/VTL1) allows an already-authenticated attacker to elevate to higher privileges on affected Windows 10, Windows 11 (through 26H1), and Windows Server 2016-2025 systems. The flaw stems from improper consistency validation of input crossing the trust boundary into the isolated secure kernel (CWE-1288), yielding full confidentiality, integrity, and availability impact on the local host. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +12
NVD VulDB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50507 MEDIUM PATCH Exploit Likely This Month

BitLocker's protection mechanism on Windows fails to enforce a critical authentication or verification step, permitting a physically present attacker to bypass full-disk encryption without credentials, a recovery key, or elevated privileges. Despite a CVSS score of 6.8 (Medium) - moderated by the physical access requirement - the impact ratings are High across confidentiality, integrity, and availability, meaning successful exploitation grants complete access to encrypted data and the underlying system. No public exploit has been identified at time of analysis, and Microsoft has released a patch via the MSRC update guide.

Authentication Bypass Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +10
NVD VulDB
CVSS 3.1
6.8
EPSS
0.1%
CVE-2026-48578 HIGH PATCH Exploit Unlikely This Week

Security feature bypass in Windows Secure Boot enables a local high-privileged attacker to defeat the platform's boot-time integrity protections, achieving high confidentiality and integrity impact across a changed security scope. The flaw stems from a protection mechanism failure (CWE-284, Improper Access Control) that undermines the trust boundary Secure Boot is designed to enforce. At the time of analysis, no public exploit has been identified and the issue is not listed in CISA KEV, but the scope-changed CVSS of 7.9 reflects the severity of subverting a root-of-trust security control.

Authentication Bypass Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +10
NVD VulDB
CVSS 3.1
7.9
EPSS
0.1%
CVE-2026-48576 HIGH PATCH Exploit Unlikely This Week

Security feature bypass in Windows Secure Boot allows a high-privileged local attacker to circumvent the boot integrity protection mechanism, undermining trust in the Windows boot chain. The flaw (CWE-1329, reliance on a component that is not updateable) carries a CVSS 7.9 rating due to scope change and high impact on confidentiality and integrity, and no public exploit has been identified at time of analysis. Successful exploitation could enable pre-OS persistence such as bootkits, defeating a foundational Windows security control.

Authentication Bypass Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +10
NVD VulDB
CVSS 3.1
7.9
EPSS
0.3%
CVE-2026-48573 HIGH PATCH Exploit Unlikely This Week

Secure Boot bypass in Microsoft Windows allows an authorized local attacker with high privileges to defeat the platform's protection mechanism and tamper with the pre-OS boot chain. The CVSS 7.9 score reflects a scope-changing impact on confidentiality and integrity from a local vector, and no public exploit identified at time of analysis. The single MSRC reference indicates a Microsoft-tracked issue that primarily threatens code-integrity and boot-trust guarantees rather than runtime availability.

Authentication Bypass Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +10
NVD VulDB
CVSS 3.1
7.9
EPSS
0.3%
CVE-2026-48563 HIGH PATCH NEWS Exploit Unlikely This Week

Remote code execution in Microsoft Remote Desktop Client is possible via a heap-based buffer overflow that an unauthenticated remote attacker can trigger when a user is convinced to connect to a malicious RDP server. The flaw is rated CVSS 7.5 (High) with attack complexity High and required user interaction, and no public exploit identified at time of analysis. The CWE-416 classification combined with the vendor's tags points to a use-after-free condition reachable through crafted RDP server responses.

Buffer Overflow Memory Corruption Use After Free Windows 10 1809 Windows 10 21h2 +8
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-47654 HIGH PATCH NEWS This Week

Remote code execution in Microsoft Remote Desktop Client is possible when a victim connects to an attacker-controlled or compromised RDP server, triggering a heap-based buffer overflow that leads to arbitrary code execution on the client machine. The flaw is unauthenticated from the server side but requires user interaction and high attack complexity, and no public exploit identified at time of analysis. CVSS is rated 7.5 (High) with confidentiality, integrity, and availability impact.

Use After Free Memory Corruption Buffer Overflow Windows Server 2016 Windows Server 2019 +2
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-47653 HIGH PATCH This Week

Remote code execution in Microsoft Remote Desktop Client occurs when a user connects to an attacker-controlled RDP server, allowing the server to corrupt heap memory and execute arbitrary code on the client endpoint. The flaw carries a CVSS 8.8 (High) rating reflecting network reach with required user interaction, and no public exploit is identified at time of analysis. The attack pivots the traditional RDP threat model - attackers compromise clients that initiate outbound connections rather than exposed servers.

Use After Free Memory Corruption Buffer Overflow Windows 10 1607 Windows 10 1809 +11
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-47652 HIGH PATCH NEWS Exploit Unlikely This Week

Local code execution in Microsoft Windows Hyper-V stems from an out-of-bounds read condition (CWE-122 heap-based buffer overflow) that an attacker with high privileges on a guest or host context can leverage to break confidentiality, integrity, and availability boundaries. The CVSS 8.2 score is elevated by a scope change (S:C), indicating the flaw enables crossing the hypervisor isolation boundary. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Heap Overflow Microsoft Buffer Overflow Windows 11 23h2 Windows 11 24h2 +4
NVD VulDB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-47289 HIGH PATCH NEWS Exploit Unlikely This Week

Heap-based buffer overflow in Microsoft Remote Desktop Client enables remote code execution when a user connects to a malicious RDP server, with the attacker gaining the same privileges as the connecting user. The CVSS 8.8 score reflects network-reachable exploitation requiring only minimal user interaction (initiating an RDP session), and no public exploit has been identified at time of analysis. The flaw is reported by Microsoft Security Response Center (secure@microsoft.com) and is categorized as CWE-122 heap-based buffer overflow.

Heap Overflow Buffer Overflow Windows App Windows 10 1607 Windows 10 1809 +11
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-45658 MEDIUM PATCH Exploit Likely This Month

Security feature bypass in Microsoft Windows BitLocker allows an attacker with physical access to circumvent the drive encryption protection mechanism. Affected systems can have BitLocker-protected data accessed despite the encryption-at-rest control being enabled, undermining a core platform confidentiality boundary. There is no public exploit identified at time of analysis, but the vulnerability is reported by Microsoft (secure@microsoft.com) as a protection mechanism failure with high impact across confidentiality, integrity, and availability.

Authentication Bypass Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +10
NVD VulDB
CVSS 3.1
6.8
EPSS
0.1%
CVE-2026-45654 HIGH PATCH Exploit Unlikely This Week

Secure Boot bypass on Microsoft Windows allows an authorized local attacker with high privileges to defeat a platform integrity protection mechanism, leading to compromise of confidentiality and integrity outside the original security boundary. The scope-changed CVSS 7.9 rating reflects that successful exploitation breaks out of the Secure Boot trust domain, though no public exploit is identified at time of analysis and the issue is not listed in CISA KEV. Microsoft (secure@microsoft.com) issued the advisory via MSRC, and the weakness is classified as improper access control (CWE-284).

Authentication Bypass Microsoft Windows 11 24h2 Windows 11 25h2 Windows 11 26h1 +1
NVD VulDB
CVSS 3.1
7.9
EPSS
0.1%
CVE-2026-45653 HIGH PATCH This Week

Local privilege escalation in Microsoft Windows Kernel allows an authenticated low-privilege attacker to elevate to SYSTEM by triggering a use-after-free condition in kernel memory. The flaw carries a CVSS 7.0 rating with high attack complexity, and no public exploit identified at time of analysis. Exploitation requires a race condition or specific timing to be won, which constrains reliable weaponization but does not eliminate the risk on multi-user or shared Windows hosts.

Denial Of Service Heap Overflow Microsoft Buffer Overflow Windows 10 1607 +12
NVD VulDB
CVSS 3.1
7.0
EPSS
0.1%
CVE-2026-45641 HIGH PATCH NEWS Exploit Unlikely This Week

Local code execution in Microsoft Windows Hyper-V allows an authenticated attacker on a guest or host to escape sandbox boundaries by triggering an out-of-bounds read condition (CWE-843, type confusion) in the hypervisor. The flaw affects Windows 10 (21H2/22H2), Windows 11 (23H2/24H2/25H2/26H1), and Windows Server 2022/2025, with a vendor-released patch available and no public exploit identified at time of analysis. EPSS scoring of 0.15% and SSVC exploitation status of 'none' suggest limited near-term exploitation likelihood despite total technical impact potential.

Microsoft Memory Corruption Buffer Overflow Windows 10 21h2 Windows 10 22h2 +6
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-45639 HIGH PATCH Exploit Unlikely This Week

Information disclosure in Microsoft Windows Remote Desktop Protocol (RDP) allows remote unauthenticated attackers to read out-of-bounds memory over the network, potentially exposing sensitive data from the RDP service process. The flaw is reachable without authentication or user interaction across any exposed RDP endpoint, and no public exploit identified at time of analysis. Microsoft has assigned the issue a CVSS 3.1 score of 7.5 reflecting high confidentiality impact with no integrity or availability effect.

Information Disclosure Microsoft Buffer Overflow Remote Desktop Client Windows App +13
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-45638 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Ancillary Function Driver (AFD.sys) for WinSock allows an authenticated low-privileged user to gain SYSTEM-level access through a use-after-free condition. The flaw was reported by Microsoft (MSRC) and carries a CVSS 7.8 score with high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, though the AFD.sys driver has a long history of similar bugs being weaponized post-disclosure.

Denial Of Service Heap Overflow Microsoft Buffer Overflow Windows 10 1607 +12
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-45635 HIGH PATCH Exploit Unlikely This Week

Remote code execution in the Microsoft Windows Universal Plug and Play stack (upnp.dll) allows unauthenticated network attackers to execute arbitrary code on affected hosts by triggering a memory-safety flaw in the UPnP service. The issue carries a CVSS 3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N), reflecting network reachability without credentials but high attack complexity. At time of analysis there is no public exploit identified and the CVE is not listed in CISA KEV.

Denial Of Service Memory Corruption Windows 10 1607 Windows 10 1809 Windows 10 21h2 +10
NVD VulDB
CVSS 3.1
8.1
EPSS
0.4%
CVE-2026-45634 MEDIUM PATCH This Month

Out-of-bounds read in the Windows DHCP Server service enables a locally authenticated, low-privileged attacker to disclose contents of process memory on affected systems. The CVSS vector (AV:L/AC:L/PR:L/UI:N) confirms this is a local, low-complexity attack requiring only standard user privileges - no elevated rights or user interaction needed. Exploitation is constrained to hosts where the Windows DHCP Server role is actively installed and running, which significantly limits the attack surface to designated infrastructure servers rather than general workstations. No public exploit code has been identified at time of analysis, and this CVE does not appear in the CISA KEV catalog.

Information Disclosure Microsoft Buffer Overflow Windows 10 1607 Windows 10 1809 +11
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-45608 MEDIUM PATCH This Month

Out-of-bounds read in Windows DHCP Server exposes adjacent memory contents and can crash the service, yielding both information disclosure and a high-severity denial-of-service condition on affected Windows systems. The flaw (CWE-125) is exploitable locally with low attack complexity and no user interaction, targeting systems where the DHCP Server role is installed across a broad range of Windows 10, 11, and Server editions from 2012 through 2025. No public exploit has been identified at time of analysis, and Microsoft has released patched builds via the MSRC update guide (CVE-2026-45608).

Information Disclosure Microsoft Buffer Overflow Windows 10 1607 Windows 10 1809 +11
NVD VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-45603 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Ancillary Function Driver for WinSock (afd.sys) allows an authenticated low-privileged user to elevate to SYSTEM by winning a race condition that triggers a use-after-free. The flaw is reported by Microsoft (MSRC) and carries CVSS 7.0 with high attack complexity, but no public exploit is identified at time of analysis and it is not listed in CISA KEV.

Denial Of Service Microsoft Race Condition Windows 10 1607 Windows 10 1809 +11
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-45602 CRITICAL PATCH Exploit Unlikely Act Now

Remote tampering in Microsoft Windows DHCP Server allows unauthenticated network attackers to manipulate critical data with high confidentiality and integrity impact, as reflected by the 9.1 CVSS score. The vulnerability is reachable over the network without privileges or user interaction, and no public exploit identified at time of analysis. The combination of authentication bypass tagging and DHCP's role as a core network infrastructure service makes this a high-priority issue for any Windows environment running the DHCP Server role.

Authentication Bypass Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +10
NVD VulDB
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-45601 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Ancillary Function Driver for WinSock (AFD.sys) allows an authenticated low-privileged attacker to win a race condition and gain SYSTEM-level execution. The flaw is a use-after-free triggered through concurrent WinSock operations, and at time of analysis no public exploit has been identified and the CVE is not on the CISA KEV list.

Denial Of Service Microsoft Race Condition Windows 10 1607 Windows 10 1809 +11
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-45598 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Ancillary Function Driver for WinSock (afd.sys) allows an authenticated low-privileged user to win a race condition and trigger a use-after-free, enabling code execution at kernel level. No public exploit identified at time of analysis, but AFD.sys has a long history of being a preferred LPE target and Microsoft has marked the issue as important. EPSS data was not provided in the source feed.

Denial Of Service Microsoft Race Condition Windows 10 1607 Windows 10 1809 +11
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-44812 HIGH PATCH NEWS Exploit Likely Act Now

Local code execution in Microsoft Windows Win32K GRFX (graphics) subsystem allows an attacker with low-privilege local access to run arbitrary code by triggering an integer overflow, after coaxing a user into interacting with a crafted graphics object. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, though Win32K bugs historically attract rapid exploit development for privilege escalation in post-compromise chains.

Microsoft Integer Overflow Buffer Overflow Excel Powerpoint +14
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-44803 HIGH PATCH NEWS Exploit Likely Act Now

Local code execution in the Windows Win32K GRFX (graphics) subsystem allows an unauthorized attacker with the ability to run code locally to escalate privileges through an integer overflow. The flaw was reported by Microsoft (MSRC) and carries a CVSS 7.8, but requires user interaction (UI:R) and local access (AV:L), and no public exploit identified at time of analysis.

Microsoft Integer Overflow Buffer Overflow Excel Powerpoint +14
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-44802 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Desktop Window Manager (DWM) Core Library allows an authenticated low-privilege attacker to gain higher privileges through a use-after-free memory corruption flaw. The vulnerability carries a CVSS score of 7.8 with high impact across confidentiality, integrity, and availability, and no public exploit identified at time of analysis. Successful exploitation typically yields SYSTEM-level code execution on the affected Windows host.

Microsoft Use After Free Memory Corruption Denial Of Service Windows 10 1809 +9
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-44801 HIGH PATCH NEWS Exploit Unlikely This Week

Remote code execution in Microsoft Remote Desktop Client is possible when a victim connects to an attacker-controlled RDP server, where a heap-based buffer overflow (linked to use-after-free memory corruption per vendor tags) enables arbitrary code execution on the client machine. The CVSS 7.5 score reflects high attack complexity and required user interaction, and no public exploit identified at time of analysis. SSVC assessment from CISA rates exploitation as 'none' and automatable as 'no', though technical impact is total.

Use After Free Memory Corruption Buffer Overflow Remote Desktop Client Windows App +13
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-44799 HIGH PATCH NEWS Exploit Unlikely This Week

Remote code execution in Microsoft Remote Desktop Client arises from a heap-based buffer overflow (CWE-122) that an unauthenticated network attacker can trigger when a victim connects to or interacts with a malicious server. Microsoft (secure@microsoft.com) is the originating reporter and has published an advisory in the MSRC update guide, with no public exploit identified at time of analysis. The CVSS 7.5 (High) rating reflects high attack complexity and required user interaction, but successful exploitation yields full confidentiality, integrity, and availability impact on the client host.

Heap Overflow Buffer Overflow Remote Desktop Client Windows App Windows 10 1607 +12
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-42993 HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft Remote Desktop Client is possible when a user is lured into connecting to an attacker-controlled RDP server, where a heap-based buffer overflow (CWE-122) can be triggered to run arbitrary code on the client machine. The flaw was reported by Microsoft (secure@microsoft.com) and carries a CVSS 3.1 score of 7.5, reflecting high attack complexity and the requirement for user interaction. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Heap Overflow Buffer Overflow Windows 10 21h2 Windows 10 22h2 Windows 11 23h2 +5
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-42992 HIGH PATCH NEWS Exploit Unlikely This Week

Remote code execution in Microsoft Remote Desktop Client is possible when a user is enticed to connect to an attacker-controlled RDP server, triggering a heap-based buffer overflow (CWE-122). The flaw scores CVSS 7.5 (AV:N/AC:H/PR:N/UI:R) and, while no public exploit is identified at time of analysis, the network-reachable nature and full CIA impact make it a meaningful client-side risk for users connecting to untrusted endpoints.

Buffer Overflow Heap Overflow Windows App Windows 10 1607 Windows 10 1809 +10
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-42986 HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Microsoft Graphics Component allows an authenticated low-privileged attacker to gain elevated rights via a use-after-free memory corruption flaw (CWE-416). The issue carries a CVSS 7.8 (High) rating with full confidentiality, integrity, and availability impact on the affected host. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Microsoft Denial Of Service Memory Corruption Use After Free Windows 10 1607 +12
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-42985 HIGH PATCH NEWS Exploit Likely This Week

Remote code execution in Microsoft Remote Desktop Client is possible when a victim connects to an attacker-controlled or compromised RDP server, triggering a heap-based buffer overflow that runs attacker code in the client's context. The flaw (CWE-416 use-after-free / heap corruption) carries CVSS 8.8 and requires user interaction, with no public exploit identified at time of analysis. A vendor patch is available via Microsoft MSRC.

Use After Free Memory Corruption Buffer Overflow Remote Desktop Client Windows App +13
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-42974 HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft Windows Performance Monitor (PerfMon) allows unauthenticated network-based attackers to execute arbitrary code by triggering an integer underflow condition. The flaw carries a CVSS 3.1 score of 8.1 driven by high impact across confidentiality, integrity, and availability, though high attack complexity (AC:H) tempers exploitability. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, but Microsoft has released a patch via MSRC guidance.

Authentication Bypass Microsoft Integer Overflow Windows 11 23h2 Windows 11 24h2 +4
NVD VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-42973 MEDIUM PATCH Exploit Unlikely This Month

Windows Push Notifications contains a use-of-uninitialized-resource flaw (CWE-200) that enables a locally authenticated attacker to read sensitive information from memory without elevation of privilege. Affecting a wide range of Windows 10, Windows 11, and Windows Server builds, the vulnerability requires only low-privilege local access and no user interaction to trigger. No public exploit code has been identified at time of analysis, and CISA SSVC rates exploitation as none with partial technical impact, placing this in a lower-urgency remediation band despite the High confidentiality rating in the CVSS vector.

Information Disclosure Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +9
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-42971 MEDIUM PATCH Exploit Unlikely This Month

Windows Push Notifications on multiple Windows 10, Windows 11, and Windows Server versions exposes sensitive memory contents through an uninitialized resource condition, allowing a low-privileged local user to read high-confidentiality data without any user interaction. The CVSS vector (AV:L/PR:L) confirms this is strictly a local privilege issue - no remote attack path exists - limiting its practical blast radius to insider threats and post-compromise lateral reconnaissance. No public exploit has been identified at time of analysis, and Microsoft has released patches addressing all listed affected versions.

Information Disclosure Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +9
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-42970 MEDIUM PATCH Exploit Unlikely This Month

Windows Push Notifications contains a use-of-uninitialized-resource flaw (CWE-200) that enables authenticated local attackers to disclose sensitive information across a wide breadth of Microsoft Windows desktop and server platforms. Spanning Windows 10 through Windows 11 25H2 and Windows Server 2012 through Server 2025, the vulnerability carries a CVSS 5.5 Medium score with high confidentiality impact (C:H) but no integrity or availability impact. Microsoft has released patches via the June 2026 Patch Tuesday cycle; no public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Information Disclosure Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +10
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-42916 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows NT OS Kernel allows an authenticated low-privileged user to elevate to higher privileges through an integer underflow condition. The flaw carries a CVSS 7.8 (High) rating with no public exploit identified at time of analysis, but Microsoft has issued a patch via MSRC. Defenders should treat this as a standard Patch-Tuesday-class kernel EoP that becomes a critical post-compromise pivot once initial access is achieved.

Information Disclosure Microsoft Integer Overflow Windows 10 1607 Windows 10 1809 +11
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-42915 MEDIUM PATCH Exploit Unlikely This Month

Denial-of-service in the Windows TCP/IP stack allows an authenticated attacker on an adjacent network to crash the networking subsystem of affected Windows hosts via an incorrect buffer size calculation. Affected systems span Windows 10 (21H2, 22H2), Windows 11 (23H2 through 26H1), Windows Server 2022, and Windows Server 2025 - all unpatched builds within Microsoft-documented version ranges. No public exploit identified at time of analysis, though Microsoft has released fixes addressable via Windows Update; the vulnerability is not listed in the CISA KEV catalog.

Information Disclosure Microsoft Windows 10 21h2 Windows 10 22h2 Windows 11 23h2 +5
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2026-42914 MEDIUM PATCH Exploit Unlikely This Month

Windows Kerberos out-of-bounds read (CWE-125) allows a low-privilege network attacker to crash the Kerberos authentication service across all actively supported Windows client and server platforms, from Windows Server 2012 through Windows Server 2025 and Windows 11 26H1. The attack requires prior domain authentication and high-complexity triggering conditions (CVSS AC:H), limiting opportunistic mass exploitation, though a successful attack against a domain controller can deny authentication domain-wide by crashing the KDC. Vendor patches are available via the Microsoft MSRC advisory; no public exploit code exists and SSVC confirms no observed exploitation at time of analysis.

Denial Of Service Information Disclosure Microsoft Buffer Overflow Windows 10 1607 +12
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-42913 HIGH PATCH This Week

Remote code execution in Microsoft Remote Desktop Client is possible when a user connects to an attacker-controlled RDP server, where a heap-based buffer overflow triggered by a race condition (CWE-362) allows arbitrary code execution on the client machine. The flaw carries a CVSS 7.5 (High) rating with high attack complexity and required user interaction, and no public exploit identified at time of analysis. Microsoft has released a patch via MSRC advisory CVE-2026-42913.

Race Condition Buffer Overflow Remote Desktop Client Windows 11 23h2 Windows 11 24h2 +4
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-42909 HIGH PATCH This Week

Remote code execution in Microsoft Remote Desktop Client is possible when a user connects to an attacker-controlled or compromised RDP endpoint, where a race condition (CWE-362) can be triggered to corrupt heap memory and execute arbitrary code in the client process. The flaw is unauthenticated from the network attacker's perspective but requires user interaction to initiate the connection, and no public exploit has been identified at time of analysis.

Race Condition Buffer Overflow Remote Desktop Client Windows App Windows 10 1607 +12
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-42907 MEDIUM PATCH Exploit Unlikely This Month

Information disclosure in Windows Shell exposes sensitive data to authenticated low-privileged attackers, with a confirmed vendor patch available. The vulnerability stems from CWE-200 improper information exposure within the Windows Shell component, allowing confidentiality compromise with no integrity or availability impact. No public exploit code or CISA KEV listing has been identified at time of analysis, but the high confidentiality impact score (C:H) and low attack complexity elevate practical concern for environments where lateral movement or credential harvesting are threat vectors.

Information Disclosure Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +7
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-42837 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Projected File System (ProjFS) Filter Driver allows an authenticated low-privileged user on a Windows host to escalate to higher privileges by triggering a buffer over-read in the kernel-mode driver. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but the CVSS 7.8 with low attack complexity and no user interaction makes it an attractive post-compromise target for endpoint operators.

Information Disclosure Microsoft Buffer Overflow Windows 10 1809 Windows 10 21h2 +8
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-40369 HIGH PATCH Exploit Likely This Week

Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.

Microsoft Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 Windows 11 Version 26H1 +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-33841 HIGH PATCH Exploit Likely This Week

Local privilege escalation in Windows Kernel across Windows 10, Windows 11 (versions 22H3 through 26H1), and Windows Server 2022 allows authenticated local attackers to gain SYSTEM-level privileges through heap corruption. Microsoft has released patches addressing this CWE-122 heap-based buffer overflow. EPSS data not available for risk quantification, and no CISA KEV listing indicates exploitation has not been publicly confirmed, though the vulnerability's low attack complexity (AC:L) and minimal prerequisites (PR:L) make it attractive for post-compromise privilege escalation in targeted attacks.

Heap Overflow Microsoft Buffer Overflow Windows 10 Version 21H2 Windows 10 Version 22H2 +9
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-26111 HIGH POC PATCH This Week

Remote code execution in Windows RRAS across Server 2016, 2022, and 2025 via an integer overflow vulnerability allows authenticated attackers to execute arbitrary code over the network with high privileges. Public exploit code exists for this vulnerability, and no patch is currently available. Authenticated users with network access can trigger the vulnerability through a simple interaction to gain complete system compromise.

Buffer Overflow Heap Overflow Microsoft Windows Server 2022 Windows Server 2016 +4
NVD VulDB GitHub
CVSS 3.1
8.0
EPSS
0.1%
CVE-2026-25190 HIGH PATCH This Week

Untrusted search path in Windows GDI allows an unauthorized attacker to execute code locally. [CVSS 7.8 HIGH]

Authentication Bypass Microsoft Windows Server 2022 23h2 Windows Server 2022 Windows 11 26h1 +12
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-25188 HIGH PATCH This Week

Privilege escalation in Windows Telephony Service through heap buffer overflow affects Windows 10 1607, Windows 11 25h2, and Windows Server 2012, allowing adjacent network attackers to gain elevated system access without authentication. The vulnerability has a high CVSS score of 8.8 but currently lacks a patch, creating significant risk for exposed systems. Exploitation requires network proximity but no user interaction.

Buffer Overflow Heap Overflow Microsoft Windows 10 1607 Windows 11 25h2 +13
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-25186 MEDIUM PATCH This Month

Unauthorized disclosure of sensitive information in Windows Accessibility Infrastructure (ATBroker.exe) affects Windows Server 2019, 2025, Windows 10 22h2, and Windows 11 25h2, allowing local authenticated attackers to read confidential data. The vulnerability requires user privileges and local access but poses no risk to system integrity or availability. No patch is currently available for this issue.

Information Disclosure Microsoft Windows Server 2019 Windows 10 22h2 Windows Server 2025 +12
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-25185 MEDIUM PATCH This Month

Windows Shell Link Processing leaks sensitive information over the network in Windows Server 2012, 2019, and 2022, enabling remote spoofing attacks without authentication or user interaction. An unauthenticated attacker can exploit this information disclosure to conduct spoofing attacks against affected systems. No patch is currently available.

Information Disclosure Microsoft Windows Server 2022 23h2 Windows Server 2012 Windows Server 2022 +12
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-25181 HIGH PATCH This Week

Information disclosure in Windows GDI+ affects Windows 11 (24h2, 25h2) and Windows Server 2012/2016, allowing unauthenticated attackers to read sensitive data remotely through an out-of-bounds memory access vulnerability. The flaw requires no user interaction and can be exploited over the network to compromise confidentiality without modifying system data or availability. No patch is currently available for this high-severity vulnerability.

Information Disclosure Buffer Overflow Microsoft Windows 11 24h2 Windows Server 2012 +13
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-25179 HIGH PATCH This Week

Windows Ancillary Function Driver for WinSock in Windows Server 2025, 2022, and Windows 10 1809 contains insufficient input validation that allows authenticated local users to escalate privileges. An attacker with local access and valid credentials can exploit this vulnerability to gain elevated system permissions, though no patch is currently available. This HIGH severity vulnerability affects multiple Windows Server and client versions with no active exploit mitigation path.

Information Disclosure Microsoft Windows Server 2025 Windows Server 2022 Windows Server 2022 23h2 +12
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-25178 HIGH PATCH This Week

Windows Ancillary Function Driver for WinSock (AFD) in Windows 11 versions 24h2 and 26h1 contains a use-after-free vulnerability (CWE-416) that allows authenticated local attackers to escalate privileges through memory corruption. An attacker with local access could exploit this flaw to gain elevated system permissions, though no official patch is currently available.

Use After Free Microsoft Denial Of Service Memory Corruption Windows 11 26h1 +14
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-25177 HIGH PATCH This Week

Privilege escalation in Windows Active Directory Domain Services (AD DS) across Windows 11, Windows 10, and Windows Server platforms allows authenticated network attackers to gain elevated privileges by exploiting improper validation of resource naming restrictions. An attacker with valid domain credentials can leverage this vulnerability to escalate their access level without user interaction. Currently, no patch is available, leaving all affected Windows versions vulnerable.

Information Disclosure Windows 11 23h2 Windows 11 26h1 Windows Server 2025 Windows 10 22h2 +11
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-25176 HIGH PATCH This Week

Windows Ancillary Function Driver for WinSock in Windows 10 (all versions) and Windows 11 contains an access control weakness that enables authenticated local attackers to escalate privileges to system level. An attacker with standard user credentials can exploit this flaw to gain elevated rights on affected systems. No patch is currently available for this vulnerability.

Authentication Bypass Microsoft Windows 10 22h2 Windows 10 1607 Windows Server 2019 +12
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-25174 HIGH PATCH This Week

Windows Extensible File Allocation (exFAT) contains an out-of-bounds read vulnerability affecting Windows Server 2022, Windows 10 1607, and Windows 11 versions 23h2/25h2, enabling authenticated local users to escalate privileges with high impact on confidentiality, integrity, and availability. The vulnerability requires local access and user-level privileges to exploit, with no patch currently available. This flaw carries a CVSS score of 7.8 and affects multiple supported Windows versions across server and client platforms.

Information Disclosure Buffer Overflow Microsoft Windows Server 2022 Windows 10 1607 +13
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-25173 HIGH POC PATCH This Week

Remote code execution in Windows RRAS affects Windows 10 1607 and Windows Server 2022 23h2 through an integer overflow vulnerability exploitable by authenticated network attackers. Public exploit code exists for this vulnerability, enabling authenticated users to execute arbitrary code with high integrity and confidentiality impact. No patch is currently available, making this a critical exposure for affected Windows environments.

Microsoft Buffer Overflow Heap Overflow Windows Server 2022 23h2 Windows 10 1607 +13
NVD VulDB GitHub
CVSS 3.1
8.0
EPSS
0.1%
CVE-2026-25172 HIGH POC PATCH This Week

Remote code execution in Windows Routing and Remote Access Service (RRAS) across Windows Server 2012, 2022, and 2022 23h2 stems from an integer overflow vulnerability that authenticated network attackers can exploit with user interaction. Public exploit code exists for this vulnerability, enabling attackers to achieve arbitrary code execution with high impact on confidentiality, integrity, and availability. No patch is currently available.

Microsoft Buffer Overflow Heap Overflow Windows Server 2022 Windows Server 2012 +5
NVD VulDB GitHub
CVSS 3.1
8.0
EPSS
0.1%
CVE-2026-25171 HIGH PATCH This Week

Privilege escalation in Windows Authentication Methods (Windows 10 22H2, Windows 11 26H1) stems from a use-after-free memory vulnerability that allows authenticated local attackers to gain elevated system privileges. The flaw requires low user privileges and manual interaction but provides complete system compromise through code execution. No patch is currently available for this high-severity vulnerability.

Use After Free Microsoft Denial Of Service Memory Corruption Windows 10 22h2 +14
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-25170 HIGH PATCH This Week

Use after free in Windows Hyper-V allows an authorized attacker to elevate privileges locally. [CVSS 7.0 HIGH]

Use After Free Microsoft Denial Of Service Memory Corruption Windows 11 23h2 +7
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-25169 MEDIUM PATCH This Month

A division by zero flaw in the Microsoft Graphics Component on Windows 10 and Windows 11 systems enables local attackers to trigger a denial of service condition without requiring special privileges or user interaction. The vulnerability affects multiple Windows versions including Windows 10 1607, 22h2 and Windows 11 25h2, 26h1, with no patch currently available.

Microsoft Authentication Bypass Windows 10 1607 Windows 11 25h2 Windows 11 26h1 +11
NVD VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-25168 MEDIUM PATCH This Month

Microsoft Graphics Component on Windows 10 21H2, Windows Server 2016, and Windows 11 25H2 is vulnerable to a null pointer dereference that enables local denial of service attacks. An attacker with local access can trigger the vulnerability without requiring elevated privileges or user interaction to crash the graphics component and render the system unavailable. No patch is currently available for this medium-severity vulnerability.

Microsoft Null Pointer Dereference Denial Of Service Windows 10 21h2 Windows Server 2016 +12
NVD VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-25167 HIGH PATCH This Week

Privilege escalation in Microsoft's Brokering File System on Windows 11 (24h2 and 25h2) stems from a use-after-free vulnerability that allows local attackers to gain elevated system privileges. An attacker with local access can exploit memory corruption to execute arbitrary code with higher privileges, potentially compromising system integrity. No patch is currently available for this vulnerability.

Microsoft Use After Free Denial Of Service Memory Corruption Windows 11 24h2 +3
NVD VulDB
CVSS 3.1
7.4
EPSS
0.0%
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Overlay Filter (WOF) driver allows an authenticated low-privileged user to elevate to SYSTEM by triggering a heap-based buffer overflow (CWE-122). The flaw spans a broad range of client and server SKUs from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 R2 through Server 2025. Microsoft has shipped a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft +16
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Quality Windows Audio/Video Experience (QWAVE) service lets an already-authenticated, low-privileged user elevate to higher privileges by exploiting a use-after-free (CWE-416) memory-corruption condition. The flaw spans a broad range of builds from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. Microsoft has released a patch; there is no public exploit identified at time of analysis, and the CVSS 3.1 base score is 7.0 (AV:L/AC:H/PR:L).

Use After Free Memory Corruption Denial Of Service +19
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Hyper-V (CWE-416 use-after-free) allows an authenticated attacker already running low-privileged code on an affected host to elevate to higher privileges, with full confidentiality, integrity, and availability impact. Reported by Microsoft and affecting a broad range of Windows 10, Windows 11, and Windows Server builds including Server 2019/2022/2025. No public exploit identified at time of analysis, and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service +12
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Denial of service in Microsoft Active Directory Federation Services (AD FS) allows a remote, unauthenticated attacker to crash the service by triggering a stack-based buffer overflow over the network (CVSS 7.5, availability-only impact). Because AD FS brokers single sign-on and federated authentication, a successful attack can knock out login for every downstream application that relies on it. No public exploit has been identified at time of analysis, and it is not listed in CISA KEV.

Buffer Overflow Stack Overflow Windows 10 Version 1607 +17
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Denial of service in Microsoft Active Directory Federation Services (AD FS) lets a remote, unauthenticated attacker crash the service by triggering a stack-based buffer overflow (CWE-121) over the network. The flaw affects AD FS as shipped across a broad range of Windows client and server builds (Windows 10/11 and Windows Server 2012 through 2025). Microsoft - the reporting party - has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Buffer Overflow Stack Overflow Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows App Store component (Windows 10 1607 through Windows 11 26H1, and Windows Server 2016 through 2025) allows an authorized low-privileged attacker to win a race condition on an improperly synchronized shared resource and gain higher privileges. Exploitation is local-only and high-complexity because it depends on reliably hitting a narrow timing window, and no public exploit has been identified at time of analysis. A vendor patch is available via Microsoft's MSRC update guide.

Microsoft Race Condition Information Disclosure +14
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows TCP/IP allows an authorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure +18
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Missing authentication for critical function in Microsoft Windows DNS allows an authorized attacker to perform tampering locally.

Authentication Bypass Microsoft Windows 10 Version 1809 +10
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Exploit Unlikely Act Now

Remote code execution in the Microsoft Windows FTP Service allows an unauthenticated network attacker to run arbitrary code by triggering a heap-based buffer overflow (CWE-122). The flaw affects the FTP service across a broad range of Windows 10, Windows 11, and Windows Server (2019/2022/2025) builds and carries a critical CVSS 9.8 rating with no authentication or user interaction required. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the unauthenticated, network-reachable nature of the bug makes it a high-priority patch target.

Heap Overflow Buffer Overflow Microsoft +13
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows DNS lets an already-authenticated, low-privileged attacker corrupt heap memory to gain higher (likely SYSTEM) privileges on affected Windows 10, Windows 11, and Windows Server 2022/2025 systems. The flaw is a heap-based buffer overflow (CWE-122) reported by Microsoft itself, with a vendor patch available via MSRC. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, so it currently represents a patch-priority rather than an emergency.

Heap Overflow Buffer Overflow Microsoft +8
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows WalletService allows an authenticated low-privileged attacker to gain SYSTEM-level rights on the host, per CVSS:3.1 AV:L/AC:L/PR:L (7.8, High). The flaw stems from improper privilege management (CWE-269) in the WalletService component and affects a broad range of Windows client and server builds. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but a vendor patch from Microsoft is available.

Microsoft Privilege Escalation Windows 10 Version 1607 +13
NVD
EPSS 0% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Local privilege elevation in the Windows Speech component (Text-to-Speech / speech runtime) affects a broad range of Windows 10, Windows 11, and Windows Server releases, where a use-after-free (CWE-416) lets an already-authenticated local user corrupt memory to run code at higher privilege. Exploitation is non-trivial - it requires local access, low-level authentication, user interaction, and winning a memory-timing condition - and the CVSS 7.5 rating reflects a scope-changed, high-impact outcome. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV, so this is a patch-on-cycle EoP rather than an emergency.

Use After Free Memory Corruption Denial Of Service +15
NVD
EPSS 3% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Windows StateRepository API lets an already-authenticated low-privileged user gain higher (typically SYSTEM-level) privileges due to insufficiently granular access control (CWE-1220). It affects a broad range of currently supported Windows client and server builds (Windows 10 1809 through Windows 11 26H1, and Windows Server 2019/2022/2025). The flaw was reported by Microsoft, a vendor patch is available, and there is no public exploit identified at time of analysis (not listed in CISA KEV).

Microsoft Information Disclosure Windows 10 Version 1809 +10
NVD
EPSS 0% CVSS 8.0
HIGH PATCH Exploit Unlikely This Week

Remote code execution in the Windows Server 2025 DNS Server role allows a privileged, authenticated attacker to run arbitrary code over the network by triggering a use-after-free (CWE-416) memory-corruption condition. The flaw carries a CVSS 8.0 rating with a changed scope, meaning successful exploitation can affect resources beyond the vulnerable component. Microsoft has issued a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service +2
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH Exploit Unlikely This Month

Integer overflow or wraparound in Windows Storage Spaces Direct allows an unauthorized attacker to elevate privileges with a physical attack.

Buffer Overflow Microsoft Integer Overflow +14
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH Exploit Unlikely This Month

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

Use After Free Memory Corruption Denial Of Service +12
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Printer Drivers on Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 allows an authenticated local attacker to gain SYSTEM-level privileges by triggering a use-after-free memory-corruption condition. The flaw grants full confidentiality, integrity, and availability impact (C:H/I:H/A:H) once low-level local access is obtained. Reported by Microsoft with a patch available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service +6
NVD
EPSS 0% CVSS 7.1
HIGH PATCH Exploit Unlikely This Week

Local information disclosure in the Microsoft Windows App Store (Store/AppX component) affects a broad range of Windows 10, Windows 11, and Windows Server releases (1607 through 26H1, Server 2016/2019/2022/2025). An authorized local attacker can leverage a use of uninitialized resource (CWE-908) to read memory contents that should not be exposed, with CVSS 7.1 reflecting high confidentiality impact but requiring low-privileged authenticated local access. There is no public exploit identified at time of analysis, it is not listed in CISA KEV, and Microsoft has released a patch via the MSRC update guide.

Microsoft Information Disclosure Windows 10 Version 1607 +13
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Remote code execution in Microsoft Active Directory Domain Services (AD DS) allows an unauthenticated network attacker to corrupt heap memory and run arbitrary code on affected domain controllers. The flaw (CVE-2026-49164, CVSS 8.1) spans a broad range of Windows client and server builds from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025, with full confidentiality, integrity, and availability impact. Microsoft has released a patch; there is no public exploit identified at time of analysis, and the high attack complexity (AC:H) tempers the practical exploitation likelihood.

Heap Overflow Buffer Overflow Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Brokering File System (bfs.sys/Bfs component) affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 (including Server Core), where a use-after-free (CWE-416) lets an already-authenticated local attacker corrupt kernel/broker memory to gain SYSTEM-level privileges. Exploitation requires low privileges but high attack complexity, and there is no public exploit identified at time of analysis. Microsoft has released a patch via its MSRC update guide.

Use After Free Memory Corruption Denial Of Service +6
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows App Installer (the AppX/MSIX deployment component) lets a low-privileged but authenticated user corrupt memory via a use-after-free (CWE-416) and gain higher privileges on the host. The flaw affects Windows 11 (23H2, 24H2, 25H2, 26H1) and Windows Server 2025, was reported by Microsoft, and has a vendor patch available. There is no public exploit identified at time of analysis and it is not on CISA KEV, though the CVSS 7.0 rating and full C/I/A impact make it a meaningful patch-cycle priority.

Use After Free Memory Corruption Denial Of Service +7
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows App Installer (App Installer / MSIX handler) on Windows 11 (23H2 through 26H1) and Windows Server 2025 lets an already-authenticated local attacker win a timing race to elevate to higher privileges. The flaw stems from improper synchronization of a shared resource during concurrent execution, and Microsoft has released a patch. No public exploit identified at time of analysis, and it is not listed in CISA KEV.

Microsoft Race Condition Information Disclosure +6
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Remote code execution in the Microsoft ODBC Driver for SQL Server (shipped across Windows 10, Windows 11, and Windows Server 2012 through 2025) stems from a heap-based buffer overflow that lets an attacker run arbitrary code over the network. The supplied CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N) scores it 9.8 and marks it unauthenticated, though as a database driver flaw the realistic trigger is a client connecting to a malicious or compromised SQL Server endpoint. There is no public exploit identified at time of analysis and no CISA KEV listing, so this is a high-severity but not yet actively-exploited issue.

Heap Overflow Buffer Overflow Windows 10 Version 1607 +18
NVD
EPSS 0% CVSS 8.0
HIGH PATCH Exploit Unlikely This Week

Remote code execution in the Windows Bluetooth Port Driver lets an adjacent, unauthenticated attacker corrupt heap memory to run arbitrary code on the target after minimal user interaction. The flaw (CWE-122 heap-based buffer overflow) affects a broad range of client and server SKUs from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through 2025, with full confidentiality, integrity, and availability impact (CVSS 8.0). There is no public exploit identified at time of analysis, but a vendor patch is available from Microsoft.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Privilege elevation in the Windows App Store component affects a broad range of Microsoft Windows client and server releases (Windows 10 1607 through Windows 11 26H1, and Windows Server 2016 through 2025), where a race condition (CWE-362) lets an unauthorized attacker win a timing window to gain elevated privileges over a network. The CVSS 3.1 score is 8.1 with a network vector and no authentication (PR:N), but high attack complexity (AC:H) reflects the difficulty of reliably winning the race. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; a vendor patch is available from Microsoft.

Authentication Bypass Microsoft Race Condition +14
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Cleartext transmission of sensitive information in Windows Ancillary Function Driver for WinSock allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 +18
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Media allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1809 +10
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Secure Kernel Mode (SKM/VTL1) allows an already-authenticated attacker to elevate to higher privileges on affected Windows 10, Windows 11 (through 26H1), and Windows Server 2016-2025 systems. The flaw stems from improper consistency validation of input crossing the trust boundary into the isolated secure kernel (CWE-1288), yielding full confidentiality, integrity, and availability impact on the local host. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Microsoft Information Disclosure Windows 10 Version 1607 +14
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH Exploit Likely This Month

BitLocker's protection mechanism on Windows fails to enforce a critical authentication or verification step, permitting a physically present attacker to bypass full-disk encryption without credentials, a recovery key, or elevated privileges. Despite a CVSS score of 6.8 (Medium) - moderated by the physical access requirement - the impact ratings are High across confidentiality, integrity, and availability, meaning successful exploitation grants complete access to encrypted data and the underlying system. No public exploit has been identified at time of analysis, and Microsoft has released a patch via the MSRC update guide.

Authentication Bypass Microsoft Windows 10 1607 +12
NVD VulDB
EPSS 0% CVSS 7.9
HIGH PATCH Exploit Unlikely This Week

Security feature bypass in Windows Secure Boot enables a local high-privileged attacker to defeat the platform's boot-time integrity protections, achieving high confidentiality and integrity impact across a changed security scope. The flaw stems from a protection mechanism failure (CWE-284, Improper Access Control) that undermines the trust boundary Secure Boot is designed to enforce. At the time of analysis, no public exploit has been identified and the issue is not listed in CISA KEV, but the scope-changed CVSS of 7.9 reflects the severity of subverting a root-of-trust security control.

Authentication Bypass Microsoft Windows 10 1607 +12
NVD VulDB
EPSS 0% CVSS 7.9
HIGH PATCH Exploit Unlikely This Week

Security feature bypass in Windows Secure Boot allows a high-privileged local attacker to circumvent the boot integrity protection mechanism, undermining trust in the Windows boot chain. The flaw (CWE-1329, reliance on a component that is not updateable) carries a CVSS 7.9 rating due to scope change and high impact on confidentiality and integrity, and no public exploit has been identified at time of analysis. Successful exploitation could enable pre-OS persistence such as bootkits, defeating a foundational Windows security control.

Authentication Bypass Microsoft Windows 10 1607 +12
NVD VulDB
EPSS 0% CVSS 7.9
HIGH PATCH Exploit Unlikely This Week

Secure Boot bypass in Microsoft Windows allows an authorized local attacker with high privileges to defeat the platform's protection mechanism and tamper with the pre-OS boot chain. The CVSS 7.9 score reflects a scope-changing impact on confidentiality and integrity from a local vector, and no public exploit identified at time of analysis. The single MSRC reference indicates a Microsoft-tracked issue that primarily threatens code-integrity and boot-trust guarantees rather than runtime availability.

Authentication Bypass Microsoft Windows 10 1607 +12
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft Remote Desktop Client is possible via a heap-based buffer overflow that an unauthenticated remote attacker can trigger when a user is convinced to connect to a malicious RDP server. The flaw is rated CVSS 7.5 (High) with attack complexity High and required user interaction, and no public exploit identified at time of analysis. The CWE-416 classification combined with the vendor's tags points to a use-after-free condition reachable through crafted RDP server responses.

Buffer Overflow Memory Corruption Use After Free +10
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote code execution in Microsoft Remote Desktop Client is possible when a victim connects to an attacker-controlled or compromised RDP server, triggering a heap-based buffer overflow that leads to arbitrary code execution on the client machine. The flaw is unauthenticated from the server side but requires user interaction and high attack complexity, and no public exploit identified at time of analysis. CVSS is rated 7.5 (High) with confidentiality, integrity, and availability impact.

Use After Free Memory Corruption Buffer Overflow +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Microsoft Remote Desktop Client occurs when a user connects to an attacker-controlled RDP server, allowing the server to corrupt heap memory and execute arbitrary code on the client endpoint. The flaw carries a CVSS 8.8 (High) rating reflecting network reach with required user interaction, and no public exploit is identified at time of analysis. The attack pivots the traditional RDP threat model - attackers compromise clients that initiate outbound connections rather than exposed servers.

Use After Free Memory Corruption Buffer Overflow +13
NVD VulDB
EPSS 0% CVSS 8.2
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows Hyper-V stems from an out-of-bounds read condition (CWE-122 heap-based buffer overflow) that an attacker with high privileges on a guest or host context can leverage to break confidentiality, integrity, and availability boundaries. The CVSS 8.2 score is elevated by a scope change (S:C), indicating the flaw enables crossing the hypervisor isolation boundary. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Heap Overflow Microsoft Buffer Overflow +6
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Heap-based buffer overflow in Microsoft Remote Desktop Client enables remote code execution when a user connects to a malicious RDP server, with the attacker gaining the same privileges as the connecting user. The CVSS 8.8 score reflects network-reachable exploitation requiring only minimal user interaction (initiating an RDP session), and no public exploit has been identified at time of analysis. The flaw is reported by Microsoft Security Response Center (secure@microsoft.com) and is categorized as CWE-122 heap-based buffer overflow.

Heap Overflow Buffer Overflow Windows App +13
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH Exploit Likely This Month

Security feature bypass in Microsoft Windows BitLocker allows an attacker with physical access to circumvent the drive encryption protection mechanism. Affected systems can have BitLocker-protected data accessed despite the encryption-at-rest control being enabled, undermining a core platform confidentiality boundary. There is no public exploit identified at time of analysis, but the vulnerability is reported by Microsoft (secure@microsoft.com) as a protection mechanism failure with high impact across confidentiality, integrity, and availability.

Authentication Bypass Microsoft Windows 10 1607 +12
NVD VulDB
EPSS 0% CVSS 7.9
HIGH PATCH Exploit Unlikely This Week

Secure Boot bypass on Microsoft Windows allows an authorized local attacker with high privileges to defeat a platform integrity protection mechanism, leading to compromise of confidentiality and integrity outside the original security boundary. The scope-changed CVSS 7.9 rating reflects that successful exploitation breaks out of the Secure Boot trust domain, though no public exploit is identified at time of analysis and the issue is not listed in CISA KEV. Microsoft (secure@microsoft.com) issued the advisory via MSRC, and the weakness is classified as improper access control (CWE-284).

Authentication Bypass Microsoft Windows 11 24h2 +3
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege escalation in Microsoft Windows Kernel allows an authenticated low-privilege attacker to elevate to SYSTEM by triggering a use-after-free condition in kernel memory. The flaw carries a CVSS 7.0 rating with high attack complexity, and no public exploit identified at time of analysis. Exploitation requires a race condition or specific timing to be won, which constrains reliable weaponization but does not eliminate the risk on multi-user or shared Windows hosts.

Denial Of Service Heap Overflow Microsoft +14
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows Hyper-V allows an authenticated attacker on a guest or host to escape sandbox boundaries by triggering an out-of-bounds read condition (CWE-843, type confusion) in the hypervisor. The flaw affects Windows 10 (21H2/22H2), Windows 11 (23H2/24H2/25H2/26H1), and Windows Server 2022/2025, with a vendor-released patch available and no public exploit identified at time of analysis. EPSS scoring of 0.15% and SSVC exploitation status of 'none' suggest limited near-term exploitation likelihood despite total technical impact potential.

Microsoft Memory Corruption Buffer Overflow +8
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Information disclosure in Microsoft Windows Remote Desktop Protocol (RDP) allows remote unauthenticated attackers to read out-of-bounds memory over the network, potentially exposing sensitive data from the RDP service process. The flaw is reachable without authentication or user interaction across any exposed RDP endpoint, and no public exploit identified at time of analysis. Microsoft has assigned the issue a CVSS 3.1 score of 7.5 reflecting high confidentiality impact with no integrity or availability effect.

Information Disclosure Microsoft Buffer Overflow +15
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Ancillary Function Driver (AFD.sys) for WinSock allows an authenticated low-privileged user to gain SYSTEM-level access through a use-after-free condition. The flaw was reported by Microsoft (MSRC) and carries a CVSS 7.8 score with high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, though the AFD.sys driver has a long history of similar bugs being weaponized post-disclosure.

Denial Of Service Heap Overflow Microsoft +14
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH Exploit Unlikely This Week

Remote code execution in the Microsoft Windows Universal Plug and Play stack (upnp.dll) allows unauthenticated network attackers to execute arbitrary code on affected hosts by triggering a memory-safety flaw in the UPnP service. The issue carries a CVSS 3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N), reflecting network reachability without credentials but high attack complexity. At time of analysis there is no public exploit identified and the CVE is not listed in CISA KEV.

Denial Of Service Memory Corruption Windows 10 1607 +12
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Out-of-bounds read in the Windows DHCP Server service enables a locally authenticated, low-privileged attacker to disclose contents of process memory on affected systems. The CVSS vector (AV:L/AC:L/PR:L/UI:N) confirms this is a local, low-complexity attack requiring only standard user privileges - no elevated rights or user interaction needed. Exploitation is constrained to hosts where the Windows DHCP Server role is actively installed and running, which significantly limits the attack surface to designated infrastructure servers rather than general workstations. No public exploit code has been identified at time of analysis, and this CVE does not appear in the CISA KEV catalog.

Information Disclosure Microsoft Buffer Overflow +13
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Out-of-bounds read in Windows DHCP Server exposes adjacent memory contents and can crash the service, yielding both information disclosure and a high-severity denial-of-service condition on affected Windows systems. The flaw (CWE-125) is exploitable locally with low attack complexity and no user interaction, targeting systems where the DHCP Server role is installed across a broad range of Windows 10, 11, and Server editions from 2012 through 2025. No public exploit has been identified at time of analysis, and Microsoft has released patched builds via the MSRC update guide (CVE-2026-45608).

Information Disclosure Microsoft Buffer Overflow +13
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Ancillary Function Driver for WinSock (afd.sys) allows an authenticated low-privileged user to elevate to SYSTEM by winning a race condition that triggers a use-after-free. The flaw is reported by Microsoft (MSRC) and carries CVSS 7.0 with high attack complexity, but no public exploit is identified at time of analysis and it is not listed in CISA KEV.

Denial Of Service Microsoft Race Condition +13
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Exploit Unlikely Act Now

Remote tampering in Microsoft Windows DHCP Server allows unauthenticated network attackers to manipulate critical data with high confidentiality and integrity impact, as reflected by the 9.1 CVSS score. The vulnerability is reachable over the network without privileges or user interaction, and no public exploit identified at time of analysis. The combination of authentication bypass tagging and DHCP's role as a core network infrastructure service makes this a high-priority issue for any Windows environment running the DHCP Server role.

Authentication Bypass Microsoft Windows 10 1607 +12
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Ancillary Function Driver for WinSock (AFD.sys) allows an authenticated low-privileged attacker to win a race condition and gain SYSTEM-level execution. The flaw is a use-after-free triggered through concurrent WinSock operations, and at time of analysis no public exploit has been identified and the CVE is not on the CISA KEV list.

Denial Of Service Microsoft Race Condition +13
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Ancillary Function Driver for WinSock (afd.sys) allows an authenticated low-privileged user to win a race condition and trigger a use-after-free, enabling code execution at kernel level. No public exploit identified at time of analysis, but AFD.sys has a long history of being a preferred LPE target and Microsoft has marked the issue as important. EPSS data was not provided in the source feed.

Denial Of Service Microsoft Race Condition +13
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Likely Act Now

Local code execution in Microsoft Windows Win32K GRFX (graphics) subsystem allows an attacker with low-privilege local access to run arbitrary code by triggering an integer overflow, after coaxing a user into interacting with a crafted graphics object. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, though Win32K bugs historically attract rapid exploit development for privilege escalation in post-compromise chains.

Microsoft Integer Overflow Buffer Overflow +16
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Likely Act Now

Local code execution in the Windows Win32K GRFX (graphics) subsystem allows an unauthorized attacker with the ability to run code locally to escalate privileges through an integer overflow. The flaw was reported by Microsoft (MSRC) and carries a CVSS 7.8, but requires user interaction (UI:R) and local access (AV:L), and no public exploit identified at time of analysis.

Microsoft Integer Overflow Buffer Overflow +16
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Desktop Window Manager (DWM) Core Library allows an authenticated low-privilege attacker to gain higher privileges through a use-after-free memory corruption flaw. The vulnerability carries a CVSS score of 7.8 with high impact across confidentiality, integrity, and availability, and no public exploit identified at time of analysis. Successful exploitation typically yields SYSTEM-level code execution on the affected Windows host.

Microsoft Use After Free Memory Corruption +11
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft Remote Desktop Client is possible when a victim connects to an attacker-controlled RDP server, where a heap-based buffer overflow (linked to use-after-free memory corruption per vendor tags) enables arbitrary code execution on the client machine. The CVSS 7.5 score reflects high attack complexity and required user interaction, and no public exploit identified at time of analysis. SSVC assessment from CISA rates exploitation as 'none' and automatable as 'no', though technical impact is total.

Use After Free Memory Corruption Buffer Overflow +15
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft Remote Desktop Client arises from a heap-based buffer overflow (CWE-122) that an unauthenticated network attacker can trigger when a victim connects to or interacts with a malicious server. Microsoft (secure@microsoft.com) is the originating reporter and has published an advisory in the MSRC update guide, with no public exploit identified at time of analysis. The CVSS 7.5 (High) rating reflects high attack complexity and required user interaction, but successful exploitation yields full confidentiality, integrity, and availability impact on the client host.

Heap Overflow Buffer Overflow Remote Desktop Client +14
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft Remote Desktop Client is possible when a user is lured into connecting to an attacker-controlled RDP server, where a heap-based buffer overflow (CWE-122) can be triggered to run arbitrary code on the client machine. The flaw was reported by Microsoft (secure@microsoft.com) and carries a CVSS 3.1 score of 7.5, reflecting high attack complexity and the requirement for user interaction. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Heap Overflow Buffer Overflow Windows 10 21h2 +7
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft Remote Desktop Client is possible when a user is enticed to connect to an attacker-controlled RDP server, triggering a heap-based buffer overflow (CWE-122). The flaw scores CVSS 7.5 (AV:N/AC:H/PR:N/UI:R) and, while no public exploit is identified at time of analysis, the network-reachable nature and full CIA impact make it a meaningful client-side risk for users connecting to untrusted endpoints.

Buffer Overflow Heap Overflow Windows App +12
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Microsoft Graphics Component allows an authenticated low-privileged attacker to gain elevated rights via a use-after-free memory corruption flaw (CWE-416). The issue carries a CVSS 7.8 (High) rating with full confidentiality, integrity, and availability impact on the affected host. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Microsoft Denial Of Service Memory Corruption +14
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH Exploit Likely This Week

Remote code execution in Microsoft Remote Desktop Client is possible when a victim connects to an attacker-controlled or compromised RDP server, triggering a heap-based buffer overflow that runs attacker code in the client's context. The flaw (CWE-416 use-after-free / heap corruption) carries CVSS 8.8 and requires user interaction, with no public exploit identified at time of analysis. A vendor patch is available via Microsoft MSRC.

Use After Free Memory Corruption Buffer Overflow +15
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft Windows Performance Monitor (PerfMon) allows unauthenticated network-based attackers to execute arbitrary code by triggering an integer underflow condition. The flaw carries a CVSS 3.1 score of 8.1 driven by high impact across confidentiality, integrity, and availability, though high attack complexity (AC:H) tempers exploitability. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, but Microsoft has released a patch via MSRC guidance.

Authentication Bypass Microsoft Integer Overflow +6
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Windows Push Notifications contains a use-of-uninitialized-resource flaw (CWE-200) that enables a locally authenticated attacker to read sensitive information from memory without elevation of privilege. Affecting a wide range of Windows 10, Windows 11, and Windows Server builds, the vulnerability requires only low-privilege local access and no user interaction to trigger. No public exploit code has been identified at time of analysis, and CISA SSVC rates exploitation as none with partial technical impact, placing this in a lower-urgency remediation band despite the High confidentiality rating in the CVSS vector.

Information Disclosure Microsoft Windows 10 1607 +11
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Windows Push Notifications on multiple Windows 10, Windows 11, and Windows Server versions exposes sensitive memory contents through an uninitialized resource condition, allowing a low-privileged local user to read high-confidentiality data without any user interaction. The CVSS vector (AV:L/PR:L) confirms this is strictly a local privilege issue - no remote attack path exists - limiting its practical blast radius to insider threats and post-compromise lateral reconnaissance. No public exploit has been identified at time of analysis, and Microsoft has released patches addressing all listed affected versions.

Information Disclosure Microsoft Windows 10 1607 +11
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Windows Push Notifications contains a use-of-uninitialized-resource flaw (CWE-200) that enables authenticated local attackers to disclose sensitive information across a wide breadth of Microsoft Windows desktop and server platforms. Spanning Windows 10 through Windows 11 25H2 and Windows Server 2012 through Server 2025, the vulnerability carries a CVSS 5.5 Medium score with high confidentiality impact (C:H) but no integrity or availability impact. Microsoft has released patches via the June 2026 Patch Tuesday cycle; no public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Information Disclosure Microsoft Windows 10 1607 +12
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows NT OS Kernel allows an authenticated low-privileged user to elevate to higher privileges through an integer underflow condition. The flaw carries a CVSS 7.8 (High) rating with no public exploit identified at time of analysis, but Microsoft has issued a patch via MSRC. Defenders should treat this as a standard Patch-Tuesday-class kernel EoP that becomes a critical post-compromise pivot once initial access is achieved.

Information Disclosure Microsoft Integer Overflow +13
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Denial-of-service in the Windows TCP/IP stack allows an authenticated attacker on an adjacent network to crash the networking subsystem of affected Windows hosts via an incorrect buffer size calculation. Affected systems span Windows 10 (21H2, 22H2), Windows 11 (23H2 through 26H1), Windows Server 2022, and Windows Server 2025 - all unpatched builds within Microsoft-documented version ranges. No public exploit identified at time of analysis, though Microsoft has released fixes addressable via Windows Update; the vulnerability is not listed in the CISA KEV catalog.

Information Disclosure Microsoft Windows 10 21h2 +7
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH Exploit Unlikely This Month

Windows Kerberos out-of-bounds read (CWE-125) allows a low-privilege network attacker to crash the Kerberos authentication service across all actively supported Windows client and server platforms, from Windows Server 2012 through Windows Server 2025 and Windows 11 26H1. The attack requires prior domain authentication and high-complexity triggering conditions (CVSS AC:H), limiting opportunistic mass exploitation, though a successful attack against a domain controller can deny authentication domain-wide by crashing the KDC. Vendor patches are available via the Microsoft MSRC advisory; no public exploit code exists and SSVC confirms no observed exploitation at time of analysis.

Denial Of Service Information Disclosure Microsoft +14
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote code execution in Microsoft Remote Desktop Client is possible when a user connects to an attacker-controlled RDP server, where a heap-based buffer overflow triggered by a race condition (CWE-362) allows arbitrary code execution on the client machine. The flaw carries a CVSS 7.5 (High) rating with high attack complexity and required user interaction, and no public exploit identified at time of analysis. Microsoft has released a patch via MSRC advisory CVE-2026-42913.

Race Condition Buffer Overflow Remote Desktop Client +6
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote code execution in Microsoft Remote Desktop Client is possible when a user connects to an attacker-controlled or compromised RDP endpoint, where a race condition (CWE-362) can be triggered to corrupt heap memory and execute arbitrary code in the client process. The flaw is unauthenticated from the network attacker's perspective but requires user interaction to initiate the connection, and no public exploit has been identified at time of analysis.

Race Condition Buffer Overflow Remote Desktop Client +14
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH Exploit Unlikely This Month

Information disclosure in Windows Shell exposes sensitive data to authenticated low-privileged attackers, with a confirmed vendor patch available. The vulnerability stems from CWE-200 improper information exposure within the Windows Shell component, allowing confidentiality compromise with no integrity or availability impact. No public exploit code or CISA KEV listing has been identified at time of analysis, but the high confidentiality impact score (C:H) and low attack complexity elevate practical concern for environments where lateral movement or credential harvesting are threat vectors.

Information Disclosure Microsoft Windows 10 1809 +9
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Projected File System (ProjFS) Filter Driver allows an authenticated low-privileged user on a Windows host to escalate to higher privileges by triggering a buffer over-read in the kernel-mode driver. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but the CVSS 7.8 with low attack complexity and no user interaction makes it an attractive post-compromise target for endpoint operators.

Information Disclosure Microsoft Buffer Overflow +10
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.

Microsoft Information Disclosure Windows 11 Version 24H2 +4
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Local privilege escalation in Windows Kernel across Windows 10, Windows 11 (versions 22H3 through 26H1), and Windows Server 2022 allows authenticated local attackers to gain SYSTEM-level privileges through heap corruption. Microsoft has released patches addressing this CWE-122 heap-based buffer overflow. EPSS data not available for risk quantification, and no CISA KEV listing indicates exploitation has not been publicly confirmed, though the vulnerability's low attack complexity (AC:L) and minimal prerequisites (PR:L) make it attractive for post-compromise privilege escalation in targeted attacks.

Heap Overflow Microsoft Buffer Overflow +11
NVD VulDB
EPSS 0% CVSS 8.0
HIGH POC PATCH This Week

Remote code execution in Windows RRAS across Server 2016, 2022, and 2025 via an integer overflow vulnerability allows authenticated attackers to execute arbitrary code over the network with high privileges. Public exploit code exists for this vulnerability, and no patch is currently available. Authenticated users with network access can trigger the vulnerability through a simple interaction to gain complete system compromise.

Buffer Overflow Heap Overflow Microsoft +6
NVD VulDB GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Untrusted search path in Windows GDI allows an unauthorized attacker to execute code locally. [CVSS 7.8 HIGH]

Authentication Bypass Microsoft Windows Server 2022 23h2 +14
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Privilege escalation in Windows Telephony Service through heap buffer overflow affects Windows 10 1607, Windows 11 25h2, and Windows Server 2012, allowing adjacent network attackers to gain elevated system access without authentication. The vulnerability has a high CVSS score of 8.8 but currently lacks a patch, creating significant risk for exposed systems. Exploitation requires network proximity but no user interaction.

Buffer Overflow Heap Overflow Microsoft +15
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Unauthorized disclosure of sensitive information in Windows Accessibility Infrastructure (ATBroker.exe) affects Windows Server 2019, 2025, Windows 10 22h2, and Windows 11 25h2, allowing local authenticated attackers to read confidential data. The vulnerability requires user privileges and local access but poses no risk to system integrity or availability. No patch is currently available for this issue.

Information Disclosure Microsoft Windows Server 2019 +14
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Windows Shell Link Processing leaks sensitive information over the network in Windows Server 2012, 2019, and 2022, enabling remote spoofing attacks without authentication or user interaction. An unauthenticated attacker can exploit this information disclosure to conduct spoofing attacks against affected systems. No patch is currently available.

Information Disclosure Microsoft Windows Server 2022 23h2 +14
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Information disclosure in Windows GDI+ affects Windows 11 (24h2, 25h2) and Windows Server 2012/2016, allowing unauthenticated attackers to read sensitive data remotely through an out-of-bounds memory access vulnerability. The flaw requires no user interaction and can be exploited over the network to compromise confidentiality without modifying system data or availability. No patch is currently available for this high-severity vulnerability.

Information Disclosure Buffer Overflow Microsoft +15
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Windows Ancillary Function Driver for WinSock in Windows Server 2025, 2022, and Windows 10 1809 contains insufficient input validation that allows authenticated local users to escalate privileges. An attacker with local access and valid credentials can exploit this vulnerability to gain elevated system permissions, though no patch is currently available. This HIGH severity vulnerability affects multiple Windows Server and client versions with no active exploit mitigation path.

Information Disclosure Microsoft Windows Server 2025 +14
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Windows Ancillary Function Driver for WinSock (AFD) in Windows 11 versions 24h2 and 26h1 contains a use-after-free vulnerability (CWE-416) that allows authenticated local attackers to escalate privileges through memory corruption. An attacker with local access could exploit this flaw to gain elevated system permissions, though no official patch is currently available.

Use After Free Microsoft Denial Of Service +16
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Privilege escalation in Windows Active Directory Domain Services (AD DS) across Windows 11, Windows 10, and Windows Server platforms allows authenticated network attackers to gain elevated privileges by exploiting improper validation of resource naming restrictions. An attacker with valid domain credentials can leverage this vulnerability to escalate their access level without user interaction. Currently, no patch is available, leaving all affected Windows versions vulnerable.

Information Disclosure Windows 11 23h2 Windows 11 26h1 +13
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Windows Ancillary Function Driver for WinSock in Windows 10 (all versions) and Windows 11 contains an access control weakness that enables authenticated local attackers to escalate privileges to system level. An attacker with standard user credentials can exploit this flaw to gain elevated rights on affected systems. No patch is currently available for this vulnerability.

Authentication Bypass Microsoft Windows 10 22h2 +14
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Windows Extensible File Allocation (exFAT) contains an out-of-bounds read vulnerability affecting Windows Server 2022, Windows 10 1607, and Windows 11 versions 23h2/25h2, enabling authenticated local users to escalate privileges with high impact on confidentiality, integrity, and availability. The vulnerability requires local access and user-level privileges to exploit, with no patch currently available. This flaw carries a CVSS score of 7.8 and affects multiple supported Windows versions across server and client platforms.

Information Disclosure Buffer Overflow Microsoft +15
NVD VulDB
EPSS 0% CVSS 8.0
HIGH POC PATCH This Week

Remote code execution in Windows RRAS affects Windows 10 1607 and Windows Server 2022 23h2 through an integer overflow vulnerability exploitable by authenticated network attackers. Public exploit code exists for this vulnerability, enabling authenticated users to execute arbitrary code with high integrity and confidentiality impact. No patch is currently available, making this a critical exposure for affected Windows environments.

Microsoft Buffer Overflow Heap Overflow +15
NVD VulDB GitHub
EPSS 0% CVSS 8.0
HIGH POC PATCH This Week

Remote code execution in Windows Routing and Remote Access Service (RRAS) across Windows Server 2012, 2022, and 2022 23h2 stems from an integer overflow vulnerability that authenticated network attackers can exploit with user interaction. Public exploit code exists for this vulnerability, enabling attackers to achieve arbitrary code execution with high impact on confidentiality, integrity, and availability. No patch is currently available.

Microsoft Buffer Overflow Heap Overflow +7
NVD VulDB GitHub
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Privilege escalation in Windows Authentication Methods (Windows 10 22H2, Windows 11 26H1) stems from a use-after-free memory vulnerability that allows authenticated local attackers to gain elevated system privileges. The flaw requires low user privileges and manual interaction but provides complete system compromise through code execution. No patch is currently available for this high-severity vulnerability.

Use After Free Microsoft Denial Of Service +16
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Use after free in Windows Hyper-V allows an authorized attacker to elevate privileges locally. [CVSS 7.0 HIGH]

Use After Free Microsoft Denial Of Service +9
NVD VulDB
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

A division by zero flaw in the Microsoft Graphics Component on Windows 10 and Windows 11 systems enables local attackers to trigger a denial of service condition without requiring special privileges or user interaction. The vulnerability affects multiple Windows versions including Windows 10 1607, 22h2 and Windows 11 25h2, 26h1, with no patch currently available.

Microsoft Authentication Bypass Windows 10 1607 +13
NVD VulDB
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Microsoft Graphics Component on Windows 10 21H2, Windows Server 2016, and Windows 11 25H2 is vulnerable to a null pointer dereference that enables local denial of service attacks. An attacker with local access can trigger the vulnerability without requiring elevated privileges or user interaction to crash the graphics component and render the system unavailable. No patch is currently available for this medium-severity vulnerability.

Microsoft Null Pointer Dereference Denial Of Service +14
NVD VulDB
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Privilege escalation in Microsoft's Brokering File System on Windows 11 (24h2 and 25h2) stems from a use-after-free vulnerability that allows local attackers to gain elevated system privileges. An attacker with local access can exploit memory corruption to execute arbitrary code with higher privileges, potentially compromising system integrity. No patch is currently available for this vulnerability.

Microsoft Use After Free Denial Of Service +5
NVD VulDB
Prev Page 5 of 14 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy