Total CVEs

131,648

Critical Severity

2,801

High Severity

10,044

Last 7 Days

1,224
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 2,841 - 2,860 of 28,053 CVEs
CVE-2026-40380 MEDIUM - 6.2

Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack.

Vendor: microsoft
Product: windows_10_1607
Published: May 12, 2026
Source: NVD
CVE-2026-40379 CRITICAL - 9.3

Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized attacker to perform spoofing over a network.

Published: May 12, 2026
Source: NVD
CVE-2026-40377 HIGH - 7.8

Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: May 12, 2026
Source: NVD
CVE-2026-40374 MEDIUM - 6.5

Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network.

Vendor: microsoft
Product: power_automate_for_desktop
Published: May 12, 2026
Source: NVD
CVE-2026-40370 HIGH - 8.8

External control of file name or path in SQL Server allows an authorized attacker to execute code over a network.

Published: May 12, 2026
Source: NVD
CVE-2026-40369 HIGH - 7.8

Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_11_24h2
Published: May 12, 2026
Source: NVD
CVE-2026-40368 HIGH - 8.0

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Vendor: microsoft
Product: sharepoint_server
Published: May 12, 2026
Source: NVD
CVE-2026-40367 HIGH - 8.4

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Vendor: microsoft
Product: 365_apps
Published: May 12, 2026
Source: NVD
CVE-2026-40366 HIGH - 8.4

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Vendor: microsoft
Product: 365_apps
Published: May 12, 2026
Source: NVD
CVE-2026-40365 HIGH - 8.8

Insufficient granularity of access control in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Vendor: microsoft
Product: sharepoint_server
Published: May 12, 2026
Source: NVD
CVE-2026-40364 HIGH - 8.4

Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Vendor: microsoft
Product: 365_apps
Published: May 12, 2026
Source: NVD
CVE-2026-40363 HIGH - 8.4

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Vendor: microsoft
Product: 365_apps
Published: May 12, 2026
Source: NVD
CVE-2026-40362 HIGH - 7.8

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Vendor: microsoft
Product: 365_apps
Published: May 12, 2026
Source: NVD
CVE-2026-40361 HIGH - 8.4

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Vendor: microsoft
Product: 365_apps
Published: May 12, 2026
Source: NVD
CVE-2026-40360 HIGH - 7.8

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Vendor: microsoft
Product: 365_apps
Published: May 12, 2026
Source: NVD
CVE-2026-40359 HIGH - 7.8

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Vendor: microsoft
Product: 365_apps
Published: May 12, 2026
Source: NVD
CVE-2026-40358 HIGH - 8.4

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Vendor: microsoft
Product: 365_apps
Published: May 12, 2026
Source: NVD
CVE-2026-40357 HIGH - 8.8

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Vendor: microsoft
Product: sharepoint_server
Published: May 12, 2026
Source: NVD
CVE-2026-35440 MEDIUM - 5.5

Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

Vendor: microsoft
Product: 365_apps
Published: May 12, 2026
Source: NVD
CVE-2026-35439 HIGH - 8.8

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Vendor: microsoft
Product: sharepoint_server
Published: May 12, 2026
Source: NVD