Total CVEs

131,648

Critical Severity

2,801

High Severity

10,044

Last 7 Days

1,241
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 2,901 - 2,920 of 28,053 CVEs
CVE-2026-34336 HIGH - 7.8

Buffer over-read in Windows DWM Core Library allows an authorized attacker to disclose information locally.

Vendor: microsoft
Product: windows_10_1607
Published: May 12, 2026
Source: NVD
CVE-2026-34334 HIGH - 7.8

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: May 12, 2026
Source: NVD
CVE-2026-34333 HIGH - 7.8

Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: May 12, 2026
Source: NVD
CVE-2026-34332 HIGH - 8.0

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network.

Vendor: microsoft
Product: windows_server_2025
Published: May 12, 2026
Source: NVD
CVE-2026-34331 HIGH - 7.0

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: May 12, 2026
Source: NVD
CVE-2026-34330 HIGH - 7.8

Integer overflow or wraparound in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: May 12, 2026
Source: NVD
CVE-2026-34329 HIGH - 8.8

Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network.

Vendor: microsoft
Product: windows_10_1607
Published: May 12, 2026
Source: NVD
CVE-2026-33841 HIGH - 7.8

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_21h2
Published: May 12, 2026
Source: NVD
CVE-2026-33840 HIGH - 7.8

Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_11_24h2
Published: May 12, 2026
Source: NVD
CVE-2026-33839 HIGH - 7.0

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1809
Published: May 12, 2026
Source: NVD
CVE-2026-33838 HIGH - 7.8

Double free in Windows Message Queuing allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: May 12, 2026
Source: NVD
CVE-2026-33837 HIGH - 7.8

Heap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: May 12, 2026
Source: NVD
CVE-2026-33835 HIGH - 7.8

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1809
Published: May 12, 2026
Source: NVD
CVE-2026-33834 HIGH - 7.8

Improper access control in Windows Event Logging Service allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: May 12, 2026
Source: NVD
CVE-2026-33833 HIGH - 8.2

Improper neutralization of special elements in output used by a downstream component ('injection') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.

Published: May 12, 2026
Source: NVD
CVE-2026-33821 HIGH - 7.7

Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network.

Vendor: microsoft
Product: dynamics_365_customer_insights
Published: May 12, 2026
Source: NVD
CVE-2026-33117 CRITICAL - 9.1

Improper authentication in Azure SDK allows an unauthorized attacker to bypass a security feature over a network.

Vendor: microsoft
Product: azure_sdk_for_java
Published: May 12, 2026
Source: NVD
CVE-2026-33112 HIGH - 8.8

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Vendor: microsoft
Product: sharepoint_server
Published: May 12, 2026
Source: NVD
CVE-2026-33110 HIGH - 8.8

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Vendor: microsoft
Product: sharepoint_server
Published: May 12, 2026
Source: NVD
CVE-2026-32209 MEDIUM - 4.4

Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally.

Vendor: microsoft
Product: windows_10_1607
Published: May 12, 2026
Source: NVD