Total CVEs

132,098

Critical Severity

2,824

High Severity

10,104

Last 7 Days

1,584
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 3,261 - 3,280 of 28,503 CVEs
CVE-2026-41100 MEDIUM - 4.4

Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.

Vendor: microsoft
Product: 365_copilot
Published: May 12, 2026
Source: NVD
CVE-2026-41097 MEDIUM - 6.7

Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

Vendor: microsoft
Product: windows_10_1809
Published: May 12, 2026
Source: NVD
CVE-2026-41096 CRITICAL - 9.8

Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.

Vendor: microsoft
Product: windows_11_23h2
Published: May 12, 2026
Source: NVD
CVE-2026-41095 HIGH - 7.8

Use after free in Data Deduplication allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_server_2012
Published: May 12, 2026
Source: NVD
CVE-2026-41094 HIGH - 8.8

Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network.

Vendor: microsoft
Product: data_formulator
Published: May 12, 2026
Source: NVD
CVE-2026-41089 CRITICAL - 9.8

Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.

Vendor: microsoft
Product: windows_server_2012
Published: May 12, 2026
Source: NVD
CVE-2026-41088 HIGH - 7.8

External control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_21h2
Published: May 12, 2026
Source: NVD
CVE-2026-41086 HIGH - 8.8

Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

Vendor: microsoft
Product: windows_admin_center
Published: May 12, 2026
Source: NVD
CVE-2026-40421 MEDIUM - 4.3

External control of file name or path in Microsoft Office Word allows an unauthorized attacker to disclose information over a network.

Vendor: microsoft
Product: 365_apps
Published: May 12, 2026
Source: NVD
CVE-2026-40420 HIGH - 8.8

Improper access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: 365_apps
Published: May 12, 2026
Source: NVD
CVE-2026-40419 HIGH - 7.8

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: 365_apps
Published: May 12, 2026
Source: NVD
CVE-2026-40418 HIGH - 7.8

Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: 365_apps
Published: May 12, 2026
Source: NVD
CVE-2026-40417 HIGH - 7.8

Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally.

Published: May 12, 2026
Source: NVD
CVE-2026-40416 MEDIUM - 4.3

User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Vendor: microsoft
Product: edge_chromium
Published: May 12, 2026
Source: NVD
CVE-2026-40415 HIGH - 8.1

Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.

Vendor: microsoft
Product: windows_10_1809
Published: May 12, 2026
Source: NVD
CVE-2026-40414 HIGH - 7.4

Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.

Vendor: microsoft
Product: windows_10_1607
Published: May 12, 2026
Source: NVD
CVE-2026-40413 HIGH - 7.4

Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.

Vendor: microsoft
Product: windows_10_1607
Published: May 12, 2026
Source: NVD
CVE-2026-40410 HIGH - 7.0

Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: May 12, 2026
Source: NVD
CVE-2026-40408 HIGH - 7.8

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: May 12, 2026
Source: NVD
CVE-2026-40407 HIGH - 7.8

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: May 12, 2026
Source: NVD