Total CVEs

132,098

Critical Severity

2,824

High Severity

10,104

Last 7 Days

1,584
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 3,301 - 3,320 of 28,503 CVEs
CVE-2026-40364 HIGH - 8.4

Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Vendor: microsoft
Product: 365_apps
Published: May 12, 2026
Source: NVD
CVE-2026-40363 HIGH - 8.4

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Vendor: microsoft
Product: 365_apps
Published: May 12, 2026
Source: NVD
CVE-2026-40362 HIGH - 7.8

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Vendor: microsoft
Product: 365_apps
Published: May 12, 2026
Source: NVD
CVE-2026-40361 HIGH - 8.4

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Vendor: microsoft
Product: 365_apps
Published: May 12, 2026
Source: NVD
CVE-2026-40360 HIGH - 7.8

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Vendor: microsoft
Product: 365_apps
Published: May 12, 2026
Source: NVD
CVE-2026-40359 HIGH - 7.8

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Vendor: microsoft
Product: 365_apps
Published: May 12, 2026
Source: NVD
CVE-2026-40358 HIGH - 8.4

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Vendor: microsoft
Product: 365_apps
Published: May 12, 2026
Source: NVD
CVE-2026-40357 HIGH - 8.8

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Vendor: microsoft
Product: sharepoint_server
Published: May 12, 2026
Source: NVD
CVE-2026-35440 MEDIUM - 5.5

Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

Vendor: microsoft
Product: 365_apps
Published: May 12, 2026
Source: NVD
CVE-2026-35439 HIGH - 8.8

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Vendor: microsoft
Product: sharepoint_server
Published: May 12, 2026
Source: NVD
CVE-2026-35438 HIGH - 8.3

Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

Published: May 12, 2026
Source: NVD
CVE-2026-35436 HIGH - 8.8

Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: 365_apps
Published: May 12, 2026
Source: NVD
CVE-2026-35433 HIGH - 7.3

Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally.

Vendor: nuget
Product: Microsoft.WindowsDesktop.App.Runtime.win-arm64
Published: May 12, 2026
Source: NVD
CVE-2026-35429 MEDIUM - 4.3

User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.

Vendor: microsoft
Product: edge
Published: May 12, 2026
Source: NVD
CVE-2026-35424 HIGH - 7.5

Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network.

Vendor: microsoft
Product: windows_10_1607
Published: May 12, 2026
Source: NVD
CVE-2026-35423 MEDIUM - 5.4

Out-of-bounds read in Telnet Client allows an unauthorized attacker to disclose information over a network.

Vendor: microsoft
Product: windows_10_1607
Published: May 12, 2026
Source: NVD
CVE-2026-35422 MEDIUM - 6.5

Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized attacker to bypass a security feature over a network.

Vendor: microsoft
Product: windows_10_1607
Published: May 12, 2026
Source: NVD
CVE-2026-35421 HIGH - 7.8

Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally.

Vendor: microsoft
Product: windows_10_1607
Published: May 12, 2026
Source: NVD
CVE-2026-35420 HIGH - 7.8

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_server_2012
Published: May 12, 2026
Source: NVD
CVE-2026-35419 MEDIUM - 5.5

Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.

Vendor: microsoft
Product: windows_11_24h2
Published: May 12, 2026
Source: NVD