Total CVEs

138,502

Critical Severity

3,573

High Severity

12,821

Last 7 Days

2,013
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 3,821 - 3,840 of 12,518 CVEs
CVE-2026-40361 HIGH - 8.4

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Vendor: microsoft
Product: 365_apps
Published: May 12, 2026
Source: NVD
CVE-2026-40360 HIGH - 7.8

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Vendor: microsoft
Product: 365_apps
Published: May 12, 2026
Source: NVD
CVE-2026-40359 HIGH - 7.8

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Vendor: microsoft
Product: 365_apps
Published: May 12, 2026
Source: NVD
CVE-2026-40358 HIGH - 8.4

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Vendor: microsoft
Product: 365_apps
Published: May 12, 2026
Source: NVD
CVE-2026-40357 HIGH - 8.8

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Vendor: microsoft
Product: sharepoint_server
Published: May 12, 2026
Source: NVD
CVE-2026-35439 HIGH - 8.8

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Vendor: microsoft
Product: sharepoint_server
Published: May 12, 2026
Source: NVD
CVE-2026-35438 HIGH - 8.3

Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

Published: May 12, 2026
Source: NVD
CVE-2026-35436 HIGH - 8.8

Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: 365_apps
Published: May 12, 2026
Source: NVD
CVE-2026-35433 HIGH - 7.3

Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally.

Vendor: nuget
Product: Microsoft.WindowsDesktop.App.Runtime.win-arm64
Published: May 12, 2026
Source: NVD
CVE-2026-35424 HIGH - 7.5

Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network.

Vendor: microsoft
Product: windows_10_1607
Published: May 12, 2026
Source: NVD
CVE-2026-35421 HIGH - 7.8

Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally.

Vendor: microsoft
Product: windows_10_1607
Published: May 12, 2026
Source: NVD
CVE-2026-35420 HIGH - 7.8

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_server_2012
Published: May 12, 2026
Source: NVD
CVE-2026-35418 HIGH - 7.8

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1809
Published: May 12, 2026
Source: NVD
CVE-2026-35417 HIGH - 7.8

Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1809
Published: May 12, 2026
Source: NVD
CVE-2026-35416 HIGH - 7.0

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: May 12, 2026
Source: NVD
CVE-2026-35415 HIGH - 7.8

Integer overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: May 12, 2026
Source: NVD
CVE-2026-34687 HIGH - 7.8

Illustrator versions 29.8.6, 30.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: Adobe
Product: Illustrator
Published: May 12, 2026
Source: NVD
CVE-2026-34676 HIGH - 7.8

Substance3D - Painter versions 12.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: Adobe
Product: Substance3D - Painter
Published: May 12, 2026
Source: NVD
CVE-2026-34675 HIGH - 7.8

Substance3D - Painter versions 12.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: Adobe
Product: Substance3D - Painter
Published: May 12, 2026
Source: NVD
CVE-2026-34661 HIGH - 7.8

Illustrator versions 29.8.6, 30.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: Adobe
Product: Illustrator
Published: May 12, 2026
Source: NVD