Total CVEs

138,502

Critical Severity

3,573

High Severity

12,821

Last 7 Days

2,013
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 3,861 - 3,880 of 12,518 CVEs
CVE-2026-34333 HIGH - 7.8

Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: May 12, 2026
Source: NVD
CVE-2026-34332 HIGH - 8.0

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network.

Vendor: microsoft
Product: windows_server_2025
Published: May 12, 2026
Source: NVD
CVE-2026-34331 HIGH - 7.0

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: May 12, 2026
Source: NVD
CVE-2026-34330 HIGH - 7.8

Integer overflow or wraparound in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: May 12, 2026
Source: NVD
CVE-2026-34329 HIGH - 8.8

Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network.

Vendor: microsoft
Product: windows_10_1607
Published: May 12, 2026
Source: NVD
CVE-2026-33841 HIGH - 7.8

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_21h2
Published: May 12, 2026
Source: NVD
CVE-2026-33840 HIGH - 7.8

Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_11_24h2
Published: May 12, 2026
Source: NVD
CVE-2026-33839 HIGH - 7.0

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1809
Published: May 12, 2026
Source: NVD
CVE-2026-33838 HIGH - 7.8

Double free in Windows Message Queuing allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: May 12, 2026
Source: NVD
CVE-2026-33837 HIGH - 7.8

Heap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: May 12, 2026
Source: NVD
CVE-2026-33835 HIGH - 7.8

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1809
Published: May 12, 2026
Source: NVD
CVE-2026-33834 HIGH - 7.8

Improper access control in Windows Event Logging Service allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: May 12, 2026
Source: NVD
CVE-2026-33833 HIGH - 8.2

Improper neutralization of special elements in output used by a downstream component ('injection') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.

Published: May 12, 2026
Source: NVD
CVE-2026-33821 HIGH - 7.7

Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network.

Vendor: microsoft
Product: dynamics_365_customer_insights
Published: May 12, 2026
Source: NVD
CVE-2026-33112 HIGH - 8.8

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Vendor: microsoft
Product: sharepoint_server
Published: May 12, 2026
Source: NVD
CVE-2026-33110 HIGH - 8.8

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Vendor: microsoft
Product: sharepoint_server
Published: May 12, 2026
Source: NVD
CVE-2026-32204 HIGH - 7.8

External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.

Published: May 12, 2026
Source: NVD
CVE-2026-32177 HIGH - 7.3

Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.

Published: May 12, 2026
Source: NVD
CVE-2026-32161 HIGH - 7.5

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Native WiFi Miniport Driver allows an unauthorized attacker to execute code over an adjacent network.

Vendor: microsoft
Product: windows_10_1607
Published: May 12, 2026
Source: NVD
CVE-2026-31240 HIGH - 7.5

The mem0 1.0.0 server lacks authentication and authorization controls for its memory management API endpoints. Critical functions such as updating memory records (PUT /memories/{memory_id}) are exposed without any verification of the requester's identity or permissions. A remote attacker can ex...

Published: May 12, 2026
Source: NVD