Microsoft Microsoft Makers of the Windows Operating System and hundreds of products that run on it.

  1. Vendors
  2. Microsoft

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Microsoft product.

RSS Feeds for Microsoft security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Microsoft products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Microsoft Sorted by Most Security Vulnerabilities since 2018

Microsoft Windows 104621 vulnerabilities

Microsoft Windows Server 20194392 vulnerabilities

Microsoft Windows Server 20164392 vulnerabilities

Microsoft Windows Server 20123309 vulnerabilities

Microsoft Windows Server 20082820 vulnerabilities

Microsoft Windows Server 20222712 vulnerabilities

Microsoft Windows 112278 vulnerabilities

Microsoft Windows 71810 vulnerabilities

Microsoft Windows 8.11712 vulnerabilities

Microsoft Windows Rt 8 11592 vulnerabilities

Microsoft Windows 11 23h21562 vulnerabilities

Microsoft Windows 10 15071452 vulnerabilities

Microsoft Windows 11 24h21249 vulnerabilities

Microsoft Windows Server 23h21215 vulnerabilities

Microsoft Windows Server 20251205 vulnerabilities

Microsoft Windows Server 2022 23h21115 vulnerabilities

Microsoft Windows Server 2012 R21107 vulnerabilities

Microsoft Windows931 vulnerabilities

Microsoft Windows Server 2008 R2793 vulnerabilities

Microsoft Windows Server655 vulnerabilities

Microsoft Windows Server 2008 Sp2626 vulnerabilities

Microsoft Office591 vulnerabilities

Microsoft Internet Explorer (IE)528 vulnerabilities
Popular web browser for windows

Microsoft 365 Apps466 vulnerabilities

Microsoft Sharepoint Server419 vulnerabilities

Microsoft Edge Browser412 vulnerabilities
Web Browser based on Chromium

Microsoft Windows 11 25h2403 vulnerabilities

Microsoft Windows Vista382 vulnerabilities

Microsoft Windows XP326 vulnerabilities

Microsoft Windows 10 1803275 vulnerabilities

Microsoft Windows 10 1909271 vulnerabilities

Microsoft Windows Server 2003262 vulnerabilities

Microsoft Windows Server 2004244 vulnerabilities

Microsoft Windows 11 26h1242 vulnerabilities

Microsoft Windows Server 1903240 vulnerabilities

Microsoft Edge Chromium226 vulnerabilities

Microsoft Windows Server 1909223 vulnerabilities

Microsoft Office Long Term Servicing Channel210 vulnerabilities

Microsoft Windows Server 20h2205 vulnerabilities

Microsoft Office 2024199 vulnerabilities

Microsoft Office 2021192 vulnerabilities

Microsoft Excel188 vulnerabilities
Spreadsheet Software

Microsoft Office 2019183 vulnerabilities

Microsoft Windows 2003 Server162 vulnerabilities

Microsoft Office Macos 2024160 vulnerabilities

Microsoft Office Macos 2021158 vulnerabilities

Microsoft Sql Server 2019136 vulnerabilities

Microsoft Office Online Server135 vulnerabilities

Microsoft Exchange Server132 vulnerabilities

Microsoft Visual Studio 2019123 vulnerabilities

Microsoft Visual Studio 2022123 vulnerabilities

Microsoft Windows 2000112 vulnerabilities

Microsoft Windows 11 2h2109 vulnerabilities

Microsoft Sql Server 2022108 vulnerabilities

Microsoft Windows Server 1803101 vulnerabilities

Microsoft Word100 vulnerabilities

Microsoft Dynamics 36599 vulnerabilities

Microsoft SQL Server98 vulnerabilities
Database Server

Microsoft Windows 10 21h195 vulnerabilities

Microsoft Visual Studio 201795 vulnerabilities

Microsoft Sql Server 201795 vulnerabilities

Microsoft Sql Server 201693 vulnerabilities

Microsoft Net90 vulnerabilities

Microsoft Office 365 Proplus87 vulnerabilities

Microsoft Visual Studio87 vulnerabilities
Developer IDE

Microsoft Outlook86 vulnerabilities

Microsoft Excel 201679 vulnerabilities

Microsoft Sharepoint Server 201975 vulnerabilities

Microsoft Sharepoint Server 201674 vulnerabilities

Microsoft Visual Studio Code68 vulnerabilities
VSCode Developer IDE

Microsoft Windows 861 vulnerabilities

Microsoft Office Compatibility Pack61 vulnerabilities

Microsoft Windows Nt57 vulnerabilities

Microsoft Office Web Apps55 vulnerabilities

Microsoft Azure Site Recovery53 vulnerabilities

Microsoft Office 201650 vulnerabilities

Microsoft Windows Rt46 vulnerabilities

Microsoft Office Web Apps Server41 vulnerabilities

Microsoft Windows 10 170940 vulnerabilities

Microsoft Azure Devops Server40 vulnerabilities

Microsoft Powershell39 vulnerabilities

Microsoft 37 vulnerabilities

Microsoft ASP.NET Core36 vulnerabilities

Microsoft Mysql36 vulnerabilities

Microsoft Excel Viewer34 vulnerabilities

Microsoft .NET Core34 vulnerabilities

Microsoft Windows 10 170331 vulnerabilities

Microsoft Ole Db Driver For Sql Server31 vulnerabilities

Microsoft Word 201629 vulnerabilities

Microsoft Http Server28 vulnerabilities

Microsoft Remote Desktop27 vulnerabilities

Microsoft Windows 10 190326 vulnerabilities

Microsoft Windows 10 200426 vulnerabilities

Microsoft Odbc Driver For Sql Server26 vulnerabilities

Microsoft Teams26 vulnerabilities

Microsoft .NET Framework23 vulnerabilities

Microsoft Remote Desktop Client22 vulnerabilities

Recent Microsoft Security Advisories

Advisory Title Published
CVE-2026-6210 CVE-2026-6210 Type confusion and heap-buffer-overflow in Qt SVG marker handling causing application crash May 13, 2026
CVE-2026-8177 CVE-2026-8177 XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences May 13, 2026
CVE-2026-43249 CVE-2026-43249 9p/xen: protect xen_9pfs_front_free against concurrent calls May 13, 2026
CVE-2026-31767 CVE-2026-31767 drm/i915/dsi: Don't do DSC horizontal timing adjustments in command mode May 13, 2026
CVE-2026-41256 CVE-2026-41256 jq: Embedded NUL truncates top-level jq programs loaded with -f May 13, 2026
CVE-2026-40612 CVE-2026-40612 jq: Stack overflow via unbounded recursion in jv_contains May 13, 2026
CVE-2026-43895 CVE-2026-43895 jq: Embedded NUL in jq import paths causes local redaction-policy bypass and preserves sensitive fields in published artifacts May 13, 2026
CVE-2026-43896 CVE-2026-43896 jq: Stack Overflow in Recursive Object Merge May 13, 2026
CVE-2026-43894 CVE-2026-43894 jq: Wild stack write via signed-integer overflow in decNumber D2U() macro May 13, 2026
CVE-2026-41257 CVE-2026-41257 jq: Signed-int overflow in `stack_reallocate` (jq VM stack) May 13, 2026

Known Exploited Microsoft Vulnerabilities

The following Microsoft vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Microsoft Windows Protection Mechanism Failure Vulnerability Microsoft Windows Shell contains a protection mechanism failure vulnerability that allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-32202 		April 28, 2026
Microsoft Defender Insufficient Granularity of Access Control Vulnerability Microsoft Defender contains an insufficient granularity of access control vulnerability that could allow an authorized attacker to escalate privileges locally.
CVE-2026-33825 		April 22, 2026
Microsoft Office Remote Code Execution Microsoft Office Excel contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system if a user opens a specially crafted Excel file that includes a malformed object.
CVE-2009-0238 Exploit Probability: 74.9% 		April 14, 2026
Microsoft SharePoint Server Improper Input Validation Vulnerability Microsoft SharePoint Server contains an improper input validation vulnerability that allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-32201 		April 14, 2026
Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability Microsoft Visual Basic for Applications (VBA) contains an insecure library loading vulnerability that could allow for remote code execution.
CVE-2012-1854 Exploit Probability: 4.6% 		April 13, 2026
Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability Microsoft Exchange Server contains a deserialization of untrusted data that allows an authenticated attacker to achieve remote code execution.
CVE-2023-21529 Exploit Probability: 31.8% 		April 13, 2026
Microsoft Windows Link Following Vulnerability Microsoft Windows contains a link following vulnerability that allows for privilege escalation
CVE-2025-60710 Exploit Probability: 29.7% 		April 13, 2026
Microsoft Windows Out-of-Bounds Read Vulnerability Microsoft Windows Common Log File System Driver contains an out-of-bounds read vulnerability that could allow a threat actor for privileges escalation
CVE-2023-36424 Exploit Probability: 10.9% 		April 13, 2026
Microsoft SharePoint Deserialization of Untrusted Data Vulnerability Microsoft SharePoint contains a deserialization of untrusted data vulnerability that allows an unauthorized attacker to execute code over a network.
CVE-2026-20963 Exploit Probability: 4.9% 		March 18, 2026
Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability Microsoft Windows Video ActiveX Control contains a remote code execution vulnerability. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.
CVE-2008-0015 Exploit Probability: 81.6% 		February 17, 2026
Microsoft Configuration Manager SQL Injection Vulnerability Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database.
CVE-2024-43468 Exploit Probability: 83.1% 		February 12, 2026
Microsoft Windows Type Confusion Vulnerability Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21519 Exploit Probability: 4.5% 		February 10, 2026
Microsoft Windows Improper Privilege Management Vulnerability Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21533 Exploit Probability: 20.2% 		February 10, 2026
Microsoft Internet Explorer Protection Mechanism Failure Vulnerability Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21513 Exploit Probability: 27.8% 		February 10, 2026
Microsoft Windows NULL Pointer Dereference Vulnerability Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.
CVE-2026-21525 Exploit Probability: 9.4% 		February 10, 2026
Microsoft Windows Shell Protection Mechanism Failure Vulnerability Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21510 Exploit Probability: 3.3% 		February 10, 2026
Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21514 Exploit Probability: 4.9% 		February 10, 2026
Microsoft Office Security Feature Bypass Vulnerability Microsoft Office contains a security feature bypass vulnerability in which reliance on untrusted inputs in a security decision in Microsoft Office could allow an unauthorized attacker to bypass a security feature locally.
CVE-2026-21509 Exploit Probability: 10.9% 		January 26, 2026
Microsoft Windows Information Disclosure Vulnerability Microsoft Windows Desktop Windows Manager contains an information disclosure vulnerability that allows an authorized attacker to disclose information locally.
CVE-2026-20805 Exploit Probability: 3.3% 		January 13, 2026
Microsoft Office PowerPoint Code Injection Vulnerability Microsoft Office PowerPoint contains a code injection vulnerability that allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an invalid index value that triggers memory corruption.
CVE-2009-0556 Exploit Probability: 67.9% 		January 7, 2026

Of the known exploited vulnerabilities above, 2 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. 6 known exploited Microsoft vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.

Top 10 Riskiest Microsoft Vulnerabilities

Based on the current exploit probability, these Microsoft vulnerabilities are on CISA's Known Exploited vulnerabilities list (KEV) and are ranked by the current EPSS exploit probability.

Rank CVE EPSS Vulnerability
1 CVE-2019-0708 94.5% "BlueKeep" Microsoft Windows Remote Desktop Remote Code Execution Vulnerability
2 CVE-2019-0604 94.4% Microsoft SharePoint Remote Code Execution Vulnerability
3 CVE-2017-7269 94.4% Microsft Windows Server 2003 R2 IIS WEBDAV buffer overflow Remote Code Execution vulnerability (COVI
4 CVE-2020-0796 94.4% Microsoft SMBv3 Remote Code Execution Vulnerability
5 CVE-2020-0688 94.4% Microsoft Exchange Server Key Validation Vulnerability
6 CVE-2021-38647 94.4% Microsoft Azure Open Management Infrastructure (OMI) Remote Code Execution Vulnerability
7 CVE-2020-1472 94.4% NetLogon Privilege Escalation Vulnerability
8 CVE-2023-29357 94.4% Microsoft SharePoint Server Privilege Escalation Vulnerability
9 CVE-2017-11882 94.4% Microsoft Office memory corruption vulnerability
10 CVE-2021-26855 94.3% Microsoft OWA Exchange Control Panel (ECP) Exploit Chain

By the Year

In 2026 there have been 2056 vulnerabilities in Microsoft with an average score of 7.2 out of ten. Last year, in 2025 Microsoft had 2737 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Microsoft in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.14.




Year Vulnerabilities Average Score
2026 2056 7.23
2025 2737 7.09
2024 2181 7.34
2023 1695 7.22
2022 1389 7.43
2021 1153 7.44
2020 1253 7.20
2019 831 7.08
2018 661 7.03

It may take a day or so for new Microsoft vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-33821 May 12, 2026
May 2026: Microsoft Dynamics 365 Customer Insights Elevation of Privilege Vulnerability Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network.
Dynamics 365
CVE-2026-42893 May 12, 2026
May 2026: Microsoft Outlook for iOS Tampering Vulnerability Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to perform tampering over a network.
Outlook
CVE-2026-42838 May 12, 2026
May 2026: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network.
Edge Chromium
CVE-2026-40416 May 12, 2026
May 2026: Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
Edge Chromium
CVE-2026-42833 May 12, 2026
May 2026: Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability Execution with unnecessary privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.
Dynamics 365
CVE-2026-42832 May 12, 2026
May 2026: Microsoft Office Spoofing Vulnerability Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.
Word
Excel
Office Macos 2021
And others...
CVE-2026-42830 May 12, 2026
May 2026: Azure Monitor Agent Metrics Extension Elevation of Privilege Vulnerability Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
Azure Monitor Agent Metrics Extension
CVE-2026-42823 May 12, 2026
May 2026: Azure Logic Apps Elevation of Privilege Vulnerability Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.
Azure Logic Apps
CVE-2026-41613 May 12, 2026
May 2026: Visual Studio Code Elevation of Privilege Vulnerability Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
Visual Studio Code
CVE-2026-41103 May 12, 2026
May 2026: Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network.
Jira Saml Sso Plugin
Confluence Saml Sso Plugin
CVE-2026-40381 May 12, 2026
May 2026: Azure Connected Machine Agent Elevation of Privilege Vulnerability Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
Azure Connected Machine Agent
CVE-2026-41097 May 12, 2026
May 2026: Secure Boot Security Feature Bypass Vulnerability Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
Windows 10
Windows Server 2019
Windows Server 2022
And others...
CVE-2026-41086 May 12, 2026
May 2026: Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
Azure Portal Windows Admin Center
CVE-2026-40420 May 12, 2026
May 2026: Microsoft Office Click-To-Run Elevation of Privilege Vulnerability Improper access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
Office 2019
365 Apps
Office 2021
And others...
CVE-2026-35436 May 12, 2026
May 2026: Microsoft Office Click-To-Run Elevation of Privilege Vulnerability Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
Office 2019
365 Apps
Office 2021
And others...
CVE-2026-40418 May 12, 2026
May 2026: Microsoft Office Click-To-Run Elevation of Privilege Vulnerability Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
Office 2019
365 Apps
Office 2021
And others...
CVE-2026-40403 May 12, 2026
May 2026: Windows Graphics Component Remote Code Execution Vulnerability Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally.
Windows 10
Windows Server 2019
Windows Server 2022
And others...
CVE-2026-40413 May 12, 2026
May 2026: Windows TCP/IP Denial of Service Vulnerability Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.
Windows 10
Windows Server 2019
Windows Server 2022
And others...
CVE-2026-40402 May 12, 2026
May 2026: Windows Hyper-V Elevation of Privilege Vulnerability Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.
Windows Server 2022
Windows 11 23h2
CVE-2026-40398 May 12, 2026
May 2026: Windows Remote Desktop Services Elevation of Privilege Vulnerability Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
Windows 10
Windows Server 2019
Windows Server 2022
And others...
CVE-2026-40401 May 12, 2026
May 2026: Windows TCP/IP Denial of Service Vulnerability Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service locally.
Windows 10
Windows Server 2019
Windows Server 2022
And others...
CVE-2026-32209 May 12, 2026
May 2026: Windows Filtering Platform (WFP) Security Feature Bypass Vulnerability Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally.
Windows 10
Windows Server 2019
Windows Server 2022
And others...
CVE-2026-40397 May 12, 2026
May 2026: Windows Common Log File System Driver Elevation of Privilege Vulnerability Integer underflow (wrap or wraparound) in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
Windows 10
Windows Server 2022
Windows Server 2019
And others...
CVE-2026-40382 May 12, 2026
May 2026: Windows Telephony Service Elevation of Privilege Vulnerability Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
Windows 10
Windows Server 2019
Windows Server 2022
And others...
CVE-2026-40369 May 12, 2026
May 2026: Windows Kernel Elevation of Privilege Vulnerability Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.
Windows Server 2025
Windows 11 2h2
Windows 11 24h2
And others...
CVE-2026-40370 May 12, 2026
May 2026: SQL Server Remote Code Execution Vulnerability External control of file name or path in SQL Server allows an authorized attacker to execute code over a network.
Sql Server 2025
Sql Server 2022
Sql Server 2017
And others...
CVE-2026-40367 May 12, 2026
May 2026: Microsoft Word Remote Code Execution Vulnerability Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Sharepoint Server 2016
Sharepoint Server 2019
Office 2019
And others...
CVE-2026-40365 May 12, 2026
May 2026: Microsoft SharePoint Server Remote Code Execution Vulnerability Insufficient granularity of access control in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Sharepoint Server 2016
Sharepoint Server 2019
Sharepoint Server
And others...
CVE-2026-40362 May 12, 2026
May 2026: Microsoft Excel Remote Code Execution Vulnerability Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Office 2021
Office 2019
365 Apps
And others...
CVE-2026-40361 May 12, 2026
May 2026: Microsoft Word Remote Code Execution Vulnerability Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Office 2019
365 Apps
Office Macos 2021
And others...
CVE-2026-40359 May 12, 2026
May 2026: Microsoft Excel Remote Code Execution Vulnerability Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Office 2021
Office 2019
365 Apps
And others...
CVE-2026-40358 May 12, 2026
May 2026: Microsoft Office Remote Code Execution Vulnerability Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Office 2019
365 Apps
Office Macos 2021
And others...
CVE-2026-34341 May 12, 2026
May 2026: Windows Link-Layer Discovery Protocol (LLDP) Elevation of Privilege Vulnerability Double free in Windows Link-Layer Discovery Protocol (LLDP) allows an authorized attacker to elevate privileges locally.
Windows 10
Windows Server 2019
Windows Server 2022
And others...
CVE-2026-40357 May 12, 2026
May 2026: Microsoft SharePoint Server Remote Code Execution Vulnerability Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Sharepoint Server 2016
Sharepoint Server 2019
Sharepoint Server
And others...
CVE-2026-34340 May 12, 2026
May 2026: Windows Projected File System Elevation of Privilege Vulnerability Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.
Windows 10
Windows Server 2022
Windows Server 2019
And others...
CVE-2026-34338 May 12, 2026
May 2026: Windows Telephony Service Elevation of Privilege Vulnerability Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
Windows 10
Windows Server 2019
Windows Server 2022
And others...
CVE-2026-34339 May 12, 2026
May 2026: Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to deny service locally.
Windows 10
Windows Server 2019
Windows Server 2022
And others...
CVE-2026-34337 May 12, 2026
May 2026: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
Windows Server 2022
Windows 10
Windows Server 2019
And others...
CVE-2026-34336 May 12, 2026
May 2026: Windows DWM Core Library Information Disclosure Vulnerability Buffer over-read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
Windows 10
Windows Server 2019
Windows Server 2022
And others...
CVE-2026-34334 May 12, 2026
May 2026: Windows TCP/IP Elevation of Privilege Vulnerability Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
Windows 10
Windows Server 2019
Windows Server 2022
And others...
CVE-2026-34332 May 12, 2026
May 2026: Windows Kernel-Mode Driver Remote Code Execution Vulnerability Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network.
Windows Server 2025
CVE-2026-33838 May 12, 2026
May 2026: Windows Message Queuing (MSMQ) Elevation of Privilege Vulnerability Double free in Windows Message Queuing allows an authorized attacker to elevate privileges locally.
Windows 10
Windows Server 2019
Windows Server 2022
And others...
CVE-2026-33837 May 12, 2026
May 2026: Windows TCP/IP Local Elevation of Privilege Vulnerability Heap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
Windows 10
Windows Server 2019
Windows Server 2022
And others...
CVE-2026-33833 May 12, 2026
May 2026: Azure Machine Learning Notebook Spoofing Vulnerability Improper neutralization of special elements in output used by a downstream component ('injection') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.
Azure Machine Learning
CVE-2026-33835 May 12, 2026
May 2026: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
Windows Server 2019
Windows Server 2022
Windows 10
And others...
CVE-2026-33110 May 12, 2026
May 2026: Microsoft SharePoint Server Remote Code Execution Vulnerability Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Sharepoint Server 2016
Sharepoint Server 2019
Sharepoint Server
And others...
CVE-2026-33112 May 12, 2026
May 2026: Microsoft SharePoint Server Remote Code Execution Vulnerability Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Sharepoint Server 2016
Sharepoint Server 2019
Sharepoint Server
And others...
CVE-2026-42899 May 12, 2026
May 2026: ASP.NET Core Denial of Service Vulnerability Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.
Net
CVE-2026-42898 May 12, 2026
May 2026: Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.
Dynamics 365
CVE-2026-42896 May 12, 2026
May 2026: Windows DWM Core Library Elevation of Privilege Vulnerability Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
Windows Server 2025
Windows 11 25h2
Windows 11 24h2
And others...
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.