Microsoft Windows 10
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft Windows 10.
Recent Microsoft Windows 10 Security Advisories
| Advisory | Title | Published |
|---|---|---|
| CVE-2020-0569 | CVE-2020-0569 Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access. | January 1, 2026 |
| CVE-2021-42297 | Windows 10 Update Assistant Elevation of Privilege Vulnerability | November 16, 2021 |
| CVE-2021-43211 | Windows 10 Update Assistant Elevation of Privilege Vulnerability | November 16, 2021 |
| CVE-2021-36945 | Windows 10 Update Assistant Elevation of Privilege Vulnerability | August 10, 2021 |
By the Year
In 2026 there have been 243 vulnerabilities in Microsoft Windows 10 with an average score of 7.1 out of ten. Last year, in 2025 Windows 10 had 638 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Windows 10 in 2026 could surpass last years number. Last year, the average CVE base score was greater by 0.07
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 243 | 7.15 |
| 2025 | 638 | 7.22 |
| 2024 | 528 | 7.36 |
| 2023 | 529 | 7.53 |
| 2022 | 525 | 7.42 |
| 2021 | 488 | 7.36 |
| 2020 | 834 | 7.33 |
| 2019 | 488 | 7.30 |
| 2018 | 261 | 7.23 |
It may take a day or so for new Windows 10 vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Windows 10 Security Vulnerabilities
Apr 2026: Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability
CVE-2026-32214
5.5 - Medium
- April 14, 2026
Improper access control in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.
Authorization
Apr 2026: Windows Snipping Tool Spoofing Vulnerability
CVE-2026-33829
4.3 - Medium
- April 14, 2026
Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network.
Information Disclosure
Apr 2026: Windows TCP/IP Remote Code Execution Vulnerability
CVE-2026-33827
8.1 - High
- April 14, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network.
Race Condition
Apr 2026: Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability
CVE-2026-33824
9.8 - Critical
- April 14, 2026
Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.
Double-free
Apr 2026: Win32k Elevation of Privilege Vulnerability
CVE-2026-33104
7 - High
- April 14, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
Race Condition
Apr 2026: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-33100
7 - High
- April 14, 2026
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Dangling pointer
Apr 2026: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-33099
7 - High
- April 14, 2026
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Dangling pointer
Apr 2026: Windows Shell Security Feature Bypass Vulnerability
CVE-2026-32225
8.8 - High
- April 14, 2026
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
Protection Mechanism Failure
Apr 2026: Windows User Interface Core Elevation of Privilege Vulnerability
CVE-2026-32164
7.8 - High
- April 14, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.
Race Condition
Apr 2026: Windows User Interface Core Elevation of Privilege Vulnerability
CVE-2026-32163
7.8 - High
- April 14, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.
Race Condition
Apr 2026: Windows COM Elevation of Privilege Vulnerability
CVE-2026-32162
8.4 - High
- April 14, 2026
Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate privileges locally.
Acceptance of Extraneous Untrusted Data With Trusted Data
Apr 2026: Desktop Window Manager Elevation of Privilege Vulnerability
CVE-2026-32155
7.8 - High
- April 14, 2026
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
Dangling pointer
Apr 2026: Windows Speech Runtime Elevation of Privilege Vulnerability
CVE-2026-32153
7.8 - High
- April 14, 2026
Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.
Dangling pointer
Apr 2026: Windows Shell Information Disclosure Vulnerability
CVE-2026-32151
6.5 - Medium
- April 14, 2026
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information over a network.
Information Disclosure
Apr 2026: Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability
CVE-2026-32150
7 - High
- April 14, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
Race Condition
Apr 2026: Windows Hyper-V Remote Code Execution Vulnerability
CVE-2026-32149
7.3 - High
- April 14, 2026
Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.
Improper Input Validation
Apr 2026: Microsoft Brokering File System Elevation of Privilege Vulnerability
CVE-2026-32091
8.4 - High
- April 14, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.
Race Condition
Apr 2026: Windows Biometric Service Security Feature Bypass Vulnerability
CVE-2026-32088
6.1 - Medium
- April 14, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Biometric Service allows an unauthorized attacker to bypass a security feature with a physical attack.
Race Condition
Apr 2026: Windows Print Spooler Information Disclosure Vulnerability
CVE-2026-32084
5.5 - Medium
- April 14, 2026
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
Information Disclosure
Apr 2026: Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability
CVE-2026-32086
7 - High
- April 14, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
Race Condition
Apr 2026: Web Account Manager Information Disclosure Vulnerability
CVE-2026-32079
5.5 - Medium
- April 14, 2026
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
Information Disclosure
Apr 2026: Windows Projected File System Elevation of Privilege Vulnerability
CVE-2026-32078
7.8 - High
- April 14, 2026
Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.
Dangling pointer
Apr 2026: Windows UPnP Device Host Elevation of Privilege Vulnerability
CVE-2026-32077
7.8 - High
- April 14, 2026
Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
Untrusted Pointer Dereference
Apr 2026: Windows Projected File System Elevation of Privilege Vulnerability
CVE-2026-32074
7.8 - High
- April 14, 2026
Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally.
Double-free
Apr 2026: Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2026-32070
7 - High
- April 14, 2026
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
Dangling pointer
Apr 2026: Active Directory Spoofing Vulnerability
CVE-2026-32072
6.2 - Medium
- April 14, 2026
Improper authentication in Windows Active Directory allows an unauthorized attacker to perform spoofing locally.
authentification
Apr 2026: Windows Projected File System Elevation of Privilege Vulnerability
CVE-2026-32069
7.8 - High
- April 14, 2026
Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally.
Double-free
Apr 2026: Windows GDI Information Disclosure Vulnerability
CVE-2026-27930
5.5 - Medium
- April 14, 2026
Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally.
Out-of-bounds Read
Apr 2026: Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnera
CVE-2026-32068
7 - High
- April 14, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
Race Condition
Apr 2026: Desktop Window Manager Elevation of Privilege Vulnerability
CVE-2026-27923
7.8 - High
- April 14, 2026
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
Dangling pointer
Apr 2026: Windows UPnP Device Host Information Disclosure Vulnerability
CVE-2026-27925
6.5 - Medium
- April 14, 2026
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to disclose information over an adjacent network.
Dangling pointer
Apr 2026: Windows UPnP Device Host Elevation of Privilege Vulnerability
CVE-2026-27920
7.8 - High
- April 14, 2026
Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
Untrusted Pointer Dereference
Apr 2026: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-27922
7 - High
- April 14, 2026
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Dangling pointer
Apr 2026: Windows UPnP Device Host Elevation of Privilege Vulnerability
CVE-2026-27916
7.8 - High
- April 14, 2026
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
Dangling pointer
Apr 2026: Microsoft Management Console Elevation of Privilege Vulnerability
CVE-2026-27914
7.8 - High
- April 14, 2026
Improper access control in Microsoft Management Console allows an authorized attacker to elevate privileges locally.
Authorization
Apr 2026: Windows User Interface Core Elevation of Privilege Vulnerability
CVE-2026-27911
7.8 - High
- April 14, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.
Race Condition
Apr 2026: Windows Installer Elevation of Privilege Vulnerability
CVE-2026-27910
7.8 - High
- April 14, 2026
Improper handling of insufficient permissions or privileges in Windows Installer allows an authorized attacker to elevate privileges locally.
Improper Handling of Insufficient Permissions or Privileges
Apr 2026: Windows Search Service Elevation of Privilege Vulnerability
CVE-2026-27909
7.8 - High
- April 14, 2026
Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally.
Dangling pointer
Apr 2026: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-26182
7 - High
- April 14, 2026
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Dangling pointer
Apr 2026: Windows Projected File System Elevation of Privilege Vulnerability
CVE-2026-26184
7.8 - High
- April 14, 2026
Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.
Buffer Over-read
Apr 2026: Windows Advanced Rasterization Platform Elevation of Privilege Vulnerability
CVE-2026-26178
8.8 - High
- April 14, 2026
Integer size truncation in Windows Advanced Rasterization Platform (WARP) allows an unauthorized attacker to elevate privileges locally.
Incorrect Conversion between Numeric Types
Apr 2026: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-26177
7 - High
- April 14, 2026
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Dangling pointer
Apr 2026: Windows Client Side Caching driver (csc.sys) Elevation of Privilege Vulnerability
CVE-2026-26176
7.8 - High
- April 14, 2026
Heap-based buffer overflow in Windows Client Side Caching driver (csc.sys) allows an authorized attacker to elevate privileges locally.
Heap-based Buffer Overflow
Apr 2026: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-26173
7 - High
- April 14, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Race Condition
Apr 2026: Windows Push Notifications Elevation of Privilege Vulnerability
CVE-2026-26172
7.8 - High
- April 14, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
Race Condition
Apr 2026: Windows Kernel Memory Information Disclosure Vulnerability
CVE-2026-26169
6.1 - Medium
- April 14, 2026
Buffer over-read in Windows Kernel Memory allows an authorized attacker to disclose information locally.
Buffer Over-read
Apr 2026: PowerShell Elevation of Privilege Vulnerability
CVE-2026-26170
7.8 - High
- April 14, 2026
Improper input validation in Microsoft PowerShell allows an authorized attacker to elevate privileges locally.
Improper Input Validation
Apr 2026: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-26168
7.8 - High
- April 14, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Race Condition
Apr 2026: Windows Kernel Elevation of Privilege Vulnerability
CVE-2026-26163
7.8 - High
- April 14, 2026
Double free in Windows Kernel allows an authorized attacker to elevate privileges locally.
Double-free
Apr 2026: Windows Hyper-V Remote Code Execution Vulnerability
CVE-2026-26156
7.8 - High
- April 14, 2026
Heap-based buffer overflow in Windows Hyper-V allows an unauthorized attacker to execute code locally.
Heap-based Buffer Overflow
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Windows 10 or by Microsoft? Click the Watch button to subscribe.
