Total
4074 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-0714 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2026-02-20 | 5.5 MEDIUM | 5.8 MEDIUM |
|
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash.
To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash.
The upd ...
Show More |
|||||
| CVE-2025-32709 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2026-02-13 | N/A | 7.8 HIGH |
|
Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-24054 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2026-02-13 | N/A | 6.5 MEDIUM |
|
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
|
|||||
| CVE-2025-26647 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2026-02-13 | N/A | 8.8 HIGH |
|
Improper input validation in Windows Kerberos allows an authorized attacker to elevate privileges over a network.
|
|||||
| CVE-2025-21389 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2026-02-13 | N/A | 7.5 HIGH |
|
Uncontrolled resource consumption in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to deny service over a network.
|
|||||
| CVE-2025-21300 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2026-02-13 | N/A | 7.5 HIGH |
|
Windows Universal Plug and Play (UPnP) Device Host Denial of Service Vulnerability
|
|||||
| CVE-2025-59282 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2026-02-10 | N/A | 7.0 HIGH |
|
Concurrent execution using shared resource with improper synchronization ('race condition') in Inbox COM Objects allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2026-20868 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-02-10 | N/A | 8.8 HIGH |
|
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
|
|||||
| CVE-2026-20940 | 1 Microsoft | 10 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 7 more | 2026-01-16 | N/A | 7.8 HIGH |
|
Heap-based buffer overflow in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2026-20936 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-01-16 | N/A | 4.3 MEDIUM |
|
Out-of-bounds read in Windows NDIS allows an authorized attacker to disclose information with a physical attack.
|
|||||
| CVE-2026-20931 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-01-16 | N/A | 8.0 HIGH |
|
External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network.
|
|||||
| CVE-2026-20929 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more | 2026-01-16 | N/A | 7.5 HIGH |
|
Improper access control in Windows HTTP.sys allows an authorized attacker to elevate privileges over a network.
|
|||||
| CVE-2026-20927 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-01-16 | N/A | 5.3 MEDIUM |
|
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to deny service over a network.
|
|||||
| CVE-2026-20925 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-01-16 | N/A | 6.5 MEDIUM |
|
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
|
|||||
| CVE-2026-20875 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-01-15 | N/A | 7.5 HIGH |
|
Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.
|
|||||
| CVE-2026-20921 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-01-15 | N/A | 7.5 HIGH |
|
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.
|
|||||
| CVE-2026-20922 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-01-15 | N/A | 7.8 HIGH |
|
Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.
|
|||||
| CVE-2026-20872 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-01-15 | N/A | 6.5 MEDIUM |
|
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
|
|||||
| CVE-2026-20869 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-01-15 | N/A | 7.0 HIGH |
|
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Local Session Manager (LSM) allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2026-20860 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-01-15 | N/A | 7.8 HIGH |
|
Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2026-20834 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-01-15 | N/A | 4.6 MEDIUM |
|
Absolute path traversal in Windows Shell allows an unauthorized attacker to perform spoofing with a physical attack.
|
|||||
| CVE-2026-20833 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2026-01-15 | N/A | 5.5 MEDIUM |
|
Use of a broken or risky cryptographic algorithm in Windows Kerberos allows an authorized attacker to disclose information locally.
|
|||||
| CVE-2026-20831 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-01-15 | N/A | 7.8 HIGH |
|
Time-of-check time-of-use (toctou) race condition in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2026-20839 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-01-15 | N/A | 5.5 MEDIUM |
|
Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to disclose information locally.
|
|||||
| CVE-2026-20840 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-01-15 | N/A | 7.8 HIGH |
|
Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.
|
|||||
| CVE-2026-20843 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-01-15 | N/A | 7.8 HIGH |
|
Improper access control in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2026-20847 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-01-15 | N/A | 6.5 MEDIUM |
|
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to perform spoofing over a network.
|
|||||
| CVE-2026-20849 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-01-15 | N/A | 7.5 HIGH |
|
Reliance on untrusted inputs in a security decision in Windows Kerberos allows an authorized attacker to elevate privileges over a network.
|
|||||
| CVE-2026-20828 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-01-15 | N/A | 4.6 MEDIUM |
|
Out-of-bounds read in Windows Internet Connection Sharing (ICS) allows an unauthorized attacker to disclose information with a physical attack.
|
|||||
| CVE-2026-20821 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-01-14 | N/A | 6.2 MEDIUM |
|
Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an unauthorized attacker to disclose information locally.
|
|||||
| CVE-2026-20820 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-01-14 | N/A | 7.8 HIGH |
|
Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2026-20816 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-01-14 | N/A | 7.8 HIGH |
|
Time-of-check time-of-use (toctou) race condition in Windows Installer allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2026-0386 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2026-01-14 | N/A | 7.5 HIGH |
|
Improper access control in Windows Deployment Services allows an unauthorized attacker to execute code over an adjacent network.
|
|||||
| CVE-2019-0543 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1703 and 12 more | 2026-01-14 | 4.6 MEDIUM | 7.8 HIGH |
|
An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka "Microsoft Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
|
|||||
| CVE-2019-1429 | 1 Microsoft | 14 Internet Explorer, Windows 10 1507, Windows 10 1607 and 11 more | 2026-01-14 | 7.6 HIGH | 7.5 HIGH |
|
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1428.
|
|||||
| CVE-2022-41128 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2026-01-14 | N/A | 8.8 HIGH |
|
Windows Scripting Languages Remote Code Execution Vulnerability
|
|||||
| CVE-2021-31956 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2026-01-13 | 9.3 HIGH | 7.8 HIGH |
|
Windows NTFS Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-37969 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2026-01-13 | N/A | 7.8 HIGH |
|
Windows Common Log File System Driver Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-41033 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2026-01-13 | N/A | 7.8 HIGH |
|
Windows COM+ Event System Service Elevation of Privilege Vulnerability
|
|||||
| CVE-2025-62549 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2025-12-24 | N/A | 8.8 HIGH |
|
Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
|
|||||