Microsoft CVEs & Vulnerabilities

1.621 CVEs affecting Microsoft products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

1.621 CVEs→ All vendors

Most Affected Products

windows 1.168windows server 2012 286windows 11 26h1 242windows server 2025 242windows 11 25h2 235windows 11 24h2 235windows server 2022 225windows 11 23h2 218
CVE-2026-27311HIGH

Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

14 Apr 2026
7.8
CVSS
CVE-2026-27310HIGH

Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

14 Apr 2026
7.8
CVSS
CVE-2026-27289HIGH

Photoshop Desktop versions 27.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

14 Apr 2026
7.8
CVSS
CVE-2026-27222MEDIUM

Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Divide By Zero vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application or render it unresponsive. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

14 Apr 2026
5.5
CVSS
CVE-2026-33829MEDIUMpoc

Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network.

14 Apr 2026
4.3
CVSS
CVE-2026-33827HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network.

14 Apr 2026
8.1
CVSS
CVE-2026-33826HIGH

Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network.

14 Apr 2026
8.0
CVSS
CVE-2026-33825KEVHIGHin the wild

Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.

14 Apr 2026
7.8
CVSS
CVE-2026-33824CRITICAL

Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.

14 Apr 2026
9.8
CVSS
CVE-2026-33104HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

14 Apr 2026
7.0
CVSS
CVE-2026-33101HIGH

Use after free in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.

14 Apr 2026
7.8
CVSS
CVE-2026-33100HIGH

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

14 Apr 2026
7.0
CVSS
CVE-2026-33099HIGH

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

14 Apr 2026
7.0
CVSS
CVE-2026-33098HIGH

Use after free in Windows Container Isolation FS Filter Driver allows an authorized attacker to elevate privileges locally.

14 Apr 2026
7.8
CVSS
CVE-2026-33096HIGH

Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to deny service over a network.

14 Apr 2026
7.5
CVSS
CVE-2026-32225HIGH

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

14 Apr 2026
8.8
CVSS
CVE-2026-32224HIGH

Use after free in Windows Server Update Service allows an authorized attacker to elevate privileges locally.

14 Apr 2026
7.0
CVSS
CVE-2026-32223MEDIUM

Heap-based buffer overflow in Windows USB Print Driver allows an unauthorized attacker to elevate privileges with a physical attack.

14 Apr 2026
6.8
CVSS
CVE-2026-32222HIGH

Untrusted pointer dereference in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

14 Apr 2026
7.8
CVSS
CVE-2026-32221HIGH

Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code locally.

14 Apr 2026
8.4
CVSS
CVE-2026-32220MEDIUM

Improper access control in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.

14 Apr 2026
4.4
CVSS
CVE-2026-32219HIGH

Double free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.

14 Apr 2026
7.0
CVSS
CVE-2026-32218MEDIUM

Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.

14 Apr 2026
5.5
CVSS
CVE-2026-32217MEDIUM

Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.

14 Apr 2026
5.5
CVSS
CVE-2026-32216MEDIUM

Null pointer dereference in Windows Redirected Drive Buffering allows an authorized attacker to deny service locally.

14 Apr 2026
5.5
CVSS
CVE-2026-32215MEDIUM

Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.

14 Apr 2026
5.5
CVSS
CVE-2026-32214MEDIUM

Improper access control in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.

14 Apr 2026
5.5
CVSS
CVE-2026-32212MEDIUM

Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.

14 Apr 2026
5.5
CVSS
CVE-2026-32202KEVMEDIUMin the wild

Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network.

14 Apr 2026
4.3
CVSS
CVE-2026-32201KEVMEDIUMin the wild

Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

14 Apr 2026
6.5
CVSS
CVE-2026-32195HIGH

Stack-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

14 Apr 2026
7.0
CVSS
CVE-2026-32183HIGH

Improper neutralization of special elements used in a command ('command injection') in Windows Snipping Tool allows an unauthorized attacker to execute code locally.

14 Apr 2026
7.8
CVSS
CVE-2026-32181MEDIUM

Improper privilege management in Microsoft Windows allows an authorized attacker to deny service locally.

14 Apr 2026
5.5
CVSS
CVE-2026-32165HIGH

Use after free in Windows User Interface Core allows an authorized attacker to elevate privileges locally.

14 Apr 2026
7.8
CVSS
CVE-2026-32164HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.

14 Apr 2026
7.8
CVSS
CVE-2026-32163HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.

14 Apr 2026
7.8
CVSS
CVE-2026-32162HIGH

Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate privileges locally.

14 Apr 2026
8.4
CVSS
CVE-2026-32160HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

14 Apr 2026
7.8
CVSS
CVE-2026-32159HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

14 Apr 2026
7.8
CVSS
CVE-2026-32158HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

14 Apr 2026
7.8
CVSS
CVE-2026-32153HIGH

Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.

14 Apr 2026
7.8
CVSS
CVE-2026-32151MEDIUM

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information over a network.

14 Apr 2026
6.5
CVSS
CVE-2026-32150HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.

14 Apr 2026
7.0
CVSS
CVE-2026-32149HIGH

Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.

14 Apr 2026
7.3
CVSS
CVE-2026-32093HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.

14 Apr 2026
7.0
CVSS
CVE-2026-32091HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.

14 Apr 2026
7.0
CVSS
CVE-2026-32090HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally.

14 Apr 2026
7.0
CVSS
CVE-2026-34626MEDIUM

Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary file system read in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

14 Apr 2026
6.3
CVSS
← PrevPage 27 / 34Next →