Microsoft CVEs & Vulnerabilities

1.621 CVEs affecting Microsoft products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

1.621 CVEs→ All vendors

Most Affected Products

windows 1.168windows server 2012 286windows 11 26h1 242windows server 2025 242windows 11 25h2 235windows 11 24h2 235windows server 2022 225windows 11 23h2 218
CVE-2026-48583HIGH

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

9 Jun 2026
7.8
CVSS
CVE-2026-48578HIGH

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

9 Jun 2026
7.9
CVSS
CVE-2026-48576HIGH

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

9 Jun 2026
7.9
CVSS
CVE-2026-48575HIGH

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

9 Jun 2026
7.9
CVSS
CVE-2026-48574HIGH

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.

9 Jun 2026
7.8
CVSS
CVE-2026-48573HIGH

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

9 Jun 2026
7.9
CVSS
CVE-2026-48570HIGH

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

9 Jun 2026
7.9
CVSS
CVE-2026-48569MEDIUM

Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.

9 Jun 2026
5.5
CVSS
CVE-2026-48568HIGH

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

9 Jun 2026
7.9
CVSS
CVE-2026-48566MEDIUM

Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.

9 Jun 2026
5.5
CVSS
CVE-2026-48565HIGH

Untrusted search path in Windows Narrator Braille allows an authorized attacker to elevate privileges locally.

9 Jun 2026
7.8
CVSS
CVE-2026-48563HIGH

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

9 Jun 2026
7.5
CVSS
CVE-2026-48562MEDIUM

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

9 Jun 2026
4.6
CVSS
CVE-2026-48560MEDIUM

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

9 Jun 2026
5.4
CVSS
CVE-2026-47656HIGH

Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.

9 Jun 2026
7.9
CVSS
CVE-2026-47654HIGH

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

9 Jun 2026
7.5
CVSS
CVE-2026-47653HIGH

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

9 Jun 2026
8.8
CVSS
CVE-2026-47652HIGH

Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.

9 Jun 2026
8.2
CVSS
CVE-2026-47648HIGH

Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.

9 Jun 2026
7.0
CVSS
CVE-2026-47641MEDIUM

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

9 Jun 2026
5.4
CVSS
CVE-2026-47640MEDIUM

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

9 Jun 2026
5.4
CVSS
CVE-2026-47639MEDIUM

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

9 Jun 2026
5.4
CVSS
CVE-2026-47638MEDIUM

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

9 Jun 2026
5.4
CVSS
CVE-2026-47637MEDIUM

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

9 Jun 2026
5.4
CVSS
CVE-2026-47636MEDIUM

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

9 Jun 2026
5.4
CVSS
CVE-2026-47635HIGH

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

9 Jun 2026
8.4
CVSS
CVE-2026-47634MEDIUM

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

9 Jun 2026
5.4
CVSS
CVE-2026-47631MEDIUM

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

9 Jun 2026
5.4
CVSS
CVE-2026-47298HIGH

Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

9 Jun 2026
8.0
CVSS
CVE-2026-47292HIGH

Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally.

9 Jun 2026
7.8
CVSS
CVE-2026-47291CRITICAL

Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.

9 Jun 2026
9.8
CVSS
CVE-2026-47289HIGH

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

9 Jun 2026
8.8
CVSS
CVE-2026-47288HIGH

Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network.

9 Jun 2026
7.1
CVSS
CVE-2026-47287MEDIUM

Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform tampering over a network.

9 Jun 2026
6.5
CVSS
CVE-2026-47284MEDIUM

Exposure of sensitive information to an unauthorized actor in Visual Studio Code allows an unauthorized attacker to disclose information over a network.

9 Jun 2026
6.5
CVSS
CVE-2026-47281CRITICAL

Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.

9 Jun 2026
9.6
CVSS
CVE-2026-45658MEDIUM

Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

9 Jun 2026
6.8
CVSS
CVE-2026-45657CRITICAL

Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network.

9 Jun 2026
9.8
CVSS
CVE-2026-45656HIGH

Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.

9 Jun 2026
7.8
CVSS
CVE-2026-45655MEDIUM

Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

9 Jun 2026
5.3
CVSS
CVE-2026-45654HIGH

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

9 Jun 2026
7.9
CVSS
CVE-2026-45653HIGH

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

9 Jun 2026
7.0
CVSS
CVE-2026-45650MEDIUM

User interface (ui) misrepresentation of critical information in Microsoft Bing allows an unauthorized attacker to perform spoofing over a network.

9 Jun 2026
4.3
CVSS
CVE-2026-45648HIGH

Stack-based buffer overflow in Active Directory Domain Services allows an authorized attacker to execute code over a network.

9 Jun 2026
8.8
CVSS
CVE-2026-45643HIGH

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

9 Jun 2026
7.8
CVSS
CVE-2026-45642LOW

Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.

9 Jun 2026
3.9
CVSS
CVE-2026-45641HIGH

Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.

9 Jun 2026
7.8
CVSS
CVE-2026-45640HIGH

Use after free in Windows Bluetooth Port Driver allows an authorized attacker to elevate privileges locally.

9 Jun 2026
7.0
CVSS
← PrevPage 6 / 34Next →