Microsoft CVEs & Vulnerabilities

1.621 CVEs affecting Microsoft products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

1.621 CVEs→ All vendors

Most Affected Products

windows 1.168windows server 2012 286windows 11 26h1 242windows server 2025 242windows 11 25h2 235windows 11 24h2 235windows server 2022 225windows 11 23h2 218
CVE-2026-44821MEDIUM

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

9 Jun 2026
5.5
CVSS
CVE-2026-44820HIGH

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

9 Jun 2026
7.8
CVSS
CVE-2026-44819HIGH

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

9 Jun 2026
7.8
CVSS
CVE-2026-44818HIGH

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

9 Jun 2026
7.0
CVSS
CVE-2026-44817HIGH

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

9 Jun 2026
7.8
CVSS
CVE-2026-44815CRITICAL

Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code over a network.

9 Jun 2026
9.8
CVSS
CVE-2026-44814MEDIUM

Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.

9 Jun 2026
5.5
CVSS
CVE-2026-44813HIGH

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

9 Jun 2026
7.8
CVSS
CVE-2026-44811HIGH

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

9 Jun 2026
7.8
CVSS
CVE-2026-44810HIGH

Improper authentication in Windows Cryptographic Services allows an unauthorized attacker to elevate privileges locally.

9 Jun 2026
7.8
CVSS
CVE-2026-44809HIGH

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

9 Jun 2026
7.8
CVSS
CVE-2026-44808HIGH

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

9 Jun 2026
7.8
CVSS
CVE-2026-44807HIGH

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

9 Jun 2026
7.8
CVSS
CVE-2026-44805MEDIUM

Use after free in Windows Network Controller (NC) Host Agent allows an authorized attacker to deny service locally.

9 Jun 2026
5.5
CVSS
CVE-2026-44804HIGH

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

9 Jun 2026
7.8
CVSS
CVE-2026-44802HIGH

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

9 Jun 2026
7.8
CVSS
CVE-2026-44801HIGH

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

9 Jun 2026
7.5
CVSS
CVE-2026-44799HIGH

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

9 Jun 2026
7.5
CVSS
CVE-2026-42993HIGH

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

9 Jun 2026
7.5
CVSS
CVE-2026-42992HIGH

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

9 Jun 2026
7.5
CVSS
CVE-2026-42991HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

9 Jun 2026
7.8
CVSS
CVE-2026-42989HIGH

Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.

9 Jun 2026
7.8
CVSS
CVE-2026-42987HIGH

Use after free in Windows Deployment Services allows an unauthorized attacker to execute code over a network.

9 Jun 2026
8.1
CVSS
CVE-2026-42986HIGH

Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

9 Jun 2026
7.8
CVSS
CVE-2026-42985HIGH

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

9 Jun 2026
8.8
CVSS
CVE-2026-42984HIGH

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

9 Jun 2026
7.0
CVSS
CVE-2026-42983HIGH

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

9 Jun 2026
7.8
CVSS
CVE-2026-42981HIGH

Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.

9 Jun 2026
8.1
CVSS
CVE-2026-42980HIGH

Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.

9 Jun 2026
7.8
CVSS
CVE-2026-42979HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

9 Jun 2026
7.8
CVSS
CVE-2026-42978HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

9 Jun 2026
7.8
CVSS
CVE-2026-42977HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

9 Jun 2026
7.8
CVSS
CVE-2026-42974HIGH

Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.

9 Jun 2026
8.1
CVSS
CVE-2026-42973MEDIUM

Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.

9 Jun 2026
5.5
CVSS
CVE-2026-42972MEDIUM

Exposure of sensitive information to an unauthorized actor in Windows Hyper-V allows an authorized attacker to disclose information locally.

9 Jun 2026
5.5
CVSS
CVE-2026-42971MEDIUM

Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.

9 Jun 2026
5.5
CVSS
CVE-2026-42970MEDIUM

Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.

9 Jun 2026
5.5
CVSS
CVE-2026-42969MEDIUM

Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.

9 Jun 2026
5.5
CVSS
CVE-2026-42968MEDIUM

Out-of-bounds read in Windows Telephony Service allows an authorized attacker to disclose information locally.

9 Jun 2026
5.5
CVSS
CVE-2026-42916HIGH

Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.

9 Jun 2026
7.8
CVSS
CVE-2026-42915MEDIUM

Incorrect calculation of buffer size in Windows TCP/IP allows an authorized attacker to deny service over an adjacent network.

9 Jun 2026
5.7
CVSS
CVE-2026-42914MEDIUM

Windows Kerberos Denial of Service Vulnerability

9 Jun 2026
5.3
CVSS
CVE-2026-42912HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

9 Jun 2026
7.0
CVSS
CVE-2026-42911HIGH

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

9 Jun 2026
7.0
CVSS
CVE-2026-42910HIGH

Out-of-bounds write in Windows Hotpatch Monitoring Service allows an authorized attacker to elevate privileges locally.

9 Jun 2026
7.8
CVSS
CVE-2026-42909HIGH

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

9 Jun 2026
7.5
CVSS
CVE-2026-42907MEDIUM

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.

9 Jun 2026
6.5
CVSS
CVE-2026-42906MEDIUM

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.

9 Jun 2026
5.5
CVSS
← PrevPage 8 / 34Next →