Filtered by vendor Microsoft
Subscribe
Total
24045 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-40415 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 8 more | 2026-05-15 | N/A | 8.1 HIGH |
| Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2026-41611 | 1 Microsoft | 1 Visual Studio Code | 2026-05-15 | N/A | 7.8 HIGH |
| Improper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthorized attacker to execute code locally. | |||||
| CVE-2024-3566 | 6 Haskell, Microsoft, Nodejs and 3 more | 6 Process Library, Windows, Node.js and 3 more | 2026-05-15 | N/A | 9.8 CRITICAL |
| A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied. | |||||
| CVE-2026-41612 | 1 Microsoft | 1 Live Preview | 2026-05-15 | N/A | 5.5 MEDIUM |
| Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally. | |||||
| CVE-2026-41613 | 1 Microsoft | 1 Visual Studio Code | 2026-05-15 | N/A | 8.8 HIGH |
| Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network. | |||||
| CVE-2026-41134 | 1 Microsoft | 1 Kiota | 2026-05-14 | N/A | 7.8 HIGH |
| Kiota is an OpenAPI based HTTP Client code generator. Versions prior to 1.31.1 are affected by a code-generation literal injection vulnerability in multiple writer sinks (for example: serialization/deserialization keys, path/query parameter mappings, URL template metadata, enum/property metadata, and default value emission). When malicious values from an OpenAPI description are emitted into generated source without context-appropriate escaping, an attacker can break out of string literals and inject additional code into generated clients. This issue is only practically exploitable when the OpenAPI description used for generation is from an untrusted source, or a normally trusted OpenAPI description has been compromised/tampered with. Only generating from trusted, integrity-protected API descriptions significantly reduces the risk. To remediate the issue, upgrade Kiota to 1.31.1 or later and regenerate/refresh existing generated clients as a precaution. Refreshing generated clients ensures previously generated vulnerable code is replaced with hardened output. | |||||
| CVE-2026-35420 | 1 Microsoft | 6 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 3 more | 2026-05-14 | N/A | 7.8 HIGH |
| Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-35421 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-05-14 | N/A | 7.8 HIGH |
| Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally. | |||||
| CVE-2026-35422 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-05-14 | N/A | 6.5 MEDIUM |
| Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized attacker to bypass a security feature over a network. | |||||
| CVE-2026-35423 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-05-14 | N/A | 5.4 MEDIUM |
| Out-of-bounds read in Telnet Client allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2026-35424 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-05-14 | N/A | 7.5 HIGH |
| Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network. | |||||
| CVE-2026-40377 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-05-14 | N/A | 7.8 HIGH |
| Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-40380 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-05-14 | N/A | 6.2 MEDIUM |
| Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack. | |||||
| CVE-2026-34344 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-05-14 | N/A | 7.8 HIGH |
| Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-34347 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-05-14 | N/A | 7.0 HIGH |
| Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-34350 | 1 Microsoft | 1 Windows Server 2025 | 2026-05-14 | N/A | 6.5 MEDIUM |
| Null pointer dereference in Windows Storport Miniport Driver allows an unauthorized attacker to deny service over a network. | |||||
| CVE-2026-34351 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-05-14 | N/A | 7.8 HIGH |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-35415 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-05-14 | N/A | 7.8 HIGH |
| Integer overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-35418 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 8 more | 2026-05-14 | N/A | 7.8 HIGH |
| Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-35419 | 1 Microsoft | 4 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 and 1 more | 2026-05-14 | N/A | 5.5 MEDIUM |
| Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally. | |||||