Filtered by vendor Microsoft
Subscribe
Total
24077 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-40382 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-05-15 | N/A | 7.8 HIGH |
| Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-41107 | 1 Microsoft | 1 Edge Chromium | 2026-05-15 | N/A | 7.4 HIGH |
| External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2026-40398 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-05-15 | N/A | 7.8 HIGH |
| Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-41109 | 1 Microsoft | 1 Visual Studio Code | 2026-05-15 | N/A | 8.8 HIGH |
| Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network. | |||||
| CVE-2026-40402 | 1 Microsoft | 2 Windows 11 23h2, Windows Server 2022 | 2026-05-15 | N/A | 9.3 CRITICAL |
| Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally. | |||||
| CVE-2026-40403 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-05-15 | N/A | 8.8 HIGH |
| Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally. | |||||
| CVE-2026-40405 | 1 Microsoft | 4 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 and 1 more | 2026-05-15 | N/A | 7.5 HIGH |
| Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network. | |||||
| CVE-2026-40406 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-05-15 | N/A | 7.5 HIGH |
| Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2026-40407 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-05-15 | N/A | 7.8 HIGH |
| Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-40408 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-05-15 | N/A | 7.8 HIGH |
| Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-41610 | 1 Microsoft | 1 Visual Studio Code | 2026-05-15 | N/A | 6.3 MEDIUM |
| Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally. | |||||
| CVE-2026-40410 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-05-15 | N/A | 7.0 HIGH |
| Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-40415 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 8 more | 2026-05-15 | N/A | 8.1 HIGH |
| Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2026-41611 | 1 Microsoft | 1 Visual Studio Code | 2026-05-15 | N/A | 7.8 HIGH |
| Improper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthorized attacker to execute code locally. | |||||
| CVE-2024-3566 | 6 Haskell, Microsoft, Nodejs and 3 more | 6 Process Library, Windows, Node.js and 3 more | 2026-05-15 | N/A | 9.8 CRITICAL |
| A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied. | |||||
| CVE-2026-41612 | 1 Microsoft | 1 Live Preview | 2026-05-15 | N/A | 5.5 MEDIUM |
| Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally. | |||||
| CVE-2026-41613 | 1 Microsoft | 1 Visual Studio Code | 2026-05-15 | N/A | 8.8 HIGH |
| Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network. | |||||
| CVE-2026-41134 | 1 Microsoft | 1 Kiota | 2026-05-14 | N/A | 7.8 HIGH |
| Kiota is an OpenAPI based HTTP Client code generator. Versions prior to 1.31.1 are affected by a code-generation literal injection vulnerability in multiple writer sinks (for example: serialization/deserialization keys, path/query parameter mappings, URL template metadata, enum/property metadata, and default value emission). When malicious values from an OpenAPI description are emitted into generated source without context-appropriate escaping, an attacker can break out of string literals and inject additional code into generated clients. This issue is only practically exploitable when the OpenAPI description used for generation is from an untrusted source, or a normally trusted OpenAPI description has been compromised/tampered with. Only generating from trusted, integrity-protected API descriptions significantly reduces the risk. To remediate the issue, upgrade Kiota to 1.31.1 or later and regenerate/refresh existing generated clients as a precaution. Refreshing generated clients ensures previously generated vulnerable code is replaced with hardened output. | |||||
| CVE-2026-35420 | 1 Microsoft | 6 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 3 more | 2026-05-14 | N/A | 7.8 HIGH |
| Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-35421 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-05-14 | N/A | 7.8 HIGH |
| Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally. | |||||