CVE Database

36500+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-40359
7.8 HIGH

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

May 12, 2026
CVE-2026-40358
8.4 HIGH

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

May 12, 2026
CVE-2026-40357
8.8 HIGH

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

May 12, 2026
CVE-2026-35439
8.8 HIGH

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

May 12, 2026
CVE-2026-35438
8.3 HIGH

Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

May 12, 2026
CVE-2026-35436
8.8 HIGH

Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-35433
7.3 HIGH

Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-35424
7.5 HIGH

Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network.

May 12, 2026
CVE-2026-35421
7.8 HIGH

Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally.

May 12, 2026
CVE-2026-35420
7.8 HIGH

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-35418
7.8 HIGH

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-35417
7.8 HIGH

Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-35416
7.0 HIGH

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-35415
7.8 HIGH

Integer overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-34687
7.8 HIGH

Illustrator versions 29.8.6, 30.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of …

May 12, 2026
CVE-2026-34676
7.8 HIGH

Substance3D - Painter versions 12.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …

May 12, 2026
CVE-2026-34675
7.8 HIGH

Substance3D - Painter versions 12.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …

May 12, 2026
CVE-2026-34661
7.8 HIGH

Illustrator versions 29.8.6, 30.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the …

May 12, 2026
CVE-2026-34644
7.8 HIGH

After Effects versions 26.0, 25.6.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the …

May 12, 2026
CVE-2026-34643
7.8 HIGH

After Effects versions 26.0, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …

May 12, 2026
CVE-2026-34642
7.8 HIGH

After Effects versions 26.0, 25.6.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context …

May 12, 2026
CVE-2026-34640
7.8 HIGH

Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the …

May 12, 2026
CVE-2026-34639
7.8 HIGH

Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …

May 12, 2026
CVE-2026-34638
7.8 HIGH

Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context …

May 12, 2026
CVE-2026-34637
7.8 HIGH

Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …

May 12, 2026
CVE-2026-34636
7.8 HIGH

Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …

May 12, 2026
CVE-2026-34351
7.8 HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-34347
7.0 HIGH

Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-34345
7.0 HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-34344
7.8 HIGH

Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-34343
7.8 HIGH

Heap-based buffer overflow in Windows Application Identity (AppID) Subsystem allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-34342
7.0 HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-34341
7.0 HIGH

Double free in Windows Link-Layer Discovery Protocol (LLDP) allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-34340
7.0 HIGH

Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-34338
7.8 HIGH

Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-34337
7.8 HIGH

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-34336
7.8 HIGH

Buffer over-read in Windows DWM Core Library allows an authorized attacker to disclose information locally.

May 12, 2026
CVE-2026-34334
7.8 HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-34333
7.8 HIGH

Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-34332
8.0 HIGH

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network.

May 12, 2026
CVE-2026-34331
7.0 HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-34330
7.8 HIGH

Integer overflow or wraparound in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-34329
8.8 HIGH

Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network.

May 12, 2026
CVE-2026-33841
7.8 HIGH

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-33840
7.8 HIGH

Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-33839
7.0 HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-33838
7.8 HIGH

Double free in Windows Message Queuing allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-33837
7.8 HIGH

Heap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-33835
7.8 HIGH

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-33834
7.8 HIGH

Improper access control in Windows Event Logging Service allows an authorized attacker to elevate privileges locally.

May 12, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.