CVE Database

108577+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-44802
7.8 HIGH

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-44801
7.5 HIGH

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

Jun 9, 2026
CVE-2026-44799
7.5 HIGH

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

Jun 9, 2026
CVE-2026-42993
7.5 HIGH

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

Jun 9, 2026
CVE-2026-42992
7.5 HIGH

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

Jun 9, 2026
CVE-2026-42991
7.8 HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42989
7.8 HIGH

Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42987
8.1 HIGH

Use after free in Windows Deployment Services allows an unauthorized attacker to execute code over a network.

Jun 9, 2026
CVE-2026-42986
7.8 HIGH

Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42985
8.8 HIGH

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

Jun 9, 2026
CVE-2026-42984
7.0 HIGH

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42983
7.8 HIGH

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42981
8.1 HIGH

Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.

Jun 9, 2026
CVE-2026-42980
7.8 HIGH

Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42979
7.8 HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42978
7.8 HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42977
7.8 HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42974
8.1 HIGH

Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.

Jun 9, 2026
CVE-2026-42973
5.5 MEDIUM

Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.

Jun 9, 2026
CVE-2026-42972
5.5 MEDIUM

Exposure of sensitive information to an unauthorized actor in Windows Hyper-V allows an authorized attacker to disclose information locally.

Jun 9, 2026
CVE-2026-42971
5.5 MEDIUM

Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.

Jun 9, 2026
CVE-2026-42970
5.5 MEDIUM

Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.

Jun 9, 2026
CVE-2026-42969
5.5 MEDIUM

Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.

Jun 9, 2026
CVE-2026-42968
5.5 MEDIUM

Out-of-bounds read in Windows Telephony Service allows an authorized attacker to disclose information locally.

Jun 9, 2026
CVE-2026-42916
7.8 HIGH

Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42915
5.7 MEDIUM

Incorrect calculation of buffer size in Windows TCP/IP allows an authorized attacker to deny service over an adjacent network.

Jun 9, 2026
CVE-2026-42914
5.3 MEDIUM

Windows Kerberos Denial of Service Vulnerability

Jun 9, 2026
CVE-2026-42913
7.5 HIGH

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

Jun 9, 2026
CVE-2026-42912
7.0 HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42911
7.0 HIGH

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42910
7.8 HIGH

Out-of-bounds write in Windows Hotpatch Monitoring Service allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42909
7.5 HIGH

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

Jun 9, 2026
CVE-2026-42908
7.5 HIGH

Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.

Jun 9, 2026
CVE-2026-42907
6.5 MEDIUM

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.

Jun 9, 2026
CVE-2026-42906
5.5 MEDIUM

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.

Jun 9, 2026
CVE-2026-42905
7.8 HIGH

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42904
9.6 CRITICAL

Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network.

Jun 9, 2026
CVE-2026-42903
6.5 MEDIUM

Null pointer dereference in Windows Kerberos allows an authorized attacker to deny service over a network.

Jun 9, 2026
CVE-2026-42902
7.8 HIGH

Improper authorization in Microsoft PowerToys allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42837
7.8 HIGH

Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42836
7.0 HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42835
8.1 HIGH

Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Teams for Android allows an authorized attacker to disclose information …

Jun 9, 2026
CVE-2026-42829
7.8 HIGH

Improper access control in Windows Administrator Protection allows an authorized attacker to bypass a security feature locally.

Jun 9, 2026
CVE-2026-42828
7.8 HIGH

Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42771
6.2 MEDIUM

Issue summary: When the X509_VERIFY_PARAM_set1_email is called by an application to validate a crafted e-mail address, such as during S/MIME message validation, an out of …

Jun 9, 2026
CVE-2026-42770
3.7 LOW

Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X9.42) peer key, the peer key is not properly checked for the subgroup membership. Impact summary: …

Jun 9, 2026
CVE-2026-42769
5.3 MEDIUM

Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key update Certificate Management Protocol (CMP) message response …

Jun 9, 2026
CVE-2026-42768
3.7 LOW

Issue summary: The CMS_decrypt and PKCS7_decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to provide the CMS or S/MIME messages and …

Jun 9, 2026
CVE-2026-42767
5.9 MEDIUM

Issue summary: An attacker-controlled CMP (Certificate Management Protocol) server could trigger a NULL pointer dereference in a CMP client application. Impact summary: A NULL pointer …

Jun 9, 2026
CVE-2026-42766
5.9 MEDIUM

Issue summary: A specially crafted password-encrypted CMS message can trigger a NULL pointer dereference during CMS decryption. Impact summary: This NULL pointer dereference leads to …

Jun 9, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.