CVE Database

109287+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-40381
7.8 HIGH

Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-40380
6.2 MEDIUM

Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack.

May 12, 2026
CVE-2026-40379
9.3 CRITICAL

Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized attacker to perform spoofing over a network.

May 12, 2026
CVE-2026-40377
7.8 HIGH

Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-40374
6.5 MEDIUM

Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network.

May 12, 2026
CVE-2026-40370
8.8 HIGH

External control of file name or path in SQL Server allows an authorized attacker to execute code over a network.

May 12, 2026
CVE-2026-40369
7.8 HIGH

Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-40368
8.0 HIGH

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

May 12, 2026
CVE-2026-40367
8.4 HIGH

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

May 12, 2026
CVE-2026-40366
8.4 HIGH

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

May 12, 2026
CVE-2026-40365
8.8 HIGH

Insufficient granularity of access control in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

May 12, 2026
CVE-2026-40364
8.4 HIGH

Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.

May 12, 2026
CVE-2026-40363
8.4 HIGH

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

May 12, 2026
CVE-2026-40362
7.8 HIGH

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

May 12, 2026
CVE-2026-40361
8.4 HIGH

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

May 12, 2026
CVE-2026-40360
7.8 HIGH

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

May 12, 2026
CVE-2026-40359
7.8 HIGH

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

May 12, 2026
CVE-2026-40358
8.4 HIGH

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

May 12, 2026
CVE-2026-40357
8.8 HIGH

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

May 12, 2026
CVE-2026-35440
5.5 MEDIUM

Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

May 12, 2026
CVE-2026-35439
8.8 HIGH

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

May 12, 2026
CVE-2026-35438
8.3 HIGH

Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

May 12, 2026
CVE-2026-35436
8.8 HIGH

Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-35433
7.3 HIGH

Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-35429
4.3 MEDIUM

User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.

May 12, 2026
CVE-2026-35424
7.5 HIGH

Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network.

May 12, 2026
CVE-2026-35423
5.4 MEDIUM

Out-of-bounds read in Telnet Client allows an unauthorized attacker to disclose information over a network.

May 12, 2026
CVE-2026-35422
6.5 MEDIUM

Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized attacker to bypass a security feature over a network.

May 12, 2026
CVE-2026-35421
7.8 HIGH

Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally.

May 12, 2026
CVE-2026-35420
7.8 HIGH

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-35419
5.5 MEDIUM

Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.

May 12, 2026
CVE-2026-35418
7.8 HIGH

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-35417
7.8 HIGH

Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-35416
7.0 HIGH

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-35415
7.8 HIGH

Integer overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-34687
7.8 HIGH

Illustrator versions 29.8.6, 30.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of …

May 12, 2026
CVE-2026-34676
7.8 HIGH

Substance3D - Painter versions 12.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …

May 12, 2026
CVE-2026-34675
7.8 HIGH

Substance3D - Painter versions 12.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …

May 12, 2026
CVE-2026-34663
5.5 MEDIUM

Illustrator versions 29.8.6, 30.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage …

May 12, 2026
CVE-2026-34662
5.5 MEDIUM

Illustrator versions 29.8.6, 30.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit …

May 12, 2026
CVE-2026-34661
7.8 HIGH

Illustrator versions 29.8.6, 30.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the …

May 12, 2026
CVE-2026-34644
7.8 HIGH

After Effects versions 26.0, 25.6.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the …

May 12, 2026
CVE-2026-34643
7.8 HIGH

After Effects versions 26.0, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …

May 12, 2026
CVE-2026-34642
7.8 HIGH

After Effects versions 26.0, 25.6.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context …

May 12, 2026
CVE-2026-34640
7.8 HIGH

Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the …

May 12, 2026
CVE-2026-34639
7.8 HIGH

Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …

May 12, 2026
CVE-2026-34638
7.8 HIGH

Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context …

May 12, 2026
CVE-2026-34637
7.8 HIGH

Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …

May 12, 2026
CVE-2026-34636
7.8 HIGH

Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …

May 12, 2026
CVE-2026-34351
7.8 HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

May 12, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.