CVE Database

36368+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-44808
7.8 HIGH

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-44807
7.8 HIGH

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-44804
7.8 HIGH

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-44803
7.8 HIGH

Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.

Jun 9, 2026
CVE-2026-44802
7.8 HIGH

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-44801
7.5 HIGH

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

Jun 9, 2026
CVE-2026-44799
7.5 HIGH

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

Jun 9, 2026
CVE-2026-42993
7.5 HIGH

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

Jun 9, 2026
CVE-2026-42992
7.5 HIGH

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

Jun 9, 2026
CVE-2026-42991
7.8 HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42989
7.8 HIGH

Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42987
8.1 HIGH

Use after free in Windows Deployment Services allows an unauthorized attacker to execute code over a network.

Jun 9, 2026
CVE-2026-42986
7.8 HIGH

Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42985
8.8 HIGH

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

Jun 9, 2026
CVE-2026-42984
7.0 HIGH

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42983
7.8 HIGH

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42981
8.1 HIGH

Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.

Jun 9, 2026
CVE-2026-42980
7.8 HIGH

Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42979
7.8 HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42978
7.8 HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42977
7.8 HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42974
8.1 HIGH

Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.

Jun 9, 2026
CVE-2026-42916
7.8 HIGH

Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42913
7.5 HIGH

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

Jun 9, 2026
CVE-2026-42912
7.0 HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42911
7.0 HIGH

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42910
7.8 HIGH

Out-of-bounds write in Windows Hotpatch Monitoring Service allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42909
7.5 HIGH

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

Jun 9, 2026
CVE-2026-42908
7.5 HIGH

Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.

Jun 9, 2026
CVE-2026-42905
7.8 HIGH

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42902
7.8 HIGH

Improper authorization in Microsoft PowerToys allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42837
7.8 HIGH

Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42836
7.0 HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42835
8.1 HIGH

Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Teams for Android allows an authorized attacker to disclose information …

Jun 9, 2026
CVE-2026-42829
7.8 HIGH

Improper access control in Windows Administrator Protection allows an authorized attacker to bypass a security feature locally.

Jun 9, 2026
CVE-2026-42828
7.8 HIGH

Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42765
7.5 HIGH

Issue summary: When a partial-chain certificate verification is enabled together with OCSP response checking for the whole chain, a NULL dereference will happen if the …

Jun 9, 2026
CVE-2026-42764
7.5 HIGH

Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation …

Jun 9, 2026
CVE-2026-42570
7.5 HIGH

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From version 5.6.3 to before version 5.8.1, …

Jun 9, 2026
CVE-2026-42567
7.5 HIGH

Svelte is a performance oriented web framework. From version 5.51.5 to before version 5.55.7, an internal regex in the Svelte runtime can take exponential time …

Jun 9, 2026
CVE-2026-41108
7.0 HIGH

Heap-based buffer overflow in Microsoft Windows DNS allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-41098
8.4 HIGH

Improper neutralization of input during web page generation ('cross-site scripting') in Azure Stack Edge allows an authorized attacker to perform spoofing over a network.

Jun 9, 2026
CVE-2026-41092
7.8 HIGH

Improper access control in Microsoft Kinect allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-40409
7.8 HIGH

Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability

Jun 9, 2026
CVE-2026-40404
7.8 HIGH

Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability

Jun 9, 2026
CVE-2026-40376
7.5 HIGH

Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.

Jun 9, 2026
CVE-2026-40371
8.8 HIGH

Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to elevate privileges over a network.

Jun 9, 2026
CVE-2026-34335
7.0 HIGH

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-34183
7.5 HIGH

Issue summary: Remote peer may exhaust heap memory of the QUIC server or client by flooding it with packets containing PATH_CHALLENGE frames. Impact summary: A …

Jun 9, 2026
CVE-2026-34181
7.4 HIGH

Issue Summary: The PKCS#12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentication Code 1 (PBMAC1) integrity mechanism allowing …

Jun 9, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.