Microsoft MSRC
CVE-2026-42916 NT OS Kernel Elevation of Privilege Vulnerability
Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.
vulnerabilitymicrosoft
Archive
Page 11 of 19 — 1135 stories total
Microsoft MSRC
CVE-2026-42911 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-42913 Remote Desktop Client Remote Code Execution Vulnerability
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
vulnerability
Microsoft MSRC
CVE-2026-42912 Windows Telephony Service Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-42914 Windows Kerberos Denial of Service Vulnerability
Information published.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-42915 Windows TCP/IP Denial of Service Vulnerability
Incorrect calculation of buffer size in Windows TCP/IP allows an authorized attacker to deny service over an adjacent network.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-42968 Windows Telephony Server Information Disclosure Vulnerability
Out-of-bounds read in Windows Telephony Service allows an authorized attacker to disclose information locally.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-42972 Windows Hyper-V Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Hyper-V allows an authorized attacker to disclose information locally.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-42969 Windows Push Notification Information Disclosure Vulnerability
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-42971 Windows Push Notification Information Disclosure Vulnerability
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-42970 Windows Push Notification Information Disclosure Vulnerability
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-42973 Windows Push Notification Information Disclosure Vulnerability
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-42984 Windows Kernel Elevation of Privilege Vulnerability
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-42981 Windows Performance Monitor Remote Code Execution Vulnerability
Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-42974 Windows Performance Monitor Remote Code Execution Vulnerability
Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-42986 Microsoft Graphics Component Elevation of Privilege Vulnerability
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
vulnerabilitymicrosoft
EPSS 2%
Microsoft MSRC
CVE-2026-42978 Windows Push Notifications Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-42977 Windows Push Notifications Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-42979 Windows Push Notifications Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-42991 Windows Push Notifications Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-42989 Winlogon Elevation of Privilege Vulnerability
Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.
vulnerability
EPSS 3%
Microsoft MSRC
CVE-2026-44809 Windows Common Log File System Driver Elevation of Privilege Vulnerability
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-44810 Microsoft Cryptographic Services Elevation of Privilege Vulnerability
Improper authentication in Windows Cryptographic Services allows an unauthorized attacker to elevate privileges locally.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-42992 Remote Desktop Client Remote Code Execution Vulnerability
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
vulnerability
Microsoft MSRC
CVE-2026-44805 Windows Network Controller (NC) Host Agent Denial of Service Vulnerability
Use after free in Windows Network Controller (NC) Host Agent allows an authorized attacker to deny service locally.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-44811 Windows DWM Core Library Elevation of Privilege Vulnerability
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-44808 Windows DWM Core Library Elevation of Privilege Vulnerability
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-44807 Windows DWM Core Library Elevation of Privilege Vulnerability
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-44799 Remote Desktop Client Remote Code Execution Vulnerability
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
vulnerability
Microsoft MSRC
CVE-2026-44815 DHCP Client Service Remote Code Execution Vulnerability
Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code over a network.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-42983 Windows DWM Core Library Elevation of Privilege Vulnerability
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-44802 Windows DWM Core Library Elevation of Privilege Vulnerability
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-44814 Windows DWM Core Library Information Disclosure Vulnerability
Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-44801 Remote Desktop Client Remote Code Execution Vulnerability
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
vulnerability
Microsoft MSRC
CVE-2026-42985 Remote Desktop Client Remote Code Execution Vulnerability
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
vulnerability
Microsoft MSRC
CVE-2026-42987 Windows Deployment Services (WDS) Remote Code Execution
Use after free in Windows Deployment Services allows an unauthorized attacker to execute code over a network.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-44803 Windows Graphics Component Remote Code Execution Vulnerability
Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-44812 Windows Graphics Component Remote Code Execution Vulnerability
Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-42993 Remote Desktop Client Remote Code Execution Vulnerability
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
vulnerability
Microsoft MSRC
CVE-2026-44813 Windows DWM Core Library Elevation of Privilege Vulnerability
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-44804 Windows DWM Core Library Elevation of Privilege Vulnerability
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2024-49075 Windows Remote Desktop Services Denial of Service Vulnerability
To comprehensively address this vulnerability Windows 11 Version 26H1 for ARM64-based Systems and Windows 11 Version 26H1 for64-based Systems have been added to the Security Updates table. Microsoft recommend updating to the June 2026 version of your Windows operating systems.
vulnerabilitymicrosoft
EPSS 3%
Microsoft MSRC
CVE-2024-49123 Windows Remote Desktop Services Remote Code Execution Vulnerability
To comprehensively address this vulnerability Windows 11 Version 26H1 for ARM64-based Systems and Windows 11 Version 26H1 for64-based Systems have been added to the Security Updates table. Microsoft recommend updating to the June 2026 version of your Windows operating systems.
vulnerabilitymicrosoft
EPSS 1%
Microsoft MSRC
CVE-2024-49132 Windows Remote Desktop Services Remote Code Execution Vulnerability
To comprehensively address this vulnerability Windows 11 Version 26H1 for ARM64-based Systems and Windows 11 Version 26H1 for64-based Systems have been added to the Security Updates table. Microsoft recommend updating to the June 2026 version of your Windows operating systems.
vulnerabilitymicrosoft
EPSS 1%
Microsoft MSRC
CVE-2025-21330 Windows Remote Desktop Services Denial of Service Vulnerability
To comprehensively address this vulnerability Windows 11 Version 26H1 for ARM64-based Systems and Windows 11 Version 26H1 for64-based Systems have been added to the Security Updates table. Microsoft recommend updating to the June 2026 version of your Windows operating systems.
vulnerabilitymicrosoft
EPSS 2%
Microsoft MSRC
CVE-2024-43582 Remote Desktop Protocol Server Remote Code Execution Vulnerability
To comprehensively address this vulnerability Windows 11 Version 26H1 for ARM64-based Systems and Windows 11 Version 26H1 for64-based Systems have been added to the Security Updates table. Microsoft recommend updating to the June 2026 version of your Windows operating systems.
vulnerabilitymicrosoft
EPSS 3%
Microsoft MSRC
CVE-2020-17103 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
To comprehensively address the vulnerability identified by CVE-2020-17103, Microsoft recommends installing the June 2026 updates for your Windows operating systems.
vulnerabilitymicrosoftcloud
EPSS 1%
CISA Alerts
Siemens KACO Blueplanet Inverters
View CSAF Summary KACO blueplanet Inverters contain multiple vulnerabilities that could allow an attacker to derive the credentials from the devices serial number and misuse them to gain unauthorized access. KACO new energy GmbH has released new versions for several affected p...
vulnerability
CISA Alerts
Schneider Electric EcoStruxure Panel Server
View CSAF Summary Schneider Electric is aware of its vulnerability in its EcoStruxure Panel Server offer. The EcoStruxure Panel Server is a high performance, modular gateway with enhanced cybersecurity that provides easy and fast connections to multiple concurrent edge control...
vulnerability
CISA Alerts
Schneider Electric Modicon Network Managed Switches
View CSAF Summary Schneider Electric is aware of a RADIUS protocol vulnerability affecting its Modicon Network Managed Switch product. The Modicon Network Managed Switch product provides connectivity for multiple Ethernet devices, network management, enhanced cyber security an...
vulnerability
CISA Alerts
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-7473 Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability CVE-2026-11645 Google Chromium V8 ...
vulnerability
Actively exploited · EPSS <1%
WeLiveSecurity
Cybercriminals: the 'auditors' you never hired
Every organisation gets audited. The question is who does the auditing.
Microsoft MSRC
CVE-2026-50292 In libinput before 1.30.4 and 1.31.x before 1.31.3, libinput-device-group unescaped phys output can inject udev properties leading to arbitrary root code execution
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46272 coresight: tmc-etr: Fix race condition between sysfs and perf mode
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46250 MIPS: Work around LLVM bug when gp is used as global register variable
Information published.
vulnerability
Microsoft MSRC
CVE-2026-50031 ipmi-oem in FreeIPMI before 1.6.18 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface (IPMI) specification defines a set of interfaces for platform management. It is implemented by a large number of hardware manufacturers to support system management. It is most commonly used for sensor reading (e.g., CPU temperatures through the ipmi-sensors command within FreeIPMI) and remote power control (the ipmipower command). The ipmi-oem client command implements a set of a IPMI OEM commands for specific hardware vendors. If a user has supported hardware, they may wish to use the ipmi-oem command to send a request to a server to retrieve specific information. Two subcommands "ipmi-oem dell get-active-directory-config" and "ipmi-oem fujitsu get-sel-entry-long-text" were found to have exploitable buffer overflows on response messages.
Information published.
vulnerability
Microsoft MSRC
CVE-2026-50263 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free information disclosure in createsaverwindow()
Information published.
vulnerability
Microsoft MSRC
CVE-2026-50258 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in xkb key types due to unchecked shift levels
Information published.
vulnerability
Microsoft MSRC
CVE-2026-50257 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in misyncdestroyfence()
Information published.
vulnerability
Microsoft MSRC
CVE-2026-50259 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in xkb setmap request via mapwidths indexing
Information published.
vulnerability