Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
14,519 matching · page 92/291Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2026-40419(opens NVD record) | High | 7.8 | Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-40418(opens NVD record) | High | 7.8 | Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-40417(opens NVD record) | High | 7.8 | Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-40416(opens NVD record) | Medium | 4.3 | User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | May 12, 2026 |
| CVE-2026-40415(opens NVD record) | High | 8.1 | Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network. | May 12, 2026 |
| CVE-2026-40414(opens NVD record) | High | 7.4 | Windows TCP/IP Denial of Service Vulnerability | May 12, 2026 |
| CVE-2026-40413(opens NVD record) | High | 7.4 | Windows TCP/IP Denial of Service Vulnerability | May 12, 2026 |
| CVE-2026-40410(opens NVD record) | High | 7.0 | Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-40408(opens NVD record) | High | 7.8 | Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-40407(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-40406(opens NVD record) | High | 7.5 | Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network. | May 12, 2026 |
| CVE-2026-40405(opens NVD record) | High | 7.5 | Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network. | May 12, 2026 |
| CVE-2026-40403(opens NVD record) | High | 8.8 | Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally. | May 12, 2026 |
| CVE-2026-40402(opens NVD record) | Critical | 9.3 | Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-40401(opens NVD record) | High | 7.1 | Windows TCP/IP Denial of Service Vulnerability | May 12, 2026 |
| CVE-2026-40399(opens NVD record) | High | 7.8 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-40398(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-40397(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-40382(opens NVD record) | High | 7.8 | Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-40381(opens NVD record) | High | 7.8 | Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-40380(opens NVD record) | Medium | 6.2 | Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack. | May 12, 2026 |
| CVE-2026-40379(opens NVD record) | Critical | 9.3 | Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized attacker to perform spoofing over a network. | May 12, 2026 |
| CVE-2026-40377(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-40374(opens NVD record) | Medium | 6.5 | Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network. | May 12, 2026 |
| CVE-2026-40370(opens NVD record) | High | 8.8 | External control of file name or path in SQL Server allows an authorized attacker to execute code over a network. | May 12, 2026 |
| CVE-2026-40369(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-40368(opens NVD record) | High | 8.0 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | May 12, 2026 |
| CVE-2026-40367(opens NVD record) | High | 8.4 | Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally. | May 12, 2026 |
| CVE-2026-40366(opens NVD record) | High | 8.4 | Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally. | May 12, 2026 |
| CVE-2026-40365(opens NVD record) | High | 8.8 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | May 12, 2026 |
| CVE-2026-40364(opens NVD record) | High | 8.4 | Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally. | May 12, 2026 |
| CVE-2026-40363(opens NVD record) | High | 8.4 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | May 12, 2026 |
| CVE-2026-40362(opens NVD record) | High | 7.8 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | May 12, 2026 |
| CVE-2026-40361(opens NVD record) | High | 8.4 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | May 12, 2026 |
| CVE-2026-40360(opens NVD record) | High | 7.8 | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | May 12, 2026 |
| CVE-2026-40359(opens NVD record) | High | 7.8 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | May 12, 2026 |
| CVE-2026-40358(opens NVD record) | High | 8.4 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | May 12, 2026 |
| CVE-2026-40357(opens NVD record) | High | 8.8 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | May 12, 2026 |
| CVE-2026-35440(opens NVD record) | Medium | 5.5 | Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | May 12, 2026 |
| CVE-2026-35439(opens NVD record) | High | 8.8 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | May 12, 2026 |
| CVE-2026-35438(opens NVD record) | High | 8.3 | Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network. | May 12, 2026 |
| CVE-2026-35436(opens NVD record) | High | 8.8 | Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-35433(opens NVD record) | High | 7.3 | Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-35429(opens NVD record) | Medium | 4.3 | User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | May 12, 2026 |
| CVE-2026-35424(opens NVD record) | High | 7.5 | Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network. | May 12, 2026 |
| CVE-2026-35423(opens NVD record) | Medium | 5.4 | Out-of-bounds read in Telnet Client allows an unauthorized attacker to disclose information over a network. | May 12, 2026 |
| CVE-2026-35422(opens NVD record) | Medium | 6.5 | Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized attacker to bypass a security feature over a network. | May 12, 2026 |
| CVE-2026-35421(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally. | May 12, 2026 |
| CVE-2026-35420(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-35419(opens NVD record) | Medium | 5.5 | Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally. | May 12, 2026 |