Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10557
Total
721
Critical
3059
High
3365
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-40380 | MEDIUM | 6.2 | Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack. | May 12, 2026 |
| CVE-2026-40379 | CRITICAL | 9.3 | Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized attacker to perform spoofing over a network. | May 12, 2026 |
| CVE-2026-40377 | HIGH | 7.8 | Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-40374 | MEDIUM | 6.5 | Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network. | May 12, 2026 |
| CVE-2026-40370 | HIGH | 8.8 | External control of file name or path in SQL Server allows an authorized attacker to execute code over a network. | May 12, 2026 |
| CVE-2026-40369 | HIGH | 7.8 | Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-40368 | HIGH | 8.0 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | May 12, 2026 |
| CVE-2026-40367 | HIGH | 8.4 | Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. | May 12, 2026 |
| CVE-2026-40366 | HIGH | 8.4 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | May 12, 2026 |
| CVE-2026-40365 | HIGH | 8.8 | Insufficient granularity of access control in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | May 12, 2026 |
| CVE-2026-40364 | HIGH | 8.4 | Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally. | May 12, 2026 |
| CVE-2026-40363 | HIGH | 8.4 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | May 12, 2026 |
| CVE-2026-40362 | HIGH | 7.8 | Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | May 12, 2026 |
| CVE-2026-40361 | HIGH | 8.4 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | May 12, 2026 |
| CVE-2026-40360 | HIGH | 7.8 | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | May 12, 2026 |
| CVE-2026-40359 | HIGH | 7.8 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | May 12, 2026 |
| CVE-2026-40358 | HIGH | 8.4 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | May 12, 2026 |
| CVE-2026-40357 | HIGH | 8.8 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | May 12, 2026 |
| CVE-2026-35440 | MEDIUM | 5.5 | Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | May 12, 2026 |
| CVE-2026-35439 | HIGH | 8.8 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | May 12, 2026 |
| CVE-2026-35438 | HIGH | 8.3 | Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network. | May 12, 2026 |
| CVE-2026-35436 | HIGH | 8.8 | Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-35433 | HIGH | 7.3 | Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-35429 | MEDIUM | 4.3 | User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. | May 12, 2026 |
| CVE-2026-35424 | HIGH | 7.5 | Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network. | May 12, 2026 |