Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
9,069 matching · page 80/182Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2026-42833(opens NVD record) | Critical | 9.1 | Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network. | May 12, 2026 |
| CVE-2026-42832(opens NVD record) | High | 7.7 | Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally. | May 12, 2026 |
| CVE-2026-42831(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | May 12, 2026 |
| CVE-2026-42830(opens NVD record) | Medium | 6.5 | Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-42825(opens NVD record) | High | 7.0 | Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-42823(opens NVD record) | Critical | 9.9 | Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network. | May 12, 2026 |
| CVE-2026-41614(opens NVD record) | Medium | 6.2 | Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally. | May 12, 2026 |
| CVE-2026-41613(opens NVD record) | High | 8.8 | Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network. | May 12, 2026 |
| CVE-2026-41612(opens NVD record) | Medium | 5.5 | Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally. | May 12, 2026 |
| CVE-2026-41611(opens NVD record) | High | 7.8 | Improper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthorized attacker to execute code locally. | May 12, 2026 |
| CVE-2026-41610(opens NVD record) | Medium | 6.3 | Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally. | May 12, 2026 |
| CVE-2026-41109(opens NVD record) | High | 8.8 | Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network. | May 12, 2026 |
| CVE-2026-41107(opens NVD record) | High | 7.4 | External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network. | May 12, 2026 |
| CVE-2026-41103(opens NVD record) | Critical | 9.1 | Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network. | May 12, 2026 |
| CVE-2026-41102(opens NVD record) | High | 7.1 | Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally. | May 12, 2026 |
| CVE-2026-41101(opens NVD record) | High | 7.1 | Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally. | May 12, 2026 |
| CVE-2026-41100(opens NVD record) | Medium | 4.4 | Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally. | May 12, 2026 |
| CVE-2026-41097(opens NVD record) | Medium | 6.7 | Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. | May 12, 2026 |
| CVE-2026-41096(opens NVD record) | Critical | 9.8 | Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network. | May 12, 2026 |
| CVE-2026-41095(opens NVD record) | High | 7.8 | Use after free in Data Deduplication allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-41094(opens NVD record) | High | 8.8 | Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network. | May 12, 2026 |
| CVE-2026-41089(opens NVD record) | Critical | 9.8 | Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network. | May 12, 2026 |
| CVE-2026-41088(opens NVD record) | High | 7.8 | Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-41086(opens NVD record) | High | 8.8 | Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network. | May 12, 2026 |
| CVE-2026-40421(opens NVD record) | Medium | 4.3 | Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | May 12, 2026 |
| CVE-2026-40420(opens NVD record) | High | 8.8 | Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-40419(opens NVD record) | High | 7.8 | Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-40418(opens NVD record) | High | 7.8 | Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-40417(opens NVD record) | High | 7.8 | Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-40416(opens NVD record) | Medium | 4.3 | User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | May 12, 2026 |
| CVE-2026-40415(opens NVD record) | High | 8.1 | Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network. | May 12, 2026 |
| CVE-2026-40414(opens NVD record) | High | 7.4 | Windows TCP/IP Denial of Service Vulnerability | May 12, 2026 |
| CVE-2026-40413(opens NVD record) | High | 7.4 | Windows TCP/IP Denial of Service Vulnerability | May 12, 2026 |
| CVE-2026-40410(opens NVD record) | High | 7.0 | Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-40408(opens NVD record) | High | 7.8 | Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-40407(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-40406(opens NVD record) | High | 7.5 | Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network. | May 12, 2026 |
| CVE-2026-40405(opens NVD record) | High | 7.5 | Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network. | May 12, 2026 |
| CVE-2026-40403(opens NVD record) | High | 8.8 | Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally. | May 12, 2026 |
| CVE-2026-40402(opens NVD record) | Critical | 9.3 | Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-40401(opens NVD record) | High | 7.1 | Windows TCP/IP Denial of Service Vulnerability | May 12, 2026 |
| CVE-2026-40399(opens NVD record) | High | 7.8 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-40398(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-40397(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-40382(opens NVD record) | High | 7.8 | Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-40381(opens NVD record) | High | 7.8 | Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-40380(opens NVD record) | Medium | 6.2 | Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack. | May 12, 2026 |
| CVE-2026-40379(opens NVD record) | Critical | 9.3 | Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized attacker to perform spoofing over a network. | May 12, 2026 |
| CVE-2026-40377(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-40374(opens NVD record) | Medium | 6.5 | Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network. | May 12, 2026 |