Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.3 CRITICAL
CVE-2026-40402 — Windows Hyper-V Elevation of Privilege Vulnerability

Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.

May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
7.1 HIGH
CVE-2026-40401 — Windows TCP/IP Denial of Service Vulnerability

Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service locally.

May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
7.8 HIGH
CVE-2026-40399 — Windows TCP/IP Elevation of Privilege Vulnerability

Stack-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
7.8 HIGH
CVE-2026-40398 — Windows Remote Desktop Services Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
7.8 HIGH
CVE-2026-40397 — Windows Common Log File System Driver Elevation of Privilege Vulnerability

Integer underflow (wrap or wraparound) in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
7.8 HIGH
CVE-2026-40382 — Windows Telephony Service Elevation of Privilege Vulnerability

Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
7.8 HIGH
CVE-2026-40381 — Azure Connected Machine Agent Elevation of Privilege Vulnerability

Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.

May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
6.2 MEDIUM
CVE-2026-40380 — Windows Volume Manager Extension Driver Remote Code Execution Vulnerability

Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack.

May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
9.3 CRITICAL
CVE-2026-40379 — Microsoft Enterprise Security Token Service (ESTS) Spoofing Vulnerability

Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized attacker to perform spoofing over a network.

May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
7.8 HIGH
CVE-2026-40377 — Microsoft Cryptographic Services Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.

May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
6.5 MEDIUM
CVE-2026-40374 — Microsoft Power Automate Desktop Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network.

May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
8.8 HIGH
CVE-2026-40370 — SQL Server Remote Code Execution Vulnerability

External control of file name or path in SQL Server allows an authorized attacker to execute code over a network.

May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
7.8 HIGH
CVE-2026-40369 — Windows Kernel Elevation of Privilege Vulnerability

Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.

May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
8.0 HIGH
CVE-2026-40368 — Microsoft SharePoint Server Remote Code Execution Vulnerability

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
8.4 HIGH
CVE-2026-40367 — Microsoft Word Remote Code Execution Vulnerability

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
8.4 HIGH
CVE-2026-40366 — Microsoft Word Remote Code Execution Vulnerability

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
8.8 HIGH
CVE-2026-40365 — Microsoft SharePoint Server Remote Code Execution Vulnerability

Insufficient granularity of access control in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
8.4 HIGH
CVE-2026-40364 — Microsoft Word Remote Code Execution Vulnerability

Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.

May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
8.4 HIGH
CVE-2026-40363 — Microsoft Office Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
7.8 HIGH
CVE-2026-40362 — Microsoft Excel Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
Showing 20 of 6156 Results