Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.8 HIGH
CVE-2026-40382 — Windows Telephony Service Elevation of Privilege Vulnerability

Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

windows_10 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 +12 more
May 12, 2026 May 15, 2026
May 12, 2026
May 15, 2026
7.8 HIGH
CVE-2026-40381 — Azure Connected Machine Agent Elevation of Privilege Vulnerability

Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.

azure_connected_machine_agent
May 12, 2026 May 18, 2026
May 12, 2026
May 18, 2026
6.2 MEDIUM
CVE-2026-40380 — Windows Volume Manager Extension Driver Remote Code Execution Vulnerability

Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack.

windows_10 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 +12 more
May 12, 2026 May 14, 2026
May 12, 2026
May 14, 2026
9.3 CRITICAL
CVE-2026-40379 — Azure Entra ID Spoofing Vulnerability

Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized attacker to perform spoofing over a network.

microsoft_entra_id entra_id azure_enterprise_security_token_service
May 12, 2026 May 21, 2026
May 12, 2026
May 21, 2026
7.8 HIGH
CVE-2026-40377 — Microsoft Cryptographic Services Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.

windows_10 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 +12 more
May 12, 2026 May 14, 2026
May 12, 2026
May 14, 2026
6.5 MEDIUM
CVE-2026-40374 — Microsoft Power Automate Desktop Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network.

power_automate_for_desktop
May 12, 2026 May 19, 2026
May 12, 2026
May 19, 2026
8.8 HIGH
CVE-2026-40370 — SQL Server Remote Code Execution Vulnerability

External control of file name or path in SQL Server allows an authorized attacker to execute code over a network.

sql_server_2016 sql_server_2017 sql_server_2019 sql_server_2022 sql_server_2025
May 12, 2026 May 13, 2026
May 12, 2026
May 13, 2026
7.8 HIGH
CVE-2026-40369 — Windows Kernel Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

windows_11 windows_11_24h2 windows_server_2025 windows_11_25h2 windows_11_2h2 windows_11_26h1
May 12, 2026 Jun 01, 2026
May 12, 2026
Jun 01, 2026
8.0 HIGH
CVE-2026-40368 — Microsoft SharePoint Server Remote Code Execution Vulnerability

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

sharepoint_server sharepoint_enterprise_server_2016 sharepoint_server_2016 sharepoint_server_2019
May 12, 2026 May 13, 2026
May 12, 2026
May 13, 2026
8.4 HIGH
CVE-2026-40367 — Microsoft Word Remote Code Execution Vulnerability

Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.

office word sharepoint_server 365_apps sharepoint_enterprise_server_2016 office_long_term_servicing_channel +8 more
May 12, 2026 Jun 01, 2026
May 12, 2026
Jun 01, 2026
8.4 HIGH
CVE-2026-40366 — Microsoft Word Remote Code Execution Vulnerability

Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.

office word 365_apps office_long_term_servicing_channel office_macos_2024 office_macos_2021 +4 more
May 12, 2026 Jun 01, 2026
May 12, 2026
Jun 01, 2026
8.8 HIGH
CVE-2026-40365 — Microsoft SharePoint Server Remote Code Execution Vulnerability

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

sharepoint_server sharepoint_enterprise_server_2016 sharepoint_server_2016 sharepoint_server_2019
May 12, 2026 Jun 01, 2026
May 12, 2026
Jun 01, 2026
8.4 HIGH
CVE-2026-40364 — Microsoft Word Remote Code Execution Vulnerability

Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.

office word 365_apps office_long_term_servicing_channel office_macos_2024 office_macos_2021 +4 more
May 12, 2026 May 19, 2026
May 12, 2026
May 19, 2026
8.4 HIGH
CVE-2026-40363 — Microsoft Office Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

office 365_apps office_long_term_servicing_channel office_macos_2024 office_macos_2021 office_2016 +4 more
May 12, 2026 May 22, 2026
May 12, 2026
May 22, 2026
7.8 HIGH
CVE-2026-40362 — Microsoft Excel Remote Code Execution Vulnerability

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 +5 more
May 12, 2026 Jun 01, 2026
May 12, 2026
Jun 01, 2026
8.4 HIGH
CVE-2026-40361 — Microsoft Outlook and Word Remote Code Execution Vulnerability

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

office word 365_apps office_long_term_servicing_channel office_macos_2024 office_macos_2021 +4 more
May 12, 2026 Jun 03, 2026
May 12, 2026
Jun 03, 2026
7.8 HIGH
CVE-2026-40360 — Microsoft Excel Information Disclosure Vulnerability

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 +5 more
May 12, 2026 May 19, 2026
May 12, 2026
May 19, 2026
7.8 HIGH
CVE-2026-40359 — Microsoft Excel Remote Code Execution Vulnerability

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 +5 more
May 12, 2026 May 19, 2026
May 12, 2026
May 19, 2026
8.4 HIGH
CVE-2026-40358 — Microsoft Office Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

office 365_apps office_long_term_servicing_channel office_macos_2024 office_macos_2021 office_2016 +3 more
May 12, 2026 Jun 01, 2026
May 12, 2026
Jun 01, 2026
8.8 HIGH
CVE-2026-40357 — Microsoft SharePoint Server Remote Code Execution Vulnerability

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

sharepoint_server sharepoint_enterprise_server_2016 sharepoint_server_2016 sharepoint_server_2019
May 12, 2026 May 13, 2026
May 12, 2026
May 13, 2026
Showing 20 of 7376 Results