Every CVE whose affected-product data names Microsoft Windows 10, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (200)
CVE-2020-1467 — CVSS 10.0 (critical): An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this…
CVE-2020-1112 — CVSS 9.9 (critical): An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly…
CVE-2019-1365 — CVSS 9.9 (critical): An elevation of privilege vulnerability exists when Microsoft IIS Server fails to check the length of a buffer prior to copying memory to…
CVE-2019-1384 — CVSS 9.9 (critical): A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages.To exploit this…
CVE-2016-7182 — CVSS 9.8 (critical): The Graphics component in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012…
CVE-2019-0698 — CVSS 9.8 (critical): A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client…
CVE-2019-1222 — CVSS 9.8 (critical): A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated…
CVE-2019-1181 — CVSS 9.8 (critical): A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated…
CVE-2019-0736 — CVSS 9.8 (critical): A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client. An…
CVE-2017-8589 — CVSS 9.8 (critical): Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold…
CVE-2019-0726 — CVSS 9.8 (critical): A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client…
CVE-2019-0547 — CVSS 9.8 (critical): A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client…
CVE-2018-8626 — CVSS 9.8 (critical): A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers when they fail to properly handle requests, aka…
CVE-2020-0690 — CVSS 9.8 (critical): An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege…
CVE-2017-11899 — CVSS 9.8 (critical): Device Guard in Windows 10 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass…
CVE-2019-1212 — CVSS 9.8 (critical): A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially crafted packets. An attacker who…
CVE-2019-0697 — CVSS 9.8 (critical): A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client…
CVE-2017-11771 — CVSS 9.8 (critical): The Microsoft Windows Search component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012…
CVE-2019-0786 — CVSS 9.8 (critical): An elevation of privilege vulnerability exists in the Microsoft Server Message Block (SMB) Server when an attacker with valid credentials…
CVE-2019-1182 — CVSS 9.8 (critical): A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated…
CVE-2016-3236 — CVSS 9.8 (critical): The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7…
CVE-2019-1226 — CVSS 9.8 (critical): A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated…
CVE-2019-0626 — CVSS 9.8 (critical): A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP…
CVE-2015-2435 — CVSS 9.3 (critical): Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2…
CVE-2015-2462 — CVSS 9.3 (critical): ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1…
CVE-2015-2519 — CVSS 9.3 (critical): Integer overflow in Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows…
CVE-2015-2461 — CVSS 9.3 (critical): ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1…
CVE-2015-2515 — CVSS 9.3 (critical): Use-after-free vulnerability in Windows Shell in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8…
CVE-2015-2513 — CVSS 9.3 (critical): Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server…
CVE-2015-6104 — CVSS 9.3 (critical): The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1…
CVE-2015-6103 — CVSS 9.3 (critical): The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1…
CVE-2015-2455 — CVSS 9.3 (critical): Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2…
CVE-2015-6107 — CVSS 9.3 (critical): The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows…
CVE-2015-2506 — CVSS 9.3 (critical): atmfd.dll in the Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8…
CVE-2015-2459 — CVSS 9.3 (critical): ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1…
CVE-2015-2530 — CVSS 9.3 (critical): Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server…
CVE-2015-2514 — CVSS 9.3 (critical): Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server…
CVE-2015-2456 — CVSS 9.3 (critical): Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2…
CVE-2016-0088 — CVSS 9.3 (critical): Hyper-V in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows guest OS users to execute arbitrary code on the…
CVE-2015-2458 — CVSS 9.3 (critical): ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1…
CVE-2019-0721 — CVSS 9.1 (critical): A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an…
CVE-2016-3312 — CVSS 9.1 (critical): ActiveSyncProvider in Microsoft Windows 10 Gold and 1511 allows attackers to discover credentials by leveraging failure of Universal…
CVE-2019-0719 — CVSS 9.1 (critical): A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an…
CVE-2017-0021 — CVSS 9.0 (critical): Hyper-V in Microsoft Windows 10 1607 and Windows Server 2016 does not properly validate vSMB packet data, which allows attackers to execute…
CVE-2019-0630 — CVSS 8.8 (high): A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain…
CVE-2019-0618 — CVSS 8.8 (high): A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka…
CVE-2019-0552 — CVSS 8.8 (high): An elevation of privilege exists in Windows COM Desktop Broker, aka "Windows COM Elevation of Privilege Vulnerability." This affects…
CVE-2020-0809 — CVSS 8.8 (high): A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory…
CVE-2020-0869 — CVSS 8.8 (high): A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory…
CVE-2018-8634 — CVSS 8.8 (high): A remote code execution vulnerability exists in Windows where Microsoft text-to-speech fails to properly handle objects in the memory, aka…
CVE-2018-8544 — CVSS 8.8 (high): A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine…
CVE-2020-0881 — CVSS 8.8 (high): A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka…
CVE-2018-8494 — CVSS 8.8 (high): A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka "MS XML Remote…
CVE-2020-0883 — CVSS 8.8 (high): A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka…
CVE-2020-0922 — CVSS 8.8 (high): <p>A remote code execution vulnerability exists in the way that Microsoft COM for Windows handles objects in memory. An attacker who…
CVE-2018-8475 — CVSS 8.8 (high): A remote code execution vulnerability exists when Windows does not properly handle specially crafted image files, aka "Windows Remote Code…
CVE-2018-8450 — CVSS 8.8 (high): A remote code execution vulnerability exists when Windows Search handles objects in memory, aka "Windows Search Remote Code Execution…
CVE-2020-0948 — CVSS 8.8 (high): A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory…
CVE-2020-0949 — CVSS 8.8 (high): A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory…
CVE-2018-8420 — CVSS 8.8 (high): A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka "MS XML Remote…
CVE-2018-8350 — CVSS 8.8 (high): A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory, aka "Windows PDF…
CVE-2018-8349 — CVSS 8.8 (high): A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka…
CVE-2018-8344 — CVSS 8.8 (high): A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka…
CVE-2020-0950 — CVSS 8.8 (high): A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory…
CVE-2018-8332 — CVSS 8.8 (high): A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Win32k…
CVE-2020-0964 — CVSS 8.8 (high): A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka…
CVE-2020-0981 — CVSS 8.8 (high): A security feature bypass vulnerability exists when Windows fails to properly handle token relationships.An attacker who successfully…
CVE-2018-8219 — CVSS 8.8 (high): An elevation of privilege vulnerability exists when Windows Hyper-V instruction emulation fails to properly enforce privilege levels, aka…
CVE-2020-1061 — CVSS 8.8 (high): A remote code execution vulnerability exists in the way that the Microsoft Script Runtime handles objects in memory, aka 'Microsoft Script…
CVE-2018-1016 — CVSS 8.8 (high): A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka…
CVE-2018-1015 — CVSS 8.8 (high): A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka…
CVE-2018-1013 — CVSS 8.8 (high): A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka…
CVE-2018-1012 — CVSS 8.8 (high): A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka…
CVE-2018-1010 — CVSS 8.8 (high): A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka…
CVE-2018-1004 — CVSS 8.8 (high): A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine…
CVE-2020-1067 — CVSS 8.8 (high): A remote code execution vulnerability exists in the way that Windows handles objects in memory, aka 'Windows Remote Code Execution…
CVE-2020-1080 — CVSS 8.8 (high): <p>An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory. An…
CVE-2020-1117 — CVSS 8.8 (high): A remote code execution vulnerability exists in the way that the Color Management Module (ICM32.dll) handles objects in memory, aka…
CVE-2020-1126 — CVSS 8.8 (high): A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory…
CVE-2020-1129 — CVSS 8.8 (high): <p>A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who…
CVE-2020-1238 — CVSS 8.8 (high): A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory…
CVE-2020-1239 — CVSS 8.8 (high): A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory…
CVE-2022-24487 — CVSS 8.8 (high): Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability
CVE-2016-3345 — CVSS 8.8 (high): The SMBv1 server in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold…
CVE-2016-0009 — CVSS 8.8 (high): Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows 10 Gold and 1511 allow remote attackers to…
CVE-2016-3352 — CVSS 8.8 (high): Microsoft Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 do not properly check NTLM SSO requests for MSA logins, which…
CVE-2016-3368 — CVSS 8.8 (high): Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT…
CVE-2020-1248 — CVSS 8.8 (high): A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka…
CVE-2020-1255 — CVSS 8.8 (high): An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly…
CVE-2020-1281 — CVSS 8.8 (high): A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka 'Windows OLE Remote Code…
CVE-2016-7205 — CVSS 8.8 (high): Animation Manager in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1…
CVE-2016-7217 — CVSS 8.8 (high): Media Foundation in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows…
CVE-2020-1286 — CVSS 8.8 (high): A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths.An attacker who successfully…
CVE-2020-1299 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An…
CVE-2020-1300 — CVSS 8.8 (high): A remote code execution vulnerability exists when Microsoft Windows fails to properly handle cabinet files.To exploit the vulnerability, an…
CVE-2020-1301 — CVSS 8.8 (high): A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain…
CVE-2020-1317 — CVSS 8.8 (high): An elevation of privilege vulnerability exists when Group Policy improperly checks access, aka 'Group Policy Elevation of Privilege…
CVE-2020-1408 — CVSS 8.8 (high): A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka…
CVE-2016-7272 — CVSS 8.8 (high): The Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012…
CVE-2016-7273 — CVSS 8.8 (high): The Graphics component in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows remote attackers to execute arbitrary…
CVE-2016-7274 — CVSS 8.8 (high): Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2…
CVE-2020-1412 — CVSS 8.8 (high): A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft…
CVE-2020-1421 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An…
CVE-2020-1435 — CVSS 8.8 (high): A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka…
CVE-2020-1436 — CVSS 8.8 (high): A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts.For all systems…
CVE-2020-1561 — CVSS 8.8 (high): A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who…
CVE-2020-1585 — CVSS 8.8 (high): A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who…
CVE-2020-16891 — CVSS 8.8 (high): <p>A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an…
CVE-2020-16898 — CVSS 8.8 (high): <p>A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An…
CVE-2020-0662 — CVSS 8.8 (high): A remote code execution vulnerability exists in the way that Windows handles objects in memory, aka 'Windows Remote Code Execution…
CVE-2016-0098 — CVSS 8.8 (high): Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 allow…
CVE-2016-0101 — CVSS 8.8 (high): Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and…
CVE-2017-0084 — CVSS 8.8 (high): Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2…
CVE-2020-16911 — CVSS 8.8 (high): <p>A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory…
CVE-2021-34481 — CVSS 8.8 (high): <p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An…
CVE-2016-0170 — CVSS 8.8 (high): GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2…