CVE-2026-47291 — CVSS 9.8 (critical): Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.
CVE-2025-47981 — CVSS 9.8 (critical): Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network.
CVE-2025-60724 — CVSS 9.8 (critical): Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.
CVE-2026-44815 — CVSS 9.8 (critical): Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code over a network.
CVE-2026-45602 — CVSS 9.1 (critical): No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network.
CVE-2025-24051 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a…
CVE-2025-53778 — CVSS 8.8 (high): Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network.
CVE-2026-25188 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to elevate privileges over an adjacent network.
CVE-2026-25177 — CVSS 8.8 (high): Improper restriction of names for files and other resources in Active Directory Domain Services allows an authorized attacker to elevate…
CVE-2025-53145 — CVSS 8.8 (high): Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over…
CVE-2026-40403 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally.
CVE-2025-53144 — CVSS 8.8 (high): Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over…
CVE-2025-53143 — CVSS 8.8 (high): Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over…
CVE-2025-21205 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
CVE-2025-49740 — CVSS 8.8 (high): Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network.
CVE-2025-24056 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Telephony Server allows an unauthorized attacker to execute code over a network.
CVE-2025-58715 — CVSS 8.8 (high): Integer overflow or wraparound in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.
CVE-2025-55234 — CVSS 8.8 (high): SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these…
CVE-2025-54918 — CVSS 8.8 (high): Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network.
CVE-2026-26178 — CVSS 8.8 (high): Integer size truncation in Windows Advanced Rasterization Platform (WARP) allows an unauthorized attacker to elevate privileges locally.
CVE-2026-20868 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a…
CVE-2025-47986 — CVSS 8.8 (high): Use after free in Universal Print Management Service allows an authorized attacker to elevate privileges locally.
CVE-2026-34329 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network.
CVE-2025-33066 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a…
CVE-2025-33064 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
CVE-2025-21221 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
CVE-2025-64678 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a…
CVE-2025-21222 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
CVE-2025-62549 — CVSS 8.8 (high): Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a…