Microsoft Windows 11 25h2 — known CVE vulnerabilities
Every CVE whose affected-product data names Microsoft Windows 11 25h2, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (200)
CVE-2025-49708 — CVSS 9.9 (critical): Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges over a network.
CVE-2026-47291 — CVSS 9.8 (critical): Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.
CVE-2026-41096 — CVSS 9.8 (critical): Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.
CVE-2026-44815 — CVSS 9.8 (critical): Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code over a network.
CVE-2025-60724 — CVSS 9.8 (critical): Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.
CVE-2026-42904 — CVSS 9.6 (critical): Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network.
CVE-2026-45602 — CVSS 9.1 (critical): No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network.
CVE-2026-20868 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a…
CVE-2026-26178 — CVSS 8.8 (high): Integer size truncation in Windows Advanced Rasterization Platform (WARP) allows an unauthorized attacker to elevate privileges locally.
CVE-2025-64678 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a…
CVE-2025-62549 — CVSS 8.8 (high): Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a…
CVE-2025-62456 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an authorized attacker to execute code over a network.
CVE-2026-47289 — CVSS 8.8 (high): Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2025-58716 — CVSS 8.8 (high): Improper input validation in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.
CVE-2025-58715 — CVSS 8.8 (high): Integer overflow or wraparound in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.
CVE-2026-47653 — CVSS 8.8 (high): Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2025-59295 — CVSS 8.8 (high): Heap-based buffer overflow in Internet Explorer allows an unauthorized attacker to execute code over a network.
CVE-2026-32157 — CVSS 8.8 (high): Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-25188 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to elevate privileges over an adjacent network.
CVE-2026-32225 — CVSS 8.8 (high): Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-34329 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network.
CVE-2026-40403 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally.
CVE-2026-25177 — CVSS 8.8 (high): Improper restriction of names for files and other resources in Active Directory Domain Services allows an authorized attacker to elevate…
CVE-2026-42985 — CVSS 8.8 (high): Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-26167 — CVSS 8.8 (high): Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an…
CVE-2026-24283 — CVSS 8.8 (high): Heap-based buffer overflow in Windows File Server allows an authorized attacker to elevate privileges locally.
CVE-2026-21255 — CVSS 8.8 (high): Improper access control in Windows Hyper-V allows an authorized attacker to bypass a security feature locally.
CVE-2025-58718 — CVSS 8.8 (high): Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-45641 — CVSS 8.4 (high): Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
CVE-2026-45607 — CVSS 8.4 (high): Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
CVE-2026-44810 — CVSS 8.4 (high): Improper authentication in Windows Cryptographic Services allows an unauthorized attacker to elevate privileges locally.
CVE-2026-32221 — CVSS 8.4 (high): Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code locally.
CVE-2026-32162 — CVSS 8.4 (high): Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate privileges locally.
CVE-2026-32091 — CVSS 8.4 (high): Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an…
CVE-2026-47652 — CVSS 8.2 (high): Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
CVE-2026-45635 — CVSS 8.1 (high): Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.
CVE-2026-42974 — CVSS 8.1 (high): Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.
CVE-2026-33827 — CVSS 8.1 (high): Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized…
CVE-2026-45599 — CVSS 8.1 (high): Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.
CVE-2026-20856 — CVSS 8.1 (high): Improper input validation in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
CVE-2026-42981 — CVSS 8.1 (high): Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.
CVE-2026-40415 — CVSS 8.1 (high): Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.
CVE-2026-25173 — CVSS 8.0 (high): Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a…
CVE-2026-20931 — CVSS 8.0 (high): External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent…
CVE-2025-60715 — CVSS 8.0 (high): Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
CVE-2025-62452 — CVSS 8.0 (high): Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
CVE-2026-48570 — CVSS 7.9 (high): Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-48578 — CVSS 7.9 (high): Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-48568 — CVSS 7.9 (high): Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-45654 — CVSS 7.9 (high): Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-48575 — CVSS 7.9 (high): Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-47656 — CVSS 7.9 (high): Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.
CVE-2026-45588 — CVSS 7.9 (high): Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-48573 — CVSS 7.9 (high): Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-48576 — CVSS 7.9 (high): Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2025-24052 — CVSS 7.8 (high): Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems…
CVE-2025-54100 — CVSS 7.8 (high): Improper neutralization of special elements used in a command ('command injection') in Windows PowerShell allows an unauthorized attacker…
CVE-2025-55233 — CVSS 7.8 (high): Out-of-bounds read in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2025-55328 — CVSS 7.8 (high): Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized…
CVE-2025-55339 — CVSS 7.8 (high): Out-of-bounds read in Windows NDIS allows an authorized attacker to elevate privileges locally.
CVE-2025-55677 — CVSS 7.8 (high): Untrusted pointer dereference in Windows Device Association Broker service allows an authorized attacker to elevate privileges locally.
CVE-2025-55680 — CVSS 7.8 (high): Time-of-check time-of-use (toctou) race condition in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate…
CVE-2025-55692 — CVSS 7.8 (high): Improper input validation in Windows Error Reporting allows an authorized attacker to elevate privileges locally.
CVE-2025-55694 — CVSS 7.8 (high): Improper access control in Windows Error Reporting allows an authorized attacker to elevate privileges locally.
CVE-2025-55696 — CVSS 7.8 (high): Time-of-check time-of-use (toctou) race condition in NtQueryInformation Token function (ntifs.h) allows an authorized attacker to elevate…
CVE-2025-55701 — CVSS 7.8 (high): Improper validation of specified type of input in Microsoft Windows allows an authorized attacker to elevate privileges locally.
CVE-2025-58714 — CVSS 7.8 (high): Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2025-58720 — CVSS 7.8 (high): Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose…
CVE-2025-58722 — CVSS 7.8 (high): Heap-based buffer overflow in Windows DWM allows an authorized attacker to elevate privileges locally.
CVE-2025-58728 — CVSS 7.8 (high): Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
CVE-2025-59187 — CVSS 7.8 (high): Improper input validation in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2025-59191 — CVSS 7.8 (high): Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.
CVE-2025-59192 — CVSS 7.8 (high): Buffer over-read in Storport.sys Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-59199 — CVSS 7.8 (high): Improper access control in Software Protection Platform (SPP) allows an authorized attacker to elevate privileges locally.
CVE-2025-59201 — CVSS 7.8 (high): Improper access control in Network Connection Status Indicator (NCSI) allows an authorized attacker to elevate privileges locally.
CVE-2025-59207 — CVSS 7.8 (high): Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2025-59241 — CVSS 7.8 (high): Improper link resolution before file access ('link following') in Windows Health and Optimized Experiences Service allows an authorized…
CVE-2025-59242 — CVSS 7.8 (high): Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2025-59254 — CVSS 7.8 (high): Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2025-59255 — CVSS 7.8 (high): Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2025-59505 — CVSS 7.8 (high): Double free in Windows Smart Card allows an authorized attacker to elevate privileges locally.
CVE-2025-59511 — CVSS 7.8 (high): External control of file name or path in Windows WLAN Service allows an authorized attacker to elevate privileges locally.
CVE-2025-59512 — CVSS 7.8 (high): Improper access control in Customer Experience Improvement Program (CEIP) allows an authorized attacker to elevate privileges locally.
CVE-2025-59514 — CVSS 7.8 (high): Improper privilege management in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.
CVE-2025-59516 — CVSS 7.8 (high): Missing authentication for critical function in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-59517 — CVSS 7.8 (high): Improper access control in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-60703 — CVSS 7.8 (high): Untrusted pointer dereference in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
CVE-2025-60705 — CVSS 7.8 (high): Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.
CVE-2025-60707 — CVSS 7.8 (high): Use after free in Multimedia Class Scheduler Service (MMCSS) allows an authorized attacker to elevate privileges locally.
CVE-2025-60709 — CVSS 7.8 (high): Out-of-bounds read in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-60718 — CVSS 7.8 (high): Untrusted search path in Windows Administrator Protection allows an authorized attacker to elevate privileges locally.
CVE-2025-60720 — CVSS 7.8 (high): Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.
CVE-2025-60721 — CVSS 7.8 (high): Privilege context switching error in Windows Administrator Protection allows an authorized attacker to elevate privileges locally.
CVE-2025-62454 — CVSS 7.8 (high): Heap-based buffer overflow in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-62457 — CVSS 7.8 (high): Out-of-bounds read in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-62461 — CVSS 7.8 (high): Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-62462 — CVSS 7.8 (high): Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2025-62464 — CVSS 7.8 (high): Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2025-62466 — CVSS 7.8 (high): Null pointer dereference in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.
CVE-2025-62467 — CVSS 7.8 (high): Integer overflow or wraparound in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2025-62470 — CVSS 7.8 (high): Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-62472 — CVSS 7.8 (high): Use of uninitialized resource in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.
CVE-2025-62474 — CVSS 7.8 (high): Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.
CVE-2025-62571 — CVSS 7.8 (high): Improper input validation in Windows Installer allows an authorized attacker to elevate privileges locally.
CVE-2025-62572 — CVSS 7.8 (high): Out-of-bounds read in Application Information Services allows an authorized attacker to elevate privileges locally.
CVE-2025-64661 — CVSS 7.8 (high): Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker…
CVE-2025-64673 — CVSS 7.8 (high): Improper access control in Storvsp.sys Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-64679 — CVSS 7.8 (high): Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2025-64680 — CVSS 7.8 (high): Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-20809 — CVSS 7.8 (high): Time-of-check time-of-use (toctou) race condition in Windows Kernel Memory allows an authorized attacker to elevate privileges locally.
CVE-2026-20811 — CVSS 7.8 (high): Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges…
CVE-2026-20816 — CVSS 7.8 (high): Time-of-check time-of-use (toctou) race condition in Windows Installer allows an authorized attacker to elevate privileges locally.
CVE-2026-20817 — CVSS 7.8 (high): Improper handling of insufficient permissions or privileges in Windows Error Reporting allows an authorized attacker to elevate privileges…
CVE-2026-20820 — CVSS 7.8 (high): Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-20822 — CVSS 7.8 (high): Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2026-20826 — CVSS 7.8 (high): Concurrent execution using shared resource with improper synchronization ('race condition') in Tablet Windows User Interface (TWINUI)…
CVE-2026-20831 — CVSS 7.8 (high): Time-of-check time-of-use (toctou) race condition in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate…
CVE-2026-20832 — CVSS 7.8 (high): Windows Remote Procedure Call Interface Definition Language (IDL) Elevation of Privilege Vulnerability
CVE-2026-20837 — CVSS 7.8 (high): Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.
CVE-2026-20840 — CVSS 7.8 (high): Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.
CVE-2026-20843 — CVSS 7.8 (high): Improper access control in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally.
CVE-2026-20857 — CVSS 7.8 (high): Untrusted pointer dereference in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-20858 — CVSS 7.8 (high): Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-20859 — CVSS 7.8 (high): Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.
CVE-2026-20860 — CVSS 7.8 (high): Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized…
CVE-2026-20861 — CVSS 7.8 (high): Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an…
CVE-2026-20864 — CVSS 7.8 (high): Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.
CVE-2026-20865 — CVSS 7.8 (high): Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-20866 — CVSS 7.8 (high): Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an…
CVE-2026-20867 — CVSS 7.8 (high): Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an…
CVE-2026-20870 — CVSS 7.8 (high): Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
CVE-2026-20871 — CVSS 7.8 (high): Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-20873 — CVSS 7.8 (high): Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an…
CVE-2026-20874 — CVSS 7.8 (high): Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an…
CVE-2026-20877 — CVSS 7.8 (high): Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-20918 — CVSS 7.8 (high): Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an…
CVE-2026-20922 — CVSS 7.8 (high): Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.
CVE-2026-20923 — CVSS 7.8 (high): Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-20924 — CVSS 7.8 (high): Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-20930 — CVSS 7.8 (high): Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an…
CVE-2026-20938 — CVSS 7.8 (high): Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges…
CVE-2026-20941 — CVSS 7.8 (high): Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate…
CVE-2026-21231 — CVSS 7.8 (high): Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker…
CVE-2026-21232 — CVSS 7.8 (high): Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.
CVE-2026-21236 — CVSS 7.8 (high): Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-21238 — CVSS 7.8 (high): Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-21239 — CVSS 7.8 (high): Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-21240 — CVSS 7.8 (high): Time-of-check time-of-use (toctou) race condition in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.
CVE-2026-21245 — CVSS 7.8 (high): Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-21246 — CVSS 7.8 (high): Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2026-21250 — CVSS 7.8 (high): Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.
CVE-2026-23673 — CVSS 7.8 (high): Out-of-bounds read in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally.
CVE-2026-24287 — CVSS 7.8 (high): External control of file name or path in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-24290 — CVSS 7.8 (high): Improper access control in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2026-24291 — CVSS 7.8 (high): Incorrect permission assignment for critical resource in Windows Accessibility Infrastructure (ATBroker.exe) allows an authorized attacker…
CVE-2026-24292 — CVSS 7.8 (high): Use after free in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.
CVE-2026-24293 — CVSS 7.8 (high): Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-24294 — CVSS 7.8 (high): Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally.
CVE-2026-25165 — CVSS 7.8 (high): Null pointer dereference in Windows Performance Counters allows an authorized attacker to elevate privileges locally.
CVE-2026-25166 — CVSS 7.8 (high): Deserialization of untrusted data in Windows System Image Manager allows an authorized attacker to execute code locally.
CVE-2026-25174 — CVSS 7.8 (high): Out-of-bounds read in Windows Extensible File Allocation allows an authorized attacker to elevate privileges locally.
CVE-2026-25176 — CVSS 7.8 (high): Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-25187 — CVSS 7.8 (high): Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.
CVE-2026-26153 — CVSS 7.8 (high): Out-of-bounds read in Windows Encrypting File System (EFS) allows an authorized attacker to elevate privileges locally.
CVE-2026-26156 — CVSS 7.8 (high): Heap-based buffer overflow in Windows Hyper-V allows an unauthorized attacker to execute code locally.
CVE-2026-26159 — CVSS 7.8 (high): Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate…
CVE-2026-26160 — CVSS 7.8 (high): Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate…
CVE-2026-26161 — CVSS 7.8 (high): Untrusted pointer dereference in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally.
CVE-2026-26162 — CVSS 7.8 (high): Access of resource using incompatible type ('type confusion') in Windows OLE allows an authorized attacker to elevate privileges locally.
CVE-2026-26168 — CVSS 7.8 (high): Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for…
CVE-2026-26170 — CVSS 7.8 (high): Improper input validation in Microsoft PowerShell allows an authorized attacker to elevate privileges locally.
CVE-2026-26172 — CVSS 7.8 (high): Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an…
CVE-2026-26176 — CVSS 7.8 (high): Heap-based buffer overflow in Windows Client Side Caching driver (csc.sys) allows an authorized attacker to elevate privileges locally.
CVE-2026-26180 — CVSS 7.8 (high): Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-26181 — CVSS 7.8 (high): Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
CVE-2026-26184 — CVSS 7.8 (high): Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2026-27907 — CVSS 7.8 (high): Integer underflow (wrap or wraparound) in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.
CVE-2026-27909 — CVSS 7.8 (high): Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally.