CVE-2020-1467 — CVSS 10.0 (critical): An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this…
CVE-2025-49708 — CVSS 9.9 (critical): Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges over a network.
CVE-2020-1112 — CVSS 9.9 (critical): An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly…
CVE-2019-1384 — CVSS 9.9 (critical): A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages.To exploit this…
CVE-2019-1365 — CVSS 9.9 (critical): An elevation of privilege vulnerability exists when Microsoft IIS Server fails to check the length of a buffer prior to copying memory to…
CVE-2019-0725 — CVSS 9.8 (critical): A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially crafted packets, aka 'Windows DHCP…
CVE-2020-0609 — CVSS 9.8 (critical): A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to…
CVE-2020-0610 — CVSS 9.8 (critical): A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to…
CVE-2019-0726 — CVSS 9.8 (critical): A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client…
CVE-2025-47981 — CVSS 9.8 (critical): Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network.
CVE-2018-8476 — CVSS 9.8 (critical): A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory, aka…
CVE-2019-0626 — CVSS 9.8 (critical): A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP…
CVE-2023-38545 — CVSS 9.8 (critical): This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the…
CVE-2018-8626 — CVSS 9.8 (critical): A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers when they fail to properly handle requests, aka…
CVE-2026-41089 — CVSS 9.8 (critical): Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.
CVE-2019-0697 — CVSS 9.8 (critical): A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client…
CVE-2019-0698 — CVSS 9.8 (critical): A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client…
CVE-2019-1226 — CVSS 9.8 (critical): A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated…
CVE-2019-0785 — CVSS 9.8 (critical): A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP…
CVE-2020-0690 — CVSS 9.8 (critical): An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege…
CVE-2026-47291 — CVSS 9.8 (critical): Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.
CVE-2019-0786 — CVSS 9.8 (critical): An elevation of privilege vulnerability exists in the Microsoft Server Message Block (SMB) Server when an attacker with valid credentials…
CVE-2019-1222 — CVSS 9.8 (critical): A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated…
CVE-2019-1212 — CVSS 9.8 (critical): A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially crafted packets. An attacker who…
CVE-2025-60724 — CVSS 9.8 (critical): Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.
CVE-2019-1182 — CVSS 9.8 (critical): A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated…
CVE-2019-1181 — CVSS 9.8 (critical): A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated…
CVE-2026-44815 — CVSS 9.8 (critical): Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code over a network.
CVE-2019-0721 — CVSS 9.1 (critical): A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an…
CVE-2019-0719 — CVSS 9.1 (critical): A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an…
CVE-2026-45602 — CVSS 9.1 (critical): No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network.
CVE-2020-0687 — CVSS 8.8 (high): A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka…
CVE-2019-1127 — CVSS 8.8 (high): A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution…
CVE-2019-1128 — CVSS 8.8 (high): A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution…
CVE-2020-1238 — CVSS 8.8 (high): A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory…
CVE-2020-1239 — CVSS 8.8 (high): A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory…
CVE-2019-0756 — CVSS 8.8 (high): A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote…
CVE-2019-1144 — CVSS 8.8 (high): A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker…
CVE-2019-1145 — CVSS 8.8 (high): A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker…
CVE-2025-59295 — CVSS 8.8 (high): Heap-based buffer overflow in Internet Explorer allows an unauthorized attacker to execute code over a network.
CVE-2019-0765 — CVSS 8.8 (high): A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory, aka 'Comctl32 Remote Code Execution…
CVE-2020-0718 — CVSS 8.8 (high): <p>A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. An…
CVE-2020-1255 — CVSS 8.8 (high): An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly…
CVE-2019-1149 — CVSS 8.8 (high): A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker…
CVE-2019-1150 — CVSS 8.8 (high): A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker…
CVE-2019-1151 — CVSS 8.8 (high): A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker…
CVE-2019-1152 — CVSS 8.8 (high): A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker…
CVE-2019-0772 — CVSS 8.8 (high): A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine…
CVE-2025-27477 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
CVE-2026-26178 — CVSS 8.8 (high): Integer size truncation in Windows Advanced Rasterization Platform (WARP) allows an unauthorized attacker to elevate privileges locally.
CVE-2025-27481 — CVSS 8.8 (high): Stack-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
CVE-2020-0729 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An…
CVE-2021-28455 — CVSS 8.8 (high): Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability
CVE-2020-0734 — CVSS 8.8 (high): A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote…
CVE-2020-1281 — CVSS 8.8 (high): A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka 'Windows OLE Remote Code…
CVE-2020-0738 — CVSS 8.8 (high): A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory…
CVE-2025-53143 — CVSS 8.8 (high): Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over…
CVE-2019-1456 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially…
CVE-2020-1061 — CVSS 8.8 (high): A remote code execution vulnerability exists in the way that the Microsoft Script Runtime handles objects in memory, aka 'Microsoft Script…
CVE-2020-1067 — CVSS 8.8 (high): A remote code execution vulnerability exists in the way that Windows handles objects in memory, aka 'Windows Remote Code Execution…
CVE-2019-1468 — CVSS 8.8 (high): A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Win32k…
CVE-2025-62549 — CVSS 8.8 (high): Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a…
CVE-2020-1080 — CVSS 8.8 (high): <p>An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory. An…