| | CVE-2026-42913 | Microsoft | high | 7.5 | 0.5%
| | Concurrent execution using shared resource with improper synchronization ('race condition') in Remot… | Jun 9, 2026 | Jul 9, 2026 |
| | CVE-2026-42909 | Microsoft | high | 7.5 | 0.4%
| | Concurrent execution using shared resource with improper synchronization ('race condition') in Remot… | Jun 9, 2026 | Jul 9, 2026 |
| | CVE-2026-42908 | Microsoft | high | 7.5 | 0.7%
| | Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a net… | Jun 9, 2026 | Jun 17, 2026 |
| | CVE-2026-42902 | Microsoft | high | 7.8 | 0.1%
| | Improper authorization in Microsoft PowerToys allows an authorized attacker to elevate privileges lo… | Jun 9, 2026 | Jun 12, 2026 |
| | CVE-2026-42835 | Microsoft | high | 8.1 | 0.2%
| | Improper neutralization of special elements in output used by a downstream component ('injection') i… | Jun 9, 2026 | Jun 12, 2026 |
| | CVE-2026-41098 | Microsoft | high | 8.4 | 0.7%
| | Improper neutralization of input during web page generation ('cross-site scripting') in Azure Stack … | Jun 9, 2026 | Jun 17, 2026 |
| | CVE-2026-40376 | Microsoft | high | 7.5 | 0.1%
| | Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privilege… | Jun 9, 2026 | Jun 11, 2026 |
| | CVE-2026-40371 | Microsoft | high | 8.8 | 0.5%
| | Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 (on-premises) … | Jun 9, 2026 | Jun 17, 2026 |
| | CVE-2026-33113 | Microsoft | medium | 5.4 | 0.5%
| | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of… | Jun 9, 2026 | Jul 9, 2026 |
| | CVE-2026-32193 | Microsoft | high | 8.8 | 0.3%
| | Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Azure Ku… | Jun 9, 2026 | Jun 17, 2026 |
| | CVE-2026-26142 | Microsoft | critical | 9.8 | 2.0%
| | Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute c… | Jun 9, 2026 | Jun 29, 2026 |
| | CVE-2026-44804 | Microsoft | high | 7.8 | — | | Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges local… | Jun 9, 2026 | Jun 10, 2026 |
| | CVE-2026-44813 | Microsoft | high | 7.8 | — | | Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges local… | Jun 9, 2026 | Jun 10, 2026 |
| | CVE-2026-42993 | Microsoft | high | 7.5 | — | | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code … | Jun 9, 2026 | Jun 10, 2026 |
| | CVE-2026-42987 | Microsoft | high | 8.1 | — | | Use after free in Windows Deployment Services allows an unauthorized attacker to execute code over a… | Jun 9, 2026 | Jun 10, 2026 |
| | CVE-2026-44802 | Microsoft | high | 7.8 | — | | Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges local… | Jun 9, 2026 | Jun 10, 2026 |
| | CVE-2026-42983 | Microsoft | high | 7.8 | — | | Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges local… | Jun 9, 2026 | Jun 10, 2026 |
| | CVE-2026-44815 | Microsoft | critical | 9.8 | — | | Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code o… | Jun 9, 2026 | Jun 10, 2026 |
| | CVE-2026-44807 | Microsoft | high | 7.8 | — | | Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges local… | Jun 9, 2026 | Jun 10, 2026 |
| | CVE-2026-44808 | Microsoft | high | 7.8 | — | | Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges local… | Jun 9, 2026 | Jun 10, 2026 |
| | CVE-2026-44811 | Microsoft | high | 7.8 | — | | Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges local… | Jun 9, 2026 | Jun 10, 2026 |
| | CVE-2026-44810 | Microsoft | high | 8.4 | — | | Improper authentication in Windows Cryptographic Services allows an unauthorized attacker to elevate… | Jun 9, 2026 | Jun 10, 2026 |
| | CVE-2026-44809 | Microsoft | high | 7.8 | — | | Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate pri… | Jun 9, 2026 | Jun 10, 2026 |
| | CVE-2026-42989 | Microsoft | high | 7.8 | — | | Improper link resolution before file access ('link following') in Winlogon allows an authorized atta… | Jun 9, 2026 | Jun 10, 2026 |
| | CVE-2026-42991 | Microsoft | high | 7.8 | — | | Concurrent execution using shared resource with improper synchronization ('race condition') in Windo… | Jun 9, 2026 | Jun 10, 2026 |
| | CVE-2026-42979 | Microsoft | high | 7.8 | — | | Concurrent execution using shared resource with improper synchronization ('race condition') in Windo… | Jun 9, 2026 | Jun 10, 2026 |
| | CVE-2026-42977 | Microsoft | high | 7.8 | — | | Concurrent execution using shared resource with improper synchronization ('race condition') in Windo… | Jun 9, 2026 | Jun 10, 2026 |
| | CVE-2026-42978 | Microsoft | high | 7.8 | — | | Concurrent execution using shared resource with improper synchronization ('race condition') in Windo… | Jun 9, 2026 | Jun 10, 2026 |
| | CVE-2026-42986 | Microsoft | high | 7.8 | — | | Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges l… | Jun 9, 2026 | Jun 10, 2026 |
| | CVE-2026-42984 | Microsoft | high | 7.0 | — | | Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. | Jun 9, 2026 | Jun 10, 2026 |
| | CVE-2026-42912 | Microsoft | high | 7.0 | — | | Concurrent execution using shared resource with improper synchronization ('race condition') in Windo… | Jun 9, 2026 | Jun 10, 2026 |
| | CVE-2026-42911 | Microsoft | high | 7.0 | — | | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to ele… | Jun 9, 2026 | Jun 10, 2026 |
| | CVE-2026-42916 | Microsoft | high | 7.8 | — | | Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elev… | Jun 9, 2026 | Jun 10, 2026 |
| | CVE-2026-42980 | Microsoft | high | 7.8 | — | | Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elev… | Jun 9, 2026 | Jun 10, 2026 |
| | CVE-2026-42905 | Microsoft | high | 7.8 | — | | Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges local… | Jun 9, 2026 | Jun 10, 2026 |
| | CVE-2026-42904 | Microsoft | critical | 9.6 | — | | Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges o… | Jun 9, 2026 | Jun 10, 2026 |
| | CVE-2026-42837 | Microsoft | high | 7.8 | — | | Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to ele… | Jun 9, 2026 | Jun 10, 2026 |
| | CVE-2026-42836 | Microsoft | high | 7.0 | — | | Concurrent execution using shared resource with improper synchronization ('race condition') in Funct… | Jun 9, 2026 | Jun 10, 2026 |
| | CVE-2026-48574 | Microsoft | high | 7.8 | — | | Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally. | Jun 9, 2026 | Jun 10, 2026 |
| | CVE-2026-47656 | Microsoft | high | 7.9 | — | | Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a secur… | Jun 9, 2026 | Jun 10, 2026 |
| | CVE-2026-42910 | Microsoft | high | 7.8 | — | | Out-of-bounds write in Windows Hotpatch Monitoring Service allows an authorized attacker to elevate … | Jun 9, 2026 | Jun 10, 2026 |
| | CVE-2026-45654 | Microsoft | high | 7.9 | — | | Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a securi… | Jun 9, 2026 | Jun 10, 2026 |
| | CVE-2026-45653 | Microsoft | high | 7.0 | — | | Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. | Jun 9, 2026 | Jun 10, 2026 |
| | CVE-2026-45637 | Microsoft | high | 7.8 | — | | Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges local… | Jun 9, 2026 | Jun 10, 2026 |
| | CVE-2026-45603 | Microsoft | high | 7.0 | — | | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to ele… | Jun 9, 2026 | Jun 10, 2026 |
| | CVE-2026-45638 | Microsoft | high | 7.8 | — | | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to ele… | Jun 9, 2026 | Jun 10, 2026 |
| | CVE-2026-45635 | Microsoft | high | 8.1 | — | | Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code… | Jun 9, 2026 | Jun 10, 2026 |
| | CVE-2026-45600 | Microsoft | high | 7.8 | — | | Access of resource using incompatible type ('type confusion') in Windows Kernel-Mode Drivers allows … | Jun 9, 2026 | Jun 10, 2026 |
| | CVE-2026-45596 | Microsoft | high | 7.0 | — | | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to ele… | Jun 9, 2026 | Jun 10, 2026 |
| | CVE-2026-45636 | Microsoft | high | 7.8 | — | | Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally. | Jun 9, 2026 | Jun 10, 2026 |