| | CVE-2026-40366 |  Microsoft | high | 8.4 | — | | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | May 12, 2026 | May 13, 2026 |
| | CVE-2026-40364 | Microsoft | high | 8.4 | — | | Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an una… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-40363 | Microsoft | high | 8.4 | — | | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code local… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-40360 | Microsoft | high | 7.8 | 0.1%
| | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-35440 | Microsoft | medium | 5.5 | — | | Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized … | May 12, 2026 | May 13, 2026 |
| | CVE-2026-35438 | Microsoft | high | 8.3 | — | | Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges ov… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-35433 | Microsoft | high | 7.3 | — | | Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally. | May 12, 2026 | May 13, 2026 |
| | CVE-2026-35424 | Microsoft | high | 7.5 | — | | Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol a… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-35422 | Microsoft | medium | 6.5 | — | | Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized atta… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-35421 | Microsoft | high | 7.8 | — | | Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally. | May 12, 2026 | May 13, 2026 |
| | CVE-2026-35420 | Microsoft | high | 7.8 | — | | Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges loc… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-35419 | Microsoft | medium | 5.5 | — | | Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-35418 | Microsoft | high | 7.8 | — | | Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate pr… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-35417 | Microsoft | high | 7.8 | — | | Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an au… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-35416 | Microsoft | high | 7.0 | — | | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to ele… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-35415 | Microsoft | high | 7.8 | — | | Integer overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-34351 | Microsoft | high | 7.8 | — | | Concurrent execution using shared resource with improper synchronization ('race condition') in Windo… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-34350 | Microsoft | medium | 6.5 | — | | Null pointer dereference in Windows Storport Miniport Driver allows an unauthorized attacker to deny… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-34347 | Microsoft | high | 7.0 | — | | Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | May 12, 2026 | May 13, 2026 |
| | CVE-2026-34345 | Microsoft | high | 7.0 | — | | Concurrent execution using shared resource with improper synchronization ('race condition') in Windo… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-34344 | Microsoft | high | 7.8 | — | | Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver f… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-34343 | Microsoft | high | 7.8 | — | | Heap-based buffer overflow in Windows Application Identity (AppID) Subsystem allows an authorized at… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-34342 | Microsoft | high | 7.0 | — | | Concurrent execution using shared resource with improper synchronization ('race condition') in Windo… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-34333 | Microsoft | high | 7.8 | — | | Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | May 12, 2026 | May 13, 2026 |
| | CVE-2026-34331 | Microsoft | high | 7.0 | — | | Concurrent execution using shared resource with improper synchronization ('race condition') in Windo… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-34330 | Microsoft | high | 7.8 | — | | Integer overflow or wraparound in Windows Win32K - GRFX allows an authorized attacker to elevate pri… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-34329 | Microsoft | high | 8.8 | — | | Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute cod… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-33841 | Microsoft | high | 7.8 | — | | Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges loc… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-33840 | Microsoft | high | 7.8 | — | | Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-33839 | Microsoft | high | 7.0 | — | | Concurrent execution using shared resource with improper synchronization ('race condition') in Windo… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-33834 | Microsoft | high | 7.8 | — | | Improper access control in Windows Event Logging Service allows an authorized attacker to elevate pr… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-33117 | Microsoft | critical | 9.1 | — | | Improper authentication in Azure SDK allows an unauthorized attacker to bypass a security feature ov… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-21530 | Microsoft | medium | 6.7 | — | | Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally. | May 12, 2026 | May 13, 2026 |
| | CVE-2026-32177 | Microsoft | high | 7.3 | — | | Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally. | May 12, 2026 | May 13, 2026 |
| | CVE-2026-32204 | Microsoft | high | 7.8 | — | | External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevat… | May 12, 2026 | May 13, 2026 |
| | CVE-2025-53870 |  Fortinet | medium | 6.5 | — | | An improper neutralization of special elements used in an os command ('os command injection') vulner… | May 12, 2026 | May 13, 2026 |
| | CVE-2025-53680 | Fortinet | medium | 6.1 | — | | An improper neutralization of special elements used in an OS command ("OS Command Injection") vulner… | May 12, 2026 | May 13, 2026 |
| | CVE-2025-53681 | Fortinet | medium | 6.3 | — | | An improper neutralization of special elements used in an SQL Command ("SQL Injection&") vulnerabili… | May 12, 2026 | May 13, 2026 |
| | CVE-2025-53844 | Fortinet | high | 8.3 | — | | A out-of-bounds write vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-44277 | Fortinet | critical | 9.1 | 0.0%
| | A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-26083 | Fortinet | critical | 9.1 | — | | A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-20794 |  VMware | critical | 9.3 | — | | Buffer overflow for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-41713 | VMware | high | 8.2 | 0.0%
| | A malicious user could craft input that is stored in conversation memory and later interpreted by th… | May 12, 2026 | May 12, 2026 |
| | CVE-2026-41712 | VMware | high | 7.5 | 0.0%
| | Spring AI's chat memory component contained a problematic default that, when not explicitly overridd… | May 12, 2026 | May 12, 2026 |
| | CVE-2026-6402 |  Red Hat | medium | 5.3 | 0.0%
| | A flaw was found in webpack-dev-server. When the development server operates over plain HTTP, a remo… | May 12, 2026 | May 12, 2026 |
| | CVE-2026-4802 | Red Hat | high | 8.0 | — | | A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary comman… | May 11, 2026 | May 11, 2026 |
| | CVE-2026-43826 |  Apache | medium | 6.5 | 0.0%
| | The OpenSearch logging provider, when configured with a `host` URL that embeds credentials (for exam… | May 11, 2026 | May 13, 2026 |
| | CVE-2026-41018 | Apache | medium | 6.5 | 0.0%
| | The Elasticsearch logging provider, when configured with a `host` URL that embeds credentials (for e… | May 11, 2026 | May 13, 2026 |
| | CVE-2026-43500 | Red Hat | high | 7.8 | 0.0%
| | A flaw was found in the Linux kernel's RxRPC networking subsystem. When a non-linear socket buffer c… | May 11, 2026 | May 11, 2026 |
| | CVE-2026-41705 | VMware | high | 8.6 | 0.0%
| | Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injec… | May 9, 2026 | May 12, 2026 |