| | CVE-2026-40374 | Microsoft | medium | 6.5 | 0.1%
| | Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized at… | May 12, 2026 | May 19, 2026 |
| | CVE-2026-40370 | Microsoft | high | 8.8 | 0.5%
| | External control of file name or path in SQL Server allows an authorized attacker to execute code ov… | May 12, 2026 | Jun 18, 2026 |
| | CVE-2026-40368 | Microsoft | high | 8.0 | 0.3%
| | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to ex… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-40367 | Microsoft | high | 8.4 | 0.1%
| | Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an una… | May 12, 2026 | Jun 1, 2026 |
| | CVE-2026-40366 | Microsoft | high | 8.4 | 0.1%
| | Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an una… | May 12, 2026 | Jun 1, 2026 |
| | CVE-2026-40365 | Microsoft | high | 8.8 | 0.1%
| | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to ex… | May 12, 2026 | Jun 1, 2026 |
| | CVE-2026-40364 | Microsoft | high | 8.4 | 0.2%
| | Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an una… | May 12, 2026 | May 19, 2026 |
| | CVE-2026-40363 | Microsoft | high | 8.4 | 0.1%
| | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code local… | May 12, 2026 | May 19, 2026 |
| | CVE-2026-40362 | Microsoft | high | 7.8 | 0.1%
| | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | May 12, 2026 | Jun 1, 2026 |
| | CVE-2026-40361 | Microsoft | high | 8.4 | 0.1%
| | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | May 12, 2026 | Jun 3, 2026 |
| | CVE-2026-40360 | Microsoft | high | 7.8 | 0.1%
| | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information… | May 12, 2026 | May 19, 2026 |
| | CVE-2026-40359 | Microsoft | high | 7.8 | 0.1%
| | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | May 12, 2026 | May 19, 2026 |
| | CVE-2026-40358 | Microsoft | high | 8.4 | 0.1%
| | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code local… | May 12, 2026 | Jun 1, 2026 |
| | CVE-2026-40357 | Microsoft | high | 8.8 | 0.5%
| | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to ex… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-35440 | Microsoft | medium | 5.5 | 0.0%
| | Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized … | May 12, 2026 | May 19, 2026 |
| | CVE-2026-35439 | Microsoft | high | 8.8 | 0.5%
| | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to ex… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-35438 | Microsoft | high | 8.3 | 0.1%
| | Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges ov… | May 12, 2026 | May 28, 2026 |
| | CVE-2026-35436 | Microsoft | high | 8.8 | 0.0%
| | Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. | May 12, 2026 | Jun 1, 2026 |
| | CVE-2026-35429 | Microsoft | medium | 4.3 | 0.1%
| | User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) all… | May 12, 2026 | Jun 1, 2026 |
| | CVE-2026-33833 | Microsoft | high | 8.2 | 0.5%
| | Improper neutralization of special elements in output used by a downstream component ('injection') i… | May 12, 2026 | Jun 18, 2026 |
| | CVE-2026-33821 | Microsoft | high | 7.7 | 0.1%
| | Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attac… | May 12, 2026 | May 15, 2026 |
| | CVE-2026-33117 | Microsoft | critical | 9.1 | 0.0%
| | Improper authentication in Azure SDK allows an unauthorized attacker to bypass a security feature ov… | May 12, 2026 | May 15, 2026 |
| | CVE-2026-33112 | Microsoft | high | 8.8 | 0.5%
| | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to ex… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-33110 | Microsoft | high | 8.8 | 0.5%
| | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to ex… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-32204 | Microsoft | high | 7.8 | 0.3%
| | External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevat… | May 12, 2026 | Jun 18, 2026 |
| | CVE-2026-32185 | Microsoft | medium | 5.5 | 0.0%
| | Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attack… | May 12, 2026 | May 18, 2026 |
| | CVE-2026-32175 | Microsoft | medium | 4.3 | 0.7%
| | A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attac… | May 12, 2026 | Jun 18, 2026 |
| | CVE-2026-26083 | Fortinet | critical | 9.8 | 0.7%
| | A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4… | May 12, 2026 | Jul 8, 2026 |
| | CVE-2025-67604 | Fortinet | medium | 5.3 | 0.1%
| | A use of potentially dangerous function vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4,… | May 12, 2026 | May 15, 2026 |
| | CVE-2025-53680 | Fortinet | medium | 6.7 | 0.6%
| | An improper neutralization of special elements used in an OS command ("OS Command Injection") vulner… | May 12, 2026 | Jul 8, 2026 |
| | CVE-2026-41097 | Microsoft | medium | 6.7 | — | | Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker … | May 12, 2026 | May 13, 2026 |
| | CVE-2026-40413 | Microsoft | high | 7.4 | — | | Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an a… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-40403 | Microsoft | high | 8.8 | — | | Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code lo… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-40402 | Microsoft | critical | 9.3 | — | | Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally. | May 12, 2026 | May 13, 2026 |
| | CVE-2026-40401 | Microsoft | high | 7.1 | — | | Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service locally. | May 12, 2026 | May 13, 2026 |
| | CVE-2026-40398 | Microsoft | high | 7.8 | — | | Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privil… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-32209 | Microsoft | medium | 4.4 | — | | Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass … | May 12, 2026 | May 13, 2026 |
| | CVE-2026-40397 | Microsoft | high | 7.8 | — | | Integer underflow (wrap or wraparound) in Windows Common Log File System Driver allows an authorized… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-40382 | Microsoft | high | 7.8 | — | | Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges loca… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-40369 | Microsoft | high | 7.8 | 4.7%
| | Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges loc… | May 12, 2026 | Jun 26, 2026 |
| | CVE-2026-34341 | Microsoft | high | 7.0 | — | | Double free in Windows Link-Layer Discovery Protocol (LLDP) allows an authorized attacker to elevate… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-34340 | Microsoft | high | 7.0 | — | | Use after free in Windows Projected File System allows an authorized attacker to elevate privileges … | May 12, 2026 | May 13, 2026 |
| | CVE-2026-34338 | Microsoft | high | 7.8 | — | | Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges loca… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-34337 | Microsoft | high | 7.8 | — | | Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate pr… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-34336 | Microsoft | high | 7.8 | — | | Buffer over-read in Windows DWM Core Library allows an authorized attacker to disclose information l… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-34334 | Microsoft | high | 7.8 | — | | Concurrent execution using shared resource with improper synchronization ('race condition') in Windo… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-34332 | Microsoft | high | 8.0 | — | | Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a n… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-33838 | Microsoft | high | 7.8 | — | | Double free in Windows Message Queuing allows an authorized attacker to elevate privileges locally. | May 12, 2026 | May 13, 2026 |
| | CVE-2026-33837 | Microsoft | high | 7.8 | — | | Heap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges loc… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-33835 | Microsoft | high | 7.8 | — | | Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate pr… | May 12, 2026 | May 13, 2026 |