Microsoft

4385 CVEs tracked in the last 90 days

4385 Total CVEs

1424 Critical

1495 High

1331 Medium

135 Low

Severity Distribution

Critical 1424 (32.5%)

High 1495 (34.1%)

Medium 1331 (30.4%)

Low 135 (3.1%)

Top Affected Products

microsoft internet explorer 1467

microsoft office 489

microsoft edge 386

Microsoft Windows 11 Version 24H2 241

Microsoft Windows 11 Version 25H2 240

Microsoft Windows 11 version 26H1 236

Microsoft Windows 11 version 22H3 232

Microsoft Windows 11 Version 23H2 232

CVSS Score Distribution

Latest CVEs

CVE ID	Severity	CVSS	Description	Published	Modified
CVE-2026-42899	high	7.5	Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attack…	May 12, 2026	May 13, 2026
CVE-2026-42893	high	7.4	Improper neutralization of special elements used in a command ('command injection') in M365 Copilot …	May 12, 2026	May 13, 2026
CVE-2026-40368	high	8.0	Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to ex…	May 12, 2026	May 13, 2026
CVE-2026-40365	high	8.8	Insufficient granularity of access control in Microsoft Office SharePoint allows an authorized attac…	May 12, 2026	May 13, 2026
CVE-2026-40357	high	8.8	Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to ex…	May 12, 2026	May 13, 2026
CVE-2026-35439	high	8.8	Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to ex…	May 12, 2026	May 13, 2026
CVE-2026-33112	high	8.8	Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to ex…	May 12, 2026	May 13, 2026
CVE-2026-33110	high	8.8	Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to ex…	May 12, 2026	May 13, 2026
CVE-2026-33821	high	7.7	Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attac…	May 12, 2026	May 13, 2026
CVE-2026-42838	medium	5.4	Improper neutralization of special elements in output used by a downstream component ('injection') i…	May 12, 2026	May 13, 2026
CVE-2026-40416	medium	4.3	User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) all…	May 12, 2026	May 13, 2026
CVE-2026-42833	critical	9.1	Execution with unnecessary privileges in Microsoft Dynamics 365 (on-premises) allows an authorized a…	May 12, 2026	May 13, 2026
CVE-2026-42830	medium	6.5	Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges loc…	May 12, 2026	May 13, 2026
CVE-2026-42823	critical	9.9	Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over…	May 12, 2026	May 13, 2026
CVE-2026-41613	high	8.8	Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a …	May 12, 2026	May 13, 2026
CVE-2026-41103	critical	9.1	Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluen…	May 12, 2026	May 13, 2026
CVE-2026-40381	high	7.8	Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate pr…	May 12, 2026	May 13, 2026
CVE-2026-41097	medium	6.7	Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker …	May 12, 2026	May 13, 2026
CVE-2026-41086	high	8.8	Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges …	May 12, 2026	May 13, 2026
CVE-2026-40420	high	8.8	Improper access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate pr…	May 12, 2026	May 13, 2026
CVE-2026-35436	high	8.8	Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized att…	May 12, 2026	May 13, 2026
CVE-2026-40418	high	7.8	Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges …	May 12, 2026	May 13, 2026
CVE-2026-40413	high	7.4	Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an a…	May 12, 2026	May 13, 2026
CVE-2026-40403	high	8.8	Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code lo…	May 12, 2026	May 13, 2026
CVE-2026-40402	critical	9.3	Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.	May 12, 2026	May 13, 2026