Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-12980

Summary
Assigner-AMD
Assigner Org ID-b58fc414-a1e4-4f92-9d70-1add41838648
Published At-11 Jun, 2021 | 21:49
Updated At-17 Sep, 2024 | 03:22
Rejected At-
Credits

An out of bounds write and read vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:AMD
Assigner Org ID:b58fc414-a1e4-4f92-9d70-1add41838648
Published At:11 Jun, 2021 | 21:49
Updated At:17 Sep, 2024 | 03:22
Rejected At:
▼CVE Numbering Authority (CNA)

An out of bounds write and read vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.

Affected Products
Vendor
Advanced Micro Devices, Inc.AMD
Product
AMD Radeon Software
Versions
Affected
  • From Radeon Software before 20.7.1 (custom)
  • From Radeon Pro Software for Enterprise before 21.Q2 (custom)
Problem Types
TypeCWE IDDescription
textN/ANA
Type: text
CWE ID: N/A
Description: NA
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000
x_refsource_MISC
Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000
x_refsource_MISC
x_transferred
Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@amd.com
Published At:11 Jun, 2021 | 22:15
Updated At:07 Nov, 2023 | 03:15

An out of bounds write and read vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary2.04.6MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 4.6
Base severity: MEDIUM
Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
Advanced Micro Devices, Inc.
amd
>>radeon_pro_software>>Versions before 21.q1(exclusive)
cpe:2.3:a:amd:radeon_pro_software:*:*:*:*:enterprise:*:*:*
Advanced Micro Devices, Inc.
amd
>>radeon_software>>Versions before 20.7.1(exclusive)
cpe:2.3:a:amd:radeon_software:*:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10>>-
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10>>-
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*
Weaknesses
CWE IDTypeSource
CWE-125Primarynvd@nist.gov
CWE-787Primarynvd@nist.gov
CWE ID: CWE-125
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000psirt@amd.com
N/A
Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000
Source: psirt@amd.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

7056Records found
CVE-2023-0182
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.90%
||
7 Day CHG+0.01%
Published-01 Apr, 2023 | 04:31
Updated-11 Feb, 2025 | 16:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an out-of-bounds write can lead to denial of service, information disclosure, and data tampering.

Action-Not Available
Vendor-Microsoft CorporationNVIDIA Corporation
Product-windowsvirtual_gpuvGPU software (guest driver - Windows), NVIDIA Cloud Gaming (guest driver - Windows)
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-29811
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.61% / 69.86%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 17:24
Updated-13 Feb, 2026 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Mobile Broadband Driver Elevation of Privilege Vulnerability

Improper input validation in Windows Mobile Broadband allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_11_23h2windows_11_24h2windows_server_2025windows_11_22h2Windows Server 2025Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows 11 Version 23H2Windows 11 version 22H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1271
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.25% / 48.76%
||
7 Day CHG~0.00%
Published-11 Sep, 2019 | 21:25
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege exists in hdAudio.sys which may lead to an out of band write, aka 'Windows Media Elevation of Privilege Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-26675
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.69% / 71.88%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 17:23
Updated-13 Feb, 2026 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Subsystem for Linux Elevation of Privilege Vulnerability

Out-of-bounds read in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_11_23h2windows_server_2022windows_10_22h2windows_server_2025windows_11_22h2windows_server_2022_23h2windows_10_21h2Windows Server 2025Windows Server 2022Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows 11 Version 23H2Windows 11 version 22H2Windows 10 Version 21H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows 10 Version 22H2
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-44649
Matching Score-10
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-10
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.01%
||
7 Day CHG~0.00%
Published-21 Nov, 2022 | 17:57
Updated-29 Apr, 2025 | 05:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds access vulnerability in the Unauthorized Change Prevention service of Trend Micro Apex One and Apex One as a Service could allow a local attacker to elevate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-windowsapex_oneTrend Micro Apex One
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-44650
Matching Score-10
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-10
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.60%
||
7 Day CHG~0.00%
Published-21 Nov, 2022 | 17:57
Updated-29 Apr, 2025 | 05:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption vulnerability in the Unauthorized Change Prevention service of Trend Micro Apex One and Apex One as a Service could allow a local attacker to elevate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-windowsapex_oneTrend Micro Apex One
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-42267
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-7||HIGH
EPSS-0.08% / 23.72%
||
7 Day CHG~0.00%
Published-30 Dec, 2022 | 00:00
Updated-10 Apr, 2025 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows contains a vulnerability where a regular user can cause an out-of-bounds read, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-windowsvirtual_gpuNVIDIA GPU Display Driver for Windows
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-41125
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.70% / 72.14%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 00:00
Updated-30 Oct, 2025 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-12-09||Apply updates per vendor instructions.
Windows CNG Key Isolation Service Elevation of Privilege Vulnerability

Windows CNG Key Isolation Service Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_21h2windows_10_1507windows_11_22h2windows_server_2012windows_10_21h1windows_10_21h2windows_server_2022windows_10_1607windows_10_22h2windows_10_1809windows_server_2019windows_8.1windows_10_20h2windows_server_2016Windows 11 version 21H2Windows Server 2016 (Server Core installation)Windows Server 2012Windows 8.1Windows Server 2019 (Server Core installation)Windows 10 Version 22H2Windows 10 Version 21H1Windows Server 2012 (Server Core installation)Windows Server 2022Windows Server 2019Windows 10 Version 1507Windows 10 Version 1607Windows 10 Version 21H2Windows Server 2012 R2Windows 10 Version 1809Windows 11 version 22H2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 20H2Windows Server 2016Windows
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-41073
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.89% / 83.22%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 00:00
Updated-30 Oct, 2025 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-12-09||Apply updates per vendor instructions.
Windows Print Spooler Elevation of Privilege Vulnerability

Windows Print Spooler Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_7windows_server_2012windows_10_21h2windows_server_2022windows_8.1windows_10_1507windows_11_22h2windows_server_2008windows_10_21h1windows_10_20h2windows_10_1607windows_10_22h2windows_10_1809windows_server_2019windows_11_21h2windows_server_2016Windows 11 version 21H2Windows Server 2016 (Server Core installation)Windows Server 2012Windows 8.1Windows Server 2008 Service Pack 2Windows Server 2019 (Server Core installation)Windows 10 Version 22H2Windows 7Windows 10 Version 21H1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2022Windows Server 2019Windows 10 Version 1507Windows 10 Version 1607Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows 7 Service Pack 1Windows Server 2012 R2Windows 10 Version 1809Windows 11 version 22H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows 10 Version 20H2Windows Server 2008 R2 Service Pack 1Windows Server 2016Windows
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-26384
Matching Score-10
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-10
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.68%
||
7 Day CHG~0.00%
Published-14 Jul, 2022 | 19:28
Updated-16 Sep, 2024 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malformed SMI (System Management Interface) command may allow an attacker to establish a corrupted SMI Trigger Info data structure, potentially leading to out-of-bounds memory reads and writes when triggering an SMI resulting in a potential loss of resources.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-ryzen_3_3200u_firmwareryzen_5_2700x_firmwareryzen_3_3450uryzen_5_5600hathlon_silver_3050u_firmwareryzen_3_3300uryzen_3_3550hryzen_5_5600gryzen_3_5425cryzen_3_5425u_firmwareryzen_5_5600uryzen_5_2500uryzen_9_5980hxryzen_3_3750hryzen_3_2300u_firmwareryzen_7_5800hsryzen_9_5900hx_firmwareryzen_5_5600hsryzen_3_5300geryzen_3_2300uryzen_5_5600geryzen_7_5825uryzen_5_2600xryzen_7_5825u_firmwareryzen_3_3550h_firmwareryzen_3_5300ge_firmwareryzen_5_5625uryzen_7_2700u_firmwareryzen_7_5700geryzen_5_2700ryzen_3_3780u_firmwareryzen_3_5125cryzen_7_2800h_firmwareryzen_5_2700_firmwareryzen_3_3500u_firmwareryzen_3_3700cryzen_5_5560uryzen_9_5900hs_firmwareryzen_5_5600u_firmwareryzen_5_2500u_firmwareryzen_7_5700g_firmwareryzen_3_2200u_firmwareryzen_9_5900hsryzen_3_2200uryzen_7_2700xryzen_3_3500cryzen_3_3500uryzen_7_5700gryzen_9_5980hsryzen_3_5300g_firmwareryzen_3_5125c_firmwareryzen_7_5800u_firmwareryzen_3_3200uryzen_7_5825c_firmwareryzen_5_2600ryzen_7_5800h_firmwareryzen_7_2700ryzen_7_2700x_firmwareryzen_5_5625c_firmwareryzen_3_3580u_firmwareathlon_silver_3050uryzen_3_3700u_firmwareryzen_5_2600hryzen_5_5625cryzen_3_5425uryzen_9_5980hx_firmwareryzen_5_5560u_firmwareryzen_7_2700uryzen_3_3750h_firmwareryzen_3_5400uryzen_3_3580uryzen_7_5825cryzen_3_3500c_firmwareryzen_7_5800uryzen_7_2800hryzen_5_2600h_firmwareryzen_3_3700uryzen_9_5900hxryzen_3_3700c_firmwareryzen_3_3250uryzen_5_5600g_firmwareryzen_9_5980hs_firmwareryzen_5_2600x_firmwareryzen_3_5300gathlon_gold_3150u_firmwareryzen_5_5600ge_firmwareryzen_5_5600hs_firmwareryzen_7_2700_firmwareryzen_3_5425c_firmwareathlon_gold_3150uryzen_5_5600h_firmwareryzen_3_3350u_firmwareryzen_5_2700xryzen_7_5800hryzen_3_5400u_firmwareryzen_5_2600_firmwareryzen_3_3780uryzen_3_3250u_firmwareryzen_3_3300u_firmwareryzen_3_3450u_firmwareryzen_7_5800hs_firmwareryzen_5_5625u_firmwareryzen_7_5700ge_firmwareryzen_3_3350uAthlon™ SeriesRyzen™ Series
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-24048
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.19% / 40.72%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 16:59
Updated-13 Feb, 2026 | 19:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Hyper-V Elevation of Privilege Vulnerability

Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1607windows_server_2022_23h2windows_server_2019windows_server_2025windows_11_24h2windows_10_22h2windows_11_22h2windows_10_1809windows_10_21h2windows_server_2022windows_server_2016Windows Server 2025Windows 11 Version 23H2Windows 10 Version 1809Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows 10 Version 21H2
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-26392
Matching Score-10
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-10
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.21% / 43.70%
||
7 Day CHG-0.03%
Published-09 Nov, 2022 | 20:44
Updated-16 Sep, 2024 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-ryzen_9_5900xradeon_pro_w5500xamd_3020e_firmwareryzen_5_3580uradeon_rx_vega_64ryzen_3_pro_3200ge_firmwareathlon_silver_3050u_firmwareathlon_silver_3050e_firmwareryzen_3_3250cradeon_rx_6600ryzen_3_3100_firmwareamd_3015eryzen_9_3900xradeon_rx_5300ryzen_9_5900x_firmwareryzen_5_pro_3350ge_firmwareradeon_rx_vega_56ryzen_5_2500uathlon_gold_3150c_firmwareryzen_9_5980hxryzen_7_5800hsryzen_threadripper_pro_5955wx_firmwareryzen_5_5600xryzen_9_5900_firmwareryzen_threadripper_pro_5995wxryzen_5_5600hsryzen_5_3600xt_firmwareryzen_3_5300geryzen_3_2300uryzen_5_3600x_firmwareryzen_7_3750h_firmwareradeon_rx_6700sryzen_5_3400gryzen_threadripper_3960x_firmwareryzen_7_5800x3d_firmwareryzen_threadripper_3960xradeon_rx_5700mamd_3020eryzen_threadripper_pro_3975wxathlon_pro_3145bryzen_5_5560uryzen_3_2200g_firmwareradeon_rx_5700ryzen_threadripper_pro_5945wxryzen_3_pro_3200geryzen_3_pro_3200g_firmwareryzen_5_2500u_firmwareradeon_rx_5700_xtryzen_3_3100ryzen_3_pro_3200gryzen_7_3750hradeon_rx_5500mryzen_7_5700u_firmwareryzen_3_2200u_firmwareathlon_silver_3050eryzen_3_3200gryzen_7_3780uryzen_9_5900hsryzen_3_2200uradeon_rx_6500_xtryzen_3_3250c_firmwareradeon_rx_6950_xtryzen_7_5700gryzen_9_5980hsryzen_5_2400geryzen_7_3700cryzen_5_pro_3350g_firmwareryzen_7_3800xt_firmwareryzen_5_5500u_firmwareryzen_7_5800h_firmwareryzen_threadripper_pro_5965wx_firmwareryzen_3_3300xryzen_7_3700xenterprise_driverradeon_pro_softwareryzen_5_2600hryzen_5_3500uradeon_rx_5600mryzen_5_5500ryzen_7_2700uryzen_3_5400uradeon_softwareathlon_pro_3045bryzen_7_2800hryzen_5_5600_firmwareryzen_7_5800xryzen_5_3550hradeon_rx_6700ryzen_threadripper_3990x_firmwareryzen_7_3780u_firmwareryzen_9_3900radeon_rx_6400radeon_rx_6800athlon_silver_3050c_firmwareryzen_5_5600x_firmwareryzen_9_3900_firmwareryzen_7_3700x_firmwareryzen_7_5800x3dryzen_3_5300gryzen_9_5900ryzen_5_pro_3350gryzen_5_5600ge_firmwareryzen_9_5980hs_firmwareryzen_threadripper_3990xryzen_5_3500c_firmwareryzen_5_3400g_firmwareryzen_5_5600hs_firmwareathlon_gold_3150uryzen_3_3350u_firmwareradeon_pro_w6800xradeon_rx_5600_xtryzen_threadripper_pro_5955wxryzen_5_5500uryzen_3_5400u_firmwareryzen_5_5600h_firmwareathlon_silver_3050cryzen_7_5800ryzen_3_3300u_firmwareradeon_rx_6600sryzen_7_3800xryzen_5_2400ge_firmwareryzen_5_2400gradeon_rx_6800sryzen_9_5950xryzen_5_3600_firmwareryzen_5_5500_firmwareryzen_5_3580u_firmwareryzen_3_2200geryzen_5_3500cryzen_3_3300x_firmwareryzen_5_5600hryzen_5_pro_3400g_firmwareryzen_9_3900xt_firmwareryzen_3_5300u_firmwareryzen_3_3300uryzen_3_5300uryzen_threadripper_pro_5945wx_firmwareradeon_rx_6900_xtryzen_5_5600gryzen_5_3600xtryzen_5_3500x_firmwareryzen_9_3900xtryzen_5_3550h_firmwareradeon_pro_w6400ryzen_5_5600uryzen_threadripper_pro_5975wxathlon_pro_3045b_firmwareryzen_3_2300u_firmwareradeon_rx_5500radeon_pro_w5700ryzen_9_5900hx_firmwareryzen_5_3500xryzen_9_5950x_firmwareryzen_5_5600geradeon_rx_5300_xtryzen_7_3700u_firmwareryzen_7_5800x_firmwareryzen_3_5300ge_firmwareryzen_7_2700u_firmwareryzen_5_pro_3400gryzen_7_5700geryzen_5_3450uradeon_rx_6850m_xtryzen_3_2200ge_firmwareradeon_rx_6600_xtradeon_rx_6650_xtryzen_7_3800x_firmwareathlon_pro_3145b_firmwareryzen_7_2800h_firmwareryzen_5_pro_3350geradeon_pro_w6600mryzen_7_5700uradeon_pro_w6600xryzen_threadripper_pro_3945wx_firmwareamd_3015ce_firmwareryzen_9_5900hs_firmwareradeon_pro_w6600ryzen_5_5600u_firmwareryzen_5_3600xryzen_3_3200g_firmwareradeon_rx_6800_xtryzen_7_3800xtryzen_7_5700g_firmwareryzen_threadripper_pro_5975wx_firmwareryzen_9_3950x_firmwareradeon_pro_w6900xryzen_threadripper_pro_3995wxradeon_rx_5300mradeon_pro_w6800radeon_rx_6600mradeon_pro_w5700xryzen_7_3700c_firmwareradeon_rx_6750_xtryzen_7_5700x_firmwareryzen_3_5300g_firmwareryzen_threadripper_pro_3955wxradeon_rx_5500_xtryzen_7_5800u_firmwareryzen_9_3900x_firmwareryzen_7_3700uathlon_silver_3050uryzen_3_3350uryzen_5_3500_firmwareryzen_3_2200gryzen_threadripper_pro_3955wx_firmwareryzen_7_5800_firmwareradeon_rx_6300mamd_3015ceryzen_5_5560u_firmwareryzen_9_5980hx_firmwareryzen_threadripper_pro_3995wx_firmwareradeon_rx_6800mryzen_5_2600h_firmwareryzen_threadripper_pro_5965wxradeon_rx_vega_56_firmwareradeon_rx_vega_64_firmwareryzen_7_5800uryzen_9_5900hxradeon_pro_w6800x_duoradeon_rx_6650mradeon_rx_6650m_xtradeon_rx_6700_xtryzen_5_5600g_firmwareathlon_gold_3150cradeon_rx_6700mryzen_3_3250uryzen_5_2400g_firmwareathlon_gold_3150u_firmwareradeon_pro_w5500ryzen_5_pro_3400geryzen_9_3950xradeon_rx_5600ryzen_5_5600ryzen_threadripper_3970xryzen_5_3500ryzen_7_5800hradeon_pro_w6500mryzen_5_3450u_firmwareamd_3015e_firmwareryzen_threadripper_3970x_firmwareryzen_5_3600ryzen_threadripper_pro_3945wxryzen_3_3250u_firmwareryzen_5_3500u_firmwareryzen_threadripper_pro_3975wx_firmwareryzen_5_pro_3400ge_firmwareryzen_7_5800hs_firmwareryzen_threadripper_pro_5995wx_firmwareradeon_pro_w6300mradeon_rx_6500mryzen_7_5700ge_firmwareryzen_7_5700xAMD Radeon RX 5000 Series & PRO W5000 SeriesAMD Ryzen™ Embedded V2000AMD Ryzen™Embedded V3000AMD Ryzen™ Embedded V1000AMD Ryzen™ Embedded 5000AMD Radeon RX 6000 Series & PRO W6000 SeriesAMD Ryzen™ Embedded R2000AMD Ryzen™ Embedded R1000
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-24059
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.28% / 51.74%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 16:59
Updated-13 Feb, 2026 | 19:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Common Log File System Driver Elevation of Privilege Vulnerability

Incorrect conversion between numeric types in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1607windows_11_23h2windows_server_2019windows_server_2022_23h2windows_server_2025windows_11_24h2windows_10_22h2windows_server_2008windows_10_1507windows_10_21h2windows_10_1809windows_11_22h2windows_server_2012windows_server_2022windows_server_2016Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-681
Incorrect Conversion between Numeric Types
CVE-2021-25249
Matching Score-10
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-10
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.55%
||
7 Day CHG~0.00%
Published-04 Feb, 2021 | 19:36
Updated-03 Aug, 2024 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-apex_onewindowsworry-free_business_securityofficescanTrend Micro Apex OneTrend Micro OfficeScanTrend Micro Worry-Free Business Security
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-37969
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-11.60% / 93.67%
||
7 Day CHG-2.99%
Published-13 Sep, 2022 | 18:42
Updated-13 Jan, 2026 | 22:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-10-05||Apply updates per vendor instructions.
Windows Common Log File System Driver Elevation of Privilege Vulnerability

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_rt_8.1windows_server_2019windows_server_2016windows_10_21h1windows_10_1809windows_11_21h2windows_10_20h2windows_10_1607windows_10_1507windows_server_2012windows_7windows_server_2008windows_10_21h2windows_server_2022windows_8.1Windows Server 2022Windows 7Windows 11 version 21H2Windows Server 2012 R2Windows Server 2016 (Server Core installation)Windows 8.1Windows 10 Version 1507Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 20H2Windows Server 2008 Service Pack 2Windows 10 Version 1607Windows 7 Service Pack 1Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows Server 2016Windows 10 Version 1809Windows 10 Version 21H2Windows Server 2012 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-24063
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.94% / 76.26%
||
7 Day CHG+0.25%
Published-13 May, 2025 | 16:59
Updated-13 Feb, 2026 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel Streaming Service Driver Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2016windows_10_1507windows_10_22h2windows_11_23h2windows_11_22h2windows_10_1607windows_server_2019windows_server_2022_23h2windows_server_2025windows_11_24h2windows_server_2008windows_10_1809windows_server_2022windows_10_21h2Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-26386
Matching Score-10
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-10
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.18%
||
7 Day CHG~0.00%
Published-12 May, 2022 | 18:28
Updated-16 Sep, 2024 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call to the Stage 2 Bootloader potentially leading to corrupt memory and code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-ryzen_5800x_firmwareryzen_3_3100_firmwareryzen_threadripper_2950x_firmwareryzen_5600gryzen_9_3900xryzen_5_2500uryzen_9_5980hxryzen_7_5800hsryzen_threadripper_pro_5955wx_firmwareryzen_5_5600xryzen_threadripper_pro_5995wxryzen_5_5600hsryzen_3_2300uryzen_7_5825uryzen_7_5825u_firmwareryzen_5_5700geryzen_5_3600x_firmwareryzen_5_3400gryzen_threadripper_3960x_firmwareryzen_threadripper_3960xryzen_threadripper_2950xryzen_threadripper_pro_3975wxryzen_5900xryzen_5_5560uryzen_5300ge_firmwareryzen_threadripper_pro_5945wxryzen_5_2500u_firmwareryzen_5700gryzen_3_3100ryzen_3_2200u_firmwareryzen_9_5900hsryzen_3_2200uryzen_5300g_firmwareryzen_9_5980hsryzen_threadripper_2920xryzen_3_5125c_firmwareryzen_7_5825c_firmwareryzen_5_2600ryzen_7_2700ryzen_7_2700x_firmwareryzen_7_5800h_firmwareryzen_3_3300xryzen_7_3700xryzen_threadripper_pro_5965wx_firmwareryzen_5_5625c_firmwareryzen_5950x_firmwareryzen_5_2600hryzen_5_5625cryzen_7_2700uryzen_3_5400uryzen_5_3450g_firmwareryzen_7_2800hryzen_threadripper_3990x_firmwareryzen_5_2600x_firmwareryzen_5700g_firmwareryzen_5_5600x_firmwareryzen_7_3700x_firmwareryzen_5900x_firmwareryzen_9_5980hs_firmwareryzen_5300gryzen_5700geryzen_threadripper_3990xryzen_5_5600hs_firmwareryzen_5800x3d_firmwareryzen_5_3400g_firmwareryzen_7_2700_firmwareryzen_5_5600h_firmwareryzen_threadripper_pro_5955wxryzen_3_5400u_firmwareryzen_5_2600_firmwareryzen_7_3800xryzen_5_3600_firmwareryzen_threadripper_2990wx_firmwareryzen_3_3300x_firmwareryzen_5_5600hryzen_5600x_firmwareryzen_threadripper_pro_5945wx_firmwareryzen_3_5425cryzen_3_5425u_firmwareryzen_3_3300g_firmwareryzen_5_3450gryzen_5600geryzen_5_5600uryzen_threadripper_pro_5975wxryzen_3_2300u_firmwareryzen_9_5900hx_firmwareryzen_5600ge_firmwareryzen_threadripper_2970wxryzen_5_2600xryzen_7_2700u_firmwareryzen_5_5625uryzen_threadripper_2920x_firmwareryzen_5600g_firmwareryzen_3_5125cryzen_7_3800x_firmwareryzen_7_2800h_firmwareryzen_5_5700gryzen_9_5900hs_firmwareryzen_threadripper_pro_3945wx_firmwareryzen_5_5600u_firmwareryzen_5_3600xryzen_threadripper_pro_5975wx_firmwareryzen_threadripper_2970wx_firmwareryzen_5800xryzen_9_3950x_firmwareryzen_5700ge_firmwareryzen_threadripper_pro_3995wxryzen_7_2700xryzen_5_5700g_firmwareryzen_threadripper_pro_3955wxryzen_7_5800u_firmwareryzen_9_3900x_firmwareryzen_3_5425uryzen_5_5700ge_firmwareryzen_threadripper_pro_3955wx_firmwareryzen_5600xryzen_5300geryzen_5_5560u_firmwareryzen_9_5980hx_firmwareryzen_threadripper_pro_3995wx_firmwareryzen_7_5825cryzen_5950xryzen_5_2600h_firmwareryzen_7_5800uryzen_threadripper_pro_5965wxryzen_9_5900hxryzen_5800x3dryzen_9_3950xryzen_threadripper_2990wxryzen_threadripper_3970xryzen_3_5425c_firmwareryzen_3_3300gryzen_7_5800hryzen_threadripper_3970x_firmwareryzen_5_3600ryzen_threadripper_pro_3945wxryzen_7_5800hs_firmwareryzen_threadripper_pro_3975wx_firmwareryzen_threadripper_pro_5995wx_firmwareryzen_5_5625u_firmwareAthlon™ SeriesRyzen™ Series
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-26398
Matching Score-10
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-10
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.63%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 20:56
Updated-09 Apr, 2025 | 14:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient input validation in SYS_KEY_DERIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7543epyc_7502_firmwareepyc_7402epyc_7262_firmwareepyc_7371_firmwareepyc_7261epyc_7451epyc_7282_firmwareepyc_7f32epyc_7551_firmwareepyc_7272_firmwareepyc_7573xepyc_7713pepyc_7443epyc_7513epyc_7232p_firmwareepyc_7702epyc_7453epyc_7373xepyc_7513_firmwareepyc_7542epyc_7281_firmwareepyc_7413_firmwareepyc_7h12_firmwareepyc_7002epyc_7643_firmwareepyc_7f52epyc_75f3epyc_7373x_firmwareepyc_7001epyc_7f32_firmwareepyc_7743_firmwareepyc_7f72_firmwareepyc_7662_firmwareepyc_7502epyc_75f3_firmwareepyc_7001_firmwareepyc_7343_firmwareepyc_7281epyc_7551epyc_7551pepyc_7313pepyc_7002_firmwareepyc_7551p_firmwareepyc_7601_firmwareepyc_7573x_firmwareepyc_7352epyc_7713_firmwareepyc_7401epyc_7742epyc_7272epyc_7713epyc_7003_firmwareepyc_7443p_firmwareepyc_7773xepyc_7003epyc_7261_firmwareepyc_7742_firmwareepyc_7501epyc_7501_firmwareepyc_7301_firmwareepyc_7743epyc_7443_firmwareepyc_7402pepyc_7343epyc_7252_firmwareepyc_7543_firmwareepyc_7542_firmwareepyc_7763_firmwareepyc_7313p_firmwareepyc_7252epyc_7502pepyc_7302p_firmwareepyc_7642_firmwareepyc_7h12epyc_7452epyc_7543p_firmwareepyc_7401pepyc_7302epyc_7601epyc_7232pepyc_7663epyc_7552_firmwareepyc_7773x_firmwareepyc_72f3_firmwareepyc_7371epyc_7f72epyc_7662epyc_7642epyc_7451_firmwareepyc_7532_firmwareepyc_7502p_firmwareepyc_7413epyc_7301epyc_7401p_firmwareepyc_7313epyc_7663_firmwareepyc_7351_firmwareepyc_7251epyc_7552epyc_7302pepyc_7702p_firmwareepyc_74f3_firmwareepyc_7302_firmwareepyc_7763epyc_7402_firmwareepyc_7713p_firmwareepyc_73f3_firmwareepyc_7702pepyc_7f52_firmwareepyc_7262epyc_7251_firmwareepyc_7401_firmwareepyc_72f3epyc_7643epyc_7452_firmwareepyc_7402p_firmwareepyc_7351epyc_7313_firmwareepyc_7543pepyc_7443pepyc_7453_firmwareepyc_7282epyc_7702_firmwareepyc_7352_firmwareepyc_74f3epyc_7532epyc_73f33rd Gen EPYC2nd Gen EPYC1st Gen EPYC
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-20515
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 22.42%
||
7 Day CHG~0.00%
Published-30 Apr, 2021 | 15:45
Updated-16 Sep, 2024 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local privileged user could overflow a buffer and execute arbitrary code on the system or cause a denial of service condition. IBM X-Force ID: 198366.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kernelhp-uxwindowsaixinformix_dynamic_serverInformix Dynamic Server
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-36701
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 26.41%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 17:07
Updated-14 Apr, 2025 | 22:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Resilient File System (ReFS) Elevation of Privilege Vulnerability

Microsoft Resilient File System (ReFS) Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows 10 Version 1607Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 11 version 22H2Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016Windows Server 2012 R2Windows 10 Version 1507Windows Server 2019 (Server Core installation)Windows Server 2012Windows Server 2012 R2 (Server Core installation)Windows 11 version 21H2Windows Server 2022Windows Server 2019Windows 10 Version 21H2
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-1732
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-90.06% / 99.59%
||
7 Day CHG~0.00%
Published-25 Feb, 2021 | 23:01
Updated-30 Oct, 2025 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-11-17||Apply updates per vendor instructions.
Windows Win32k Elevation of Privilege Vulnerability

Windows Win32k Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_1909windows_10_1909windows_server_2004windows_10_1809windows_server_2019windows_10_2004windows_server_20h2windows_10_20h2windows_10_1803Windows 10 Version 1803Windows Server 2019Windows 10 Version 2004Windows 10 Version 1809Windows Server version 20H2Windows Server 2019 (Server Core installation)Windows 10 Version 20H2Windows Server, version 1909 (Server Core installation)Windows 10 Version 1909Windows Server version 2004Win32k
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-35217
Matching Score-10
Assigner-TWCERT/CC
ShareView Details
Matching Score-10
Assigner-TWCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.07% / 20.72%
||
7 Day CHG~0.00%
Published-02 Aug, 2022 | 02:55
Updated-16 Sep, 2024 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NHI card’s web service component - Stack-based Buffer Overflow-1

The NHI card’s web service component has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A local area network attacker with general user privilege can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service.

Action-Not Available
Vendor-nhiNHIMicrosoft Corporation
Product-windowshealth_insurance_web_service_componentcard’s web service component
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-35357
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.18% / 39.50%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 17:02
Updated-01 Jan, 2025 | 02:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H2Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2019Windows 10 Version 22H2Windows Server 2016
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-31610
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.43%
||
7 Day CHG~0.00%
Published-18 Nov, 2022 | 00:00
Updated-29 Apr, 2025 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a local user with basic capabilities can cause an out-of-bounds write, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.

Action-Not Available
Vendor-Microsoft CorporationNVIDIA Corporation
Product-studiogpu_display_drivervirtual_gpuwindowsteslacloud_gaming_guestgeforceNVIDIA Cloud Gaming (guest driver)
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-31606
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.75%
||
7 Day CHG~0.00%
Published-18 Nov, 2022 | 00:00
Updated-29 Apr, 2025 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a failure to properly validate data might allow an attacker with basic user capabilities to cause an out-of-bounds access in kernel mode, which could lead to denial of service, information disclosure, escalation of privileges, or data tampering.

Action-Not Available
Vendor-Microsoft CorporationNVIDIA Corporation
Product-studiogpu_display_drivervirtual_gpuwindowsteslacloud_gaming_guestgeforceNVIDIA Cloud Gaming (guest driver)
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-31617
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.43%
||
7 Day CHG~0.00%
Published-18 Nov, 2022 | 00:00
Updated-28 Apr, 2025 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a local user with basic capabilities can cause an out-of-bounds read, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-studiogpu_display_drivervirtual_gpuwindowsteslacloud_gaming_guestgeforceNVIDIA Cloud Gaming (guest driver)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-29072
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-18.07% / 95.19%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 19:54
Updated-09 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. This is caused by misconfiguration of 7z.dll and a heap overflow. The command runs in a child process under the 7zFM.exe process. NOTE: multiple third parties have reported that no privilege escalation can occur

Action-Not Available
Vendor-7-zipn/aMicrosoft Corporation
Product-windows7-zipn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-21239
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.62%
||
7 Day CHG~0.00%
Published-10 Feb, 2026 | 17:51
Updated-10 Apr, 2026 | 13:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_server_2016windows_10_22h2windows_server_2012windows_11_24h2windows_11_23h2windows_10_1809windows_server_2022windows_server_2025windows_11_25h2windows_server_2022_23h2windows_10_1607windows_server_2019Windows Server 2012 (Server Core installation)Windows Server 2025Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 24H2Windows 10 Version 21H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019 (Server Core installation)Windows 11 version 22H3Windows Server 2012 R2Windows Server 2022Windows 10 Version 22H2Windows Server 2012Windows 11 Version 25H2Windows Server 2025 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows 11 Version 23H2Windows Server 2016 (Server Core installation)Windows Server 2019Windows 10 Version 1809
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-24521
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-8.23% / 92.23%
||
7 Day CHG-0.45%
Published-15 Apr, 2022 | 19:03
Updated-30 Oct, 2025 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-04||Apply updates per vendor instructions.
Windows Common Log File System Driver Elevation of Privilege Vulnerability

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_7windows_server_2012windows_10_21h2windows_10_1809windows_server_2022windows_rt_8.1windows_8.1windows_10_1507windows_10_1909windows_server_2008windows_10_21h1windows_10_20h2windows_10_1607windows_server_20h2windows_server_2019windows_11_21h2windows_server_2016Windows 11 version 21H2Windows Server 2016 (Server Core installation)Windows Server 2012Windows 8.1Windows Server 2008 Service Pack 2Windows Server 2019 (Server Core installation)Windows 7Windows 10 Version 21H1Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 1909Windows Server 2012 (Server Core installation)Windows Server 2022Windows Server 2019Windows 10 Version 1507Windows 10 Version 1607Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows 7 Service Pack 1Windows Server 2012 R2Windows 10 Version 1809Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows 10 Version 20H2Windows Server 2008 R2 Service Pack 1Windows Server 2016Windows Server version 20H2Windows
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-1459
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.13% / 32.26%
||
7 Day CHG~0.00%
Published-25 May, 2018 | 14:00
Updated-16 Sep, 2024 | 22:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to stack based buffer overflow, caused by improper bounds checking which could lead an attacker to execute arbitrary code. IBM X-Force ID: 140210.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowsdb2linux_kernelDB2 for Linux, UNIX and Windows
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-22049
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.71% / 72.24%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 22:37
Updated-08 Jul, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability

Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows 10 Version 1507Windows 10 Version 1607Windows 10 Version 20H2Windows Server 2012 R2 (Server Core installation)Windows Server 2012Windows 8.1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 21H2Windows Server version 20H2Windows Server 2019Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2016Windows 7Windows 11 version 21H2Windows 7 Service Pack 1Windows 10 Version 21H1
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-5991
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.79%
||
7 Day CHG~0.00%
Published-30 Oct, 2020 | 20:40
Updated-04 Aug, 2024 | 08:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a vulnerability in the NVJPEG library in which an out-of-bounds read or write operation may lead to code execution, denial of service, or information disclosure.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-windowscuda_toolkitNVIDIA CUDA Toolkit
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-12893
Matching Score-10
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-10
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.18% / 39.07%
||
7 Day CHG+0.10%
Published-15 Nov, 2021 | 19:45
Updated-16 Sep, 2024 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack Buffer Overflow in AMD Graphics Driver for Windows 10 in Escape 0x15002a may lead to escalation of privilege or denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.Microsoft Corporation
Product-radeon_softwarewindows_10AMD Radeon Software
CWE ID-CWE-787
Out-of-bounds Write
CVE-2015-2387
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-26.61% / 96.35%
||
7 Day CHG~0.00%
Published-14 Jul, 2015 | 22:00
Updated-22 Oct, 2025 | 00:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-24||Apply updates per vendor instructions.

ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "ATMFD.DLL Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_server_2003windows_server_2012windows_server_2008windows_rtwindows_vistawindows_8windows_rt_8.1windows_8.1n/aATM Font Driver
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-26245
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.63% / 70.30%
||
7 Day CHG~0.00%
Published-09 Apr, 2024 | 17:00
Updated-03 May, 2025 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows SMB Elevation of Privilege Vulnerability

Windows SMB Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507Windows 10 Version 1507
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-26109
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-0.06% / 17.69%
||
7 Day CHG~0.00%
Published-10 Mar, 2026 | 17:05
Updated-14 Apr, 2026 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_long_term_servicing_channelexcel365_appsofficeoffice_online_serverMicrosoft Office LTSC for Mac 2024Microsoft Excel 2016Microsoft Office LTSC 2024Microsoft Office 2019Office Online ServerMicrosoft Office LTSC for Mac 2021Microsoft 365 Apps for EnterpriseMicrosoft Office LTSC 2021
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-25175
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.69%
||
7 Day CHG~0.00%
Published-10 Mar, 2026 | 17:04
Updated-14 Apr, 2026 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows NTFS Elevation of Privilege Vulnerability

Out-of-bounds read in Windows NTFS allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_23h2windows_server_2022_23h2windows_10_22h2windows_10_1607windows_server_2016windows_server_2012windows_server_2022windows_10_21h2windows_10_1809windows_server_2019Windows Server 2012 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 21H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019 (Server Core installation)Windows 11 version 22H3Windows Server 2012 R2Windows Server 2022Windows 10 Version 22H2Windows Server 2012Windows Server 2016Windows 10 Version 1607Windows 11 Version 23H2Windows Server 2016 (Server Core installation)Windows Server 2019Windows 10 Version 1809
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-25174
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.69%
||
7 Day CHG~0.00%
Published-10 Mar, 2026 | 17:04
Updated-14 Apr, 2026 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Extensible File Allocation Table Elevation of Privilege Vulnerability

Out-of-bounds read in Windows Extensible File Allocation allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_23h2windows_server_2022_23h2windows_10_22h2windows_10_1607windows_server_2016windows_server_2025windows_11_26h1windows_server_2012windows_server_2022windows_server_2019windows_10_21h2windows_10_1809windows_11_24h2windows_11_25h2Windows 11 version 26H1Windows Server 2012 (Server Core installation)Windows Server 2025Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 24H2Windows 10 Version 21H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019 (Server Core installation)Windows 11 version 22H3Windows Server 2012 R2Windows Server 2022Windows 10 Version 22H2Windows Server 2012Windows 11 Version 25H2Windows Server 2025 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows 11 Version 23H2Windows Server 2016 (Server Core installation)Windows Server 2019Windows 10 Version 1809
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-23672
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.69%
||
7 Day CHG~0.00%
Published-10 Mar, 2026 | 17:04
Updated-14 Apr, 2026 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability

Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_23h2windows_server_2022_23h2windows_10_22h2windows_10_1607windows_server_2016windows_server_2025windows_11_26h1windows_server_2012windows_server_2022windows_server_2019windows_10_21h2windows_10_1809windows_11_24h2windows_11_25h2Windows 11 version 26H1Windows Server 2012 (Server Core installation)Windows Server 2025Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 24H2Windows 10 Version 21H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019 (Server Core installation)Windows 11 version 22H3Windows Server 2012 R2Windows Server 2022Windows 10 Version 22H2Windows Server 2012Windows 11 Version 25H2Windows Server 2025 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows 11 Version 23H2Windows Server 2016 (Server Core installation)Windows Server 2019Windows 10 Version 1809
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-23665
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.69%
||
7 Day CHG~0.00%
Published-10 Mar, 2026 | 17:05
Updated-14 Apr, 2026 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Linux Azure Diagnostic extension (LAD) Elevation of Privilege Vulnerability

Heap-based buffer overflow in Azure Linux Virtual Machines allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-linux_diagnostic_extensionAzure Linux Virtual Machines with Azure Diagnostics extension
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-23673
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.69%
||
7 Day CHG~0.00%
Published-10 Mar, 2026 | 17:04
Updated-14 Apr, 2026 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability

Out-of-bounds read in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_23h2windows_server_2022_23h2windows_10_22h2windows_10_1607windows_server_2016windows_server_2025windows_11_26h1windows_server_2012windows_server_2022windows_server_2019windows_10_21h2windows_10_1809windows_11_24h2windows_11_25h2Windows 11 version 26H1Windows Server 2012 (Server Core installation)Windows Server 2025Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 24H2Windows 10 Version 21H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019 (Server Core installation)Windows 11 version 22H3Windows Server 2012 R2Windows Server 2022Windows 10 Version 22H2Windows Server 2012Windows 11 Version 25H2Windows Server 2025 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows 11 Version 23H2Windows Server 2016 (Server Core installation)Windows Server 2019Windows 10 Version 1809
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-21246
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.12%
||
7 Day CHG~0.00%
Published-10 Feb, 2026 | 17:51
Updated-10 Apr, 2026 | 13:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Graphics Component Elevation of Privilege Vulnerability

Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_server_2016windows_10_22h2windows_server_2012windows_11_24h2windows_11_23h2windows_10_1809windows_server_2022windows_server_2025windows_11_25h2windows_server_2022_23h2windows_10_1607windows_server_2019Windows Server 2012 (Server Core installation)Windows Server 2025Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 24H2Windows 10 Version 21H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019 (Server Core installation)Windows 11 version 22H3Windows Server 2012 R2Windows Server 2022Windows 10 Version 22H2Windows Server 2012Windows 11 Version 25H2Windows Server 2025 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows 11 Version 23H2Windows Server 2016 (Server Core installation)Windows Server 2019Windows 10 Version 1809
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-21236
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.62%
||
7 Day CHG~0.00%
Published-10 Feb, 2026 | 17:51
Updated-10 Apr, 2026 | 13:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_server_2016windows_10_22h2windows_server_2012windows_11_24h2windows_11_23h2windows_10_1809windows_server_2022windows_server_2025windows_11_25h2windows_server_2022_23h2windows_10_1607windows_server_2019Windows 11 version 26H1Windows Server 2012 (Server Core installation)Windows Server 2025Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 24H2Windows 10 Version 21H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019 (Server Core installation)Windows 11 version 22H3Windows Server 2012 R2Windows Server 2022Windows 10 Version 22H2Windows Server 2012Windows 11 Version 25H2Windows Server 2025 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows 11 Version 23H2Windows Server 2016 (Server Core installation)Windows 11 Version 26H1Windows Server 2019Windows 10 Version 1809
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-21245
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.62%
||
7 Day CHG~0.00%
Published-10 Feb, 2026 | 17:51
Updated-10 Apr, 2026 | 13:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_server_2025windows_11_25h2Windows 11 version 26H1Windows Server 2025 (Server Core installation)Windows Server 2025Windows 11 Version 24H2Windows 11 Version 26H1Windows 11 Version 25H2
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-28310
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-53.95% / 98.02%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:32
Updated-30 Oct, 2025 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-11-17||Apply updates per vendor instructions.
Win32k Elevation of Privilege Vulnerability

Win32k Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_1909windows_10_1909windows_server_2004windows_10_1809windows_server_2019windows_10_2004windows_server_20h2windows_10_20h2windows_10_1803Windows 10 Version 1803Windows Server 2019Windows 10 Version 2004Windows 10 Version 1809Windows Server version 20H2Windows Server 2019 (Server Core installation)Windows 10 Version 20H2Windows Server, version 1909 (Server Core installation)Windows 10 Version 1909Windows Server version 2004Win32k
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-60709
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.18%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:59
Updated-26 Feb, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Common Log File System Driver Elevation of Privilege Vulnerability

Out-of-bounds read in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_11_25h2windows_server_2025windows_10_22h2windows_11_23h2windows_10_1607windows_server_2022windows_server_2019windows_server_2016windows_server_2008windows_server_2022_23h2windows_10_21h2windows_server_2012windows_10_1809Windows Server 2019 (Server Core installation)Windows 11 Version 25H2Windows 10 Version 21H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2012Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2025 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2016Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H3Windows Server 2019Windows 10 Version 1607Windows Server 2022Windows Server 2025Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 11 Version 24H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-55339
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.75%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-26 Feb, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Network Driver Interface Specification (NDIS) Driver Elevation of Privilege Vulnerability

Out-of-bounds read in Windows NDIS allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_22h2windows_11_24h2windows_11_23h2windows_server_2022windows_server_2022_23h2windows_server_2025windows_11_25h2Windows 11 Version 25H2Windows 11 version 22H2Windows 11 version 22H3Windows 11 Version 23H2Windows Server 2022Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows 11 Version 24H2Windows Server 2025 (Server Core installation)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-55681
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.06% / 17.40%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-26 Feb, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Desktop Window Manager Elevation of Privilege Vulnerability

Out-of-bounds read in Windows DWM allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_22h2windows_10_21h2windows_11_23h2windows_11_24h2windows_server_2022windows_10_22h2windows_server_2022_23h2windows_10_1809windows_server_2025windows_server_2019windows_11_25h2Windows Server 2019 (Server Core installation)Windows 11 Version 25H2Windows 10 Version 21H2Windows 11 version 22H2Windows 11 version 22H3Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2019Windows Server 2022Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows 11 Version 24H2Windows 10 Version 1809Windows Server 2025 (Server Core installation)
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2025-32716
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.74% / 72.87%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 17:02
Updated-20 Feb, 2026 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Media Elevation of Privilege Vulnerability

Out-of-bounds read in Windows Media allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_server_2022_23h2windows_10_1607windows_10_21h2windows_server_2008windows_server_2012windows_server_2019windows_11_23h2windows_server_2022windows_10_1809windows_server_2016windows_11_22h2windows_10_22h2Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-55233
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.11% / 28.62%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 17:55
Updated-16 Apr, 2026 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Projected File System Elevation of Privilege Vulnerability

Out-of-bounds read in Windows Projected File System allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_22h2windows_11_24h2windows_server_2019windows_11_23h2windows_10_21h2windows_10_1809windows_server_2022windows_server_2025windows_server_2022_23h2windows_11_25h2Windows Server 2022Windows Server 2025Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025 (Server Core installation)Windows 11 Version 24H2Windows 10 Version 21H2Windows Server 2019 (Server Core installation)Windows 11 version 22H3Windows 11 Version 23H2Windows 10 Version 22H2Windows Server 2019Windows 11 Version 25H2Windows 10 Version 1809
CWE ID-CWE-125
Out-of-bounds Read
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 141
  • 142
  • Next
Details not found