Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Microsoft Corporation

#f38d906d-7342-40ea-92c1-6c4a2c6478c8
PolicyEmail

Short Name

microsoft

Program Role

CNA

Top Level Root

MITRE Corporation

Security Advisories

View Advisories

Domain

microsoft.com

Country

USA

Scope

Microsoft issues only, excluding end-of-life (EOL) as listed in the Microsoft Lifecycle Policy.
Reported CVEsVendorsProductsReports
13926Vulnerabilities found

CVE-2026-56171
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.1||HIGH
EPSS-0.55% / 42.50%
||
7 Day CHG~0.00%
Published-17 Jul, 2026 | 21:34
Updated-17 Jul, 2026 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability

Exposure of private personal information to an unauthorized actor in Windows RDP allows an unauthorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-Windows Admin CenterRemote Desktop Web Client
CWE ID-CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
CVE-2026-57980
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.23% / 13.47%
||
7 Day CHG~0.00%
Published-17 Jul, 2026 | 21:29
Updated-17 Jul, 2026 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Tampering Vulnerability

Authentication bypass using an alternate path or channel in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform tampering over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-Microsoft Edge (Chromium-based)
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2026-62826
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.23% / 13.43%
||
7 Day CHG~0.00%
Published-16 Jul, 2026 | 22:02
Updated-17 Jul, 2026 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-Microsoft SharePoint Server Subscription EditionMicrosoft SharePoint Enterprise Server 2016Microsoft SharePoint Server 2019
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-58598
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.19% / 9.13%
||
7 Day CHG~0.00%
Published-16 Jul, 2026 | 21:57
Updated-18 Jul, 2026 | 05:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Backup Service Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Backup Engine allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-Windows 10 Version 21H2Windows 11 Version 25H2Windows 10 Version 22H2Windows 11 version 26H1Windows 11 Version 24H2
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE ID-CWE-416
Use After Free
CVE-2026-58643
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 15.04%
||
7 Day CHG~0.00%
Published-16 Jul, 2026 | 21:57
Updated-18 Jul, 2026 | 05:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Admin Center Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-Windows Admin Center
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-59117
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.45% / 36.48%
||
7 Day CHG~0.00%
Published-16 Jul, 2026 | 21:56
Updated-17 Jul, 2026 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Terminal Remote Code Execution Vulnerability

Integer overflow or wraparound in Windows Terminal allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-Windows Terminal App
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-50659
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.41% / 33.66%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 19:40
Updated-17 Jul, 2026 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET Spoofing Vulnerability

Improper encoding or escaping of output in .NET allows an authorized attacker to perform spoofing over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-Microsoft .NET Framework 3.5Microsoft Visual Studio 2022 version 17.12Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2.NET 9.0Microsoft Visual Studio 2026 version 18.7Microsoft .NET Framework 3.5 AND 4.7.2Microsoft .NET Framework 3.5 AND 4.8.NET 10.0Microsoft .NET Framework 3.5 AND 4.8.1Microsoft .NET Framework 4.8Microsoft Visual Studio 2022 version 17.14.NET 8.0
CWE ID-CWE-116
Improper Encoding or Escaping of Output
CVE-2026-50651
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.62% / 45.58%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 19:40
Updated-17 Jul, 2026 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET Denial of Service Vulnerability

Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-.NET 9.0Microsoft Visual Studio 2026 version 18.7.NET 10.0Microsoft Visual Studio 2022 version 17.12Microsoft Visual Studio 2022 version 17.14.NET 8.0
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-50650
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.29% / 20.53%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 19:29
Updated-17 Jul, 2026 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET Framework Elevation of Privilege Vulnerability

Improper control of generation of code ('code injection') in .NET Framework allows an unauthorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-Microsoft .NET Framework 3.5Microsoft Visual Studio 2022 version 17.12Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2.NET 9.0Microsoft Visual Studio 2026 version 18.7Microsoft .NET Framework 3.5 AND 4.7.2Microsoft .NET Framework 3.5 AND 4.8Microsoft .NET Framework 3.5 AND 4.8.1Microsoft .NET Framework 4.8Microsoft Visual Studio 2022 version 17.14.NET 8.0
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-50649
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.94% / 56.94%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 19:29
Updated-17 Jul, 2026 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET Remote Code Execution Vulnerability

Deserialization of untrusted data in .NET allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-Microsoft .NET Framework 3.5Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2.NET 9.0Microsoft Visual Studio 2026 version 18.7Microsoft .NET Framework 3.5 AND 4.7.2Microsoft .NET Framework 3.5 AND 4.8Microsoft .NET Framework 3.5 AND 4.8.1Microsoft .NET Framework 4.8.NET 8.0
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-50648
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.62% / 45.58%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 19:29
Updated-17 Jul, 2026 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET Framework Denial of Service Vulnerability

Allocation of resources without limits or throttling in .NET Framework allows an unauthorized attacker to deny service over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-Microsoft .NET Framework 3.5Microsoft Visual Studio 2022 version 17.12Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2.NET 9.0Microsoft Visual Studio 2026 version 18.7Microsoft .NET Framework 3.5 AND 4.7.2Microsoft .NET Framework 3.5 AND 4.8.NET 10.0Microsoft .NET Framework 3.5 AND 4.8.1Microsoft .NET Framework 4.8Microsoft Visual Studio 2022 version 17.14.NET 8.0
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-50646
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.58% / 72.76%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 19:29
Updated-17 Jul, 2026 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET Framework Remote Code Execution Vulnerability

Protection mechanism failure in .NET Framework allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-Microsoft .NET Framework 3.5Microsoft Visual Studio 2022 version 17.12Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2.NET 9.0Microsoft Visual Studio 2026 version 18.7Microsoft .NET Framework 3.5 AND 4.7.2Microsoft .NET Framework 3.5 AND 4.8Microsoft .NET Framework 3.5 AND 4.8.1Microsoft .NET Framework 4.8Microsoft Visual Studio 2022 version 17.14.NET 8.0
CWE ID-CWE-502
Deserialization of Untrusted Data
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2026-50528
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.2||HIGH
EPSS-0.44% / 35.34%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 19:29
Updated-17 Jul, 2026 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET Security Feature Bypass Vulnerability

Incorrect authorization in .NET allows an unauthorized attacker to bypass a security feature over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-.NET 9.0Microsoft Visual Studio 2026 version 18.7.NET 10.0Microsoft Visual Studio 2022 version 17.12Microsoft Visual Studio 2022 version 17.14.NET 8.0
CWE ID-CWE-302
Authentication Bypass by Assumed-Immutable Data
CWE ID-CWE-636
Not Failing Securely ('Failing Open')
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-50527
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.62% / 45.58%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 19:29
Updated-17 Jul, 2026 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET Framework Denial of Service Vulnerability

Stack-based buffer overflow in .NET Framework allows an unauthorized attacker to deny service over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-Microsoft .NET Framework 3.5Microsoft Visual Studio 2022 version 17.12Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2.NET 9.0Microsoft Visual Studio 2026 version 18.7Microsoft .NET Framework 3.5 AND 4.7.2Microsoft .NET Framework 3.5 AND 4.8.NET 10.0Microsoft .NET Framework 3.5 AND 4.8.1Microsoft .NET Framework 4.8Microsoft Visual Studio 2022 version 17.14.NET 8.0
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-50526
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.16% / 5.43%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 19:29
Updated-17 Jul, 2026 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET Tampering Vulnerability

Improper link resolution before file access ('link following') in .NET allows an authorized attacker to perform tampering locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-.NET 9.0Microsoft Visual Studio 2026 version 18.7.NET 10.0Microsoft Visual Studio 2022 version 17.12Microsoft Visual Studio 2022 version 17.14.NET 8.0
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2026-50525
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.62% / 45.58%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 19:29
Updated-17 Jul, 2026 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET Denial of Service Vulnerability

Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-Microsoft .NET Framework 3.5Microsoft Visual Studio 2022 version 17.12Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2.NET 9.0Microsoft Visual Studio 2026 version 18.7Microsoft .NET Framework 3.5 AND 4.7.2Microsoft .NET Framework 3.5 AND 4.8.NET 10.0Microsoft .NET Framework 3.5 AND 4.8.1Microsoft .NET Framework 4.8Microsoft Visual Studio 2022 version 17.14.NET 8.0
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-50524
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.65% / 46.94%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 19:29
Updated-17 Jul, 2026 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET Framework Denial of Service Vulnerability

Improper validation of specified type of input in .NET Framework allows an unauthorized attacker to deny service over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-.NET 9.0Microsoft Visual Studio 2026 version 18.7.NET 10.0Microsoft Visual Studio 2022 version 17.12Microsoft Visual Studio 2022 version 17.14.NET 8.0
CWE ID-CWE-1287
Improper Validation of Specified Type of Input
CVE-2026-47305
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.34% / 25.74%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 18:45
Updated-17 Jul, 2026 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Remote Code Execution Vulnerability

Protection mechanism failure in Visual Studio allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_2026visual_studio_2022Microsoft Visual Studio 2022 version 17.12Microsoft Visual Studio 2026 version 18.7Microsoft Visual Studio 2022 version 17.14
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2026-47304
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-0.20% / 10.08%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 18:45
Updated-17 Jul, 2026 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET Security Feature Bypass Vulnerability

Improper verification of cryptographic signature in .NET allows an unauthorized attacker to bypass a security feature over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-Microsoft .NET Framework 3.5Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2Microsoft Visual Studio 2026 version 18.7Microsoft .NET Framework 3.5 AND 4.7.2Microsoft .NET Framework 3.5 AND 4.8Microsoft Visual Studio 2022 version 17.12Microsoft .NET Framework 4.8Microsoft Visual Studio 2022 version 17.14Microsoft .NET Framework 3.5 AND 4.8.1
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-47303
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.58% / 43.94%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 18:45
Updated-17 Jul, 2026 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASP.NET Core Elevation of Privilege Vulnerability

Authentication bypass by assumed-immutable data in ASP.NET Core allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-.NET 9.0Microsoft Visual Studio 2026 version 18.7.NET 10.0Microsoft Visual Studio 2022 version 17.12Microsoft Visual Studio 2022 version 17.14.NET 8.0
CWE ID-CWE-302
Authentication Bypass by Assumed-Immutable Data
CWE ID-CWE-863
Incorrect Authorization
CWE ID-CWE-90
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
CVE-2026-47302
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.81% / 52.94%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 18:45
Updated-17 Jul, 2026 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET Denial of Service Vulnerability

Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-Microsoft .NET Framework 3.5Microsoft Visual Studio 2022 version 17.12Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2.NET 9.0Microsoft Visual Studio 2026 version 18.7Microsoft .NET Framework 3.5 AND 4.7.2Microsoft .NET Framework 3.5 AND 4.8.NET 10.0Microsoft .NET Framework 3.5 AND 4.8.1Microsoft .NET Framework 4.8Microsoft Visual Studio 2022 version 17.14.NET 8.0
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-47301
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.53% / 41.05%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 18:45
Updated-17 Jul, 2026 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Configuration Manager Elevation of Privilege Vulnerability

Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-configuration_manager_2603configuration_manager_2503configuration_manager_2509Microsoft Configuration ManagerMicrosoft Configuration Manager 2509Microsoft Configuration Manager 2603
CWE ID-CWE-284
Improper Access Control
CVE-2026-47300
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.54% / 41.72%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 18:20
Updated-17 Jul, 2026 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASP.NET Core Elevation of Privilege Vulnerability

Incorrect implementation of authentication algorithm in ASP.NET Core allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-.NET 9.0Microsoft Visual Studio 2026 version 18.7.NET 10.0Microsoft Visual Studio 2022 version 17.12Microsoft Visual Studio 2022 version 17.14.NET 8.0
CWE ID-CWE-303
Incorrect Implementation of Authentication Algorithm
CVE-2026-58529
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.1||HIGH
EPSS-0.95% / 57.22%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:10
Updated-17 Jul, 2026 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Active Directory Federation Services (ADFS) Information Disclosure Vulnerability

Out-of-bounds read in Active Directory Federation Services (AD FS) allows an authorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-Windows 11 version 26H1
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-55121
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.35% / 27.57%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:10
Updated-17 Jul, 2026 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Information Disclosure Vulnerability

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

Action-Not Available
Vendor-Apple Inc.Microsoft Corporation
Product-365_appsmicrosoft_365office_2024sharepoint_serveroffice_2016office_2019office_2021Microsoft Office LTSC for Mac 2024Microsoft Office LTSC 2024Microsoft Office LTSC 2021Microsoft Office 2019Microsoft Office LTSC for Mac 2021Microsoft Office 2016Microsoft Office 365 for MacMicrosoft SharePoint Server 2019Microsoft SharePoint Server Subscription EditionMicrosoft 365 Apps for EnterpriseMicrosoft SharePoint Enterprise Server 2016
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-56181
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.3||HIGH
EPSS-0.24% / 15.34%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:10
Updated-17 Jul, 2026 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Network Address Translation (NAT) Spoofing Vulnerability

Origin validation error in Windows Network Address Translation (NAT) allows an unauthorized attacker to perform spoofing over an adjacent network.

Action-Not Available
Vendor-Microsoft Corporation
Product-Windows 11 Version 25H2Windows Server 2025Windows 11 version 26H1Windows Server 2025 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-346
Origin Validation Error
CVE-2026-58638
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-6||MEDIUM
EPSS-0.23% / 13.70%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:10
Updated-17 Jul, 2026 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Boot Loader Security Feature Bypass Vulnerability

Missing cryptographic step in Windows Boot Loader allows an authorized attacker to bypass a security feature locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_server_2012windows_10_22h2windows_11_23h2windows_server_2016windows_server_2022windows_10_21h2windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows Server 2012 R2Windows Server 2025Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows Server 2012Windows 11 Version 25H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2016Windows 11 version 26H1Windows Server 2025 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-325
Missing Cryptographic Step
CVE-2026-58637
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.23% / 13.67%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:10
Updated-17 Jul, 2026 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Client-Side Caching Elevation of Privilege Vulnerability

Use after free in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_server_2012windows_10_22h2windows_server_2016windows_server_2022windows_10_21h2windows_10_1607windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 1607Windows Server 2012 R2Windows Server 2025Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows Server 2012Windows 11 Version 25H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2016Windows 11 version 26H1Windows Server 2025 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-416
Use After Free
CVE-2026-58634
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.29% / 20.91%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:10
Updated-17 Jul, 2026 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Desktop Window Manager Elevation of Privilege Vulnerability

Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_26h1Windows 11 version 26H1
CWE ID-CWE-416
Use After Free
CVE-2026-58633
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.31% / 23.37%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:10
Updated-17 Jul, 2026 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Desktop Window Manager Elevation of Privilege Vulnerability

Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_26h1Windows 11 version 26H1
CWE ID-CWE-416
Use After Free
CVE-2026-58632
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.29% / 20.91%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:10
Updated-17 Jul, 2026 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_10_22h2windows_server_2016windows_server_2022windows_10_21h2windows_10_1607windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 21H2Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows 11 Version 25H2Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2025 (Server Core installation)Windows Server 2016Windows 11 version 26H1Windows Server 2025Windows 11 Version 24H2
CWE ID-CWE-416
Use After Free
CVE-2026-58629
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.23% / 13.67%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:10
Updated-17 Jul, 2026 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DirectX Graphics Kernel Elevation of Privilege Vulnerability

Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_server_2012windows_10_22h2windows_11_23h2windows_server_2016windows_server_2022windows_10_21h2windows_10_1607windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 11 version 23H2Windows 10 Version 1607Windows Server 2012 R2Windows 11 Version 23H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows Server 2012Windows 11 Version 25H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2016Windows 11 version 26H1Windows Server 2025Windows 11 Version 24H2
CWE ID-CWE-416
Use After Free
CVE-2026-58628
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.18% / 7.89%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:10
Updated-17 Jul, 2026 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Wireless Network Manager Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Wireless Networking allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_10_22h2windows_server_2022windows_10_21h2windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 21H2Windows 11 Version 25H2Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2022Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows 11 version 26H1Windows Server 2025Windows 11 Version 24H2
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2026-58627
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.87% / 54.80%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:10
Updated-17 Jul, 2026 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows DHCP Server Denial of Service Vulnerability

Uncontrolled resource consumption in Windows DHCP Server allows an unauthorized attacker to deny service over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2016windows_server_2022windows_10_1607windows_server_2025windows_server_2019windows_10_1809Windows Server 2012Windows 10 Version 1607Windows Server 2012 R2Windows Server 2019 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2025 (Server Core installation)Windows Server 2016Windows Server 2012 (Server Core installation)Windows Server 2025
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-58626
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.85% / 54.12%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:10
Updated-17 Jul, 2026 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Desktop Services Remote Code Execution Vulnerability

Use after free in Windows Remote Desktop Services allows an authorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_10_22h2windows_server_2022windows_10_21h2windows_server_2025windows_11_25h2windows_11_26h1Windows 10 Version 21H2Windows 11 Version 25H2Windows 10 Version 22H2Windows Server 2022Windows Server 2025 (Server Core installation)Windows 11 version 26H1Windows Server 2025Windows 11 Version 24H2
CWE ID-CWE-416
Use After Free
CVE-2026-58619
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.23% / 13.67%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:10
Updated-17 Jul, 2026 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Sensor Data Service Elevation of Privilege Vulnerability

Use after free in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_10_22h2windows_server_2016windows_server_2022windows_10_21h2windows_10_1607windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 21H2Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows 11 Version 25H2Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2025 (Server Core installation)Windows Server 2016Windows 11 version 26H1Windows Server 2025Windows 11 Version 24H2
CWE ID-CWE-416
Use After Free
CVE-2026-58617
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-0.72% / 49.83%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:10
Updated-17 Jul, 2026 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
M365 Copilot for iOS Elevation of Privilege Vulnerability

Improper access control in Microsoft 365 Copilot for iOS allows an unauthorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-365_copilotMicrosoft 365 Copilot for iOS
CWE ID-CWE-284
Improper Access Control
CVE-2026-58613
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.33% / 24.87%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:10
Updated-17 Jul, 2026 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_10_22h2windows_server_2022windows_10_21h2windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 21H2Windows 11 Version 25H2Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2022Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows 11 version 26H1Windows Server 2025Windows 11 Version 24H2
CWE ID-CWE-416
Use After Free
CVE-2026-58594
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.77% / 51.43%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:10
Updated-17 Jul, 2026 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Desktop Client Remote Code Execution Vulnerability

Integer overflow or wraparound in Windows RDP allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_server_2012windows_10_22h2windows_server_2016windows_server_2022windows_10_21h2windows_10_1607windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 1607Windows Server 2012 R2Windows Server 2025Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows Server 2012Windows 11 Version 25H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2016Windows 11 version 26H1Windows Server 2025 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-58541
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.29% / 20.91%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:10
Updated-17 Jul, 2026 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft DWM Core Library Elevation of Privilege Vulnerability

Access of resource using incompatible type ('type confusion') in Windows DWM allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_10_22h2windows_server_2016windows_server_2022windows_10_21h2windows_10_1607windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 21H2Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows 11 Version 25H2Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2025 (Server Core installation)Windows Server 2016Windows 11 version 26H1Windows Server 2025Windows 11 Version 24H2
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2026-58543
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.17% / 6.75%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:10
Updated-17 Jul, 2026 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Universal Print Management Service Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges with a physical attack.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_11_25h2windows_11_26h1windows_server_2025Windows 11 Version 25H2Windows Server 2025Windows 11 version 26H1Windows Server 2025 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE ID-CWE-416
Use After Free
CVE-2026-58542
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.34% / 26.32%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:10
Updated-17 Jul, 2026 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Media Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_11_25h2windows_11_26h1windows_server_2025Windows 11 Version 25H2Windows Server 2025Windows 11 version 26H1Windows Server 2025 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-58544
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.23% / 13.67%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:10
Updated-17 Jul, 2026 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Management Services Elevation of Privilege Vulnerability

Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_11_25h2windows_11_26h1windows_server_2025Windows 11 Version 25H2Windows Server 2025Windows 11 version 26H1Windows Server 2025 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-416
Use After Free
CVE-2026-58545
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.24% / 15.12%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:10
Updated-17 Jul, 2026 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Security Feature Bypass Vulnerability

Improper access control in Windows Kernel allows an authorized attacker to bypass a security feature locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_server_2012windows_10_22h2windows_server_2016windows_server_2022windows_10_21h2windows_10_1607windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 1607Windows Server 2012 R2Windows Server 2025Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows Server 2012Windows 11 Version 25H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2016Windows 11 version 26H1Windows Server 2025 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-284
Improper Access Control
CVE-2026-58547
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.35% / 27.60%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:10
Updated-17 Jul, 2026 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability

Heap-based buffer overflow in Universal Plug and Play (upnp.dll) allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_10_22h2windows_server_2022windows_10_21h2windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 21H2Windows 11 Version 25H2Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2022Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows 11 version 26H1Windows Server 2025Windows 11 Version 24H2
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-58536
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.75% / 75.35%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:10
Updated-17 Jul, 2026 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-Windows 10 Version 21H2Windows 11 Version 25H2Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2022Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows 11 version 26H1Windows Server 2025Windows 11 Version 24H2
CWE ID-CWE-416
Use After Free
CVE-2026-58534
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.33% / 24.60%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:10
Updated-17 Jul, 2026 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Input Method Editor (IME) Elevation of Privilege Vulnerability

Heap-based buffer overflow in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-Windows 10 Version 21H2Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows 11 Version 25H2Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2025 (Server Core installation)Windows Server 2016Windows 11 version 26H1Windows Server 2025Windows 11 Version 24H2
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-58537
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.32% / 23.88%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:10
Updated-17 Jul, 2026 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft NAT Helper Components (ipnathlp.dll) Elevation of Privilege Vulnerability

Use after free in Microsoft NAT Helper Components (ipnathlp.dll) allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-Windows 11 Version 25H2Windows Server 2025Windows 11 version 26H1Windows Server 2025 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-416
Use After Free
CVE-2026-58532
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.31% / 23.13%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:10
Updated-17 Jul, 2026 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Integer overflow or wraparound in Windows Kernel allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_server_2012windows_10_22h2windows_server_2016windows_server_2022windows_10_21h2windows_10_1607windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 1607Windows Server 2012 R2Windows Server 2025Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows Server 2012Windows 11 Version 25H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2016Windows 11 version 26H1Windows Server 2025 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-58531
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.50% / 39.72%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:10
Updated-17 Jul, 2026 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows SMB Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-Windows 10 Version 1607Windows Server 2012 R2Windows Server 2025Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows Server 2012Windows 11 Version 25H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2016Windows 11 version 26H1Windows Server 2025 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE ID-CWE-416
Use After Free
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 278
  • 279
  • Next