Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

windows_10_21h2

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

2137
Related CVEsRelated VendorsRelated AssignersReports
2137Vulnerabilities found

CVE-2026-58638
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-6||MEDIUM
EPSS-0.23% / 13.70%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:10
Updated-17 Jul, 2026 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Boot Loader Security Feature Bypass Vulnerability

Missing cryptographic step in Windows Boot Loader allows an authorized attacker to bypass a security feature locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_server_2012windows_10_22h2windows_11_23h2windows_server_2016windows_server_2022windows_10_21h2windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows Server 2012 R2Windows Server 2025Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows Server 2012Windows 11 Version 25H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2016Windows 11 version 26H1Windows Server 2025 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-325
Missing Cryptographic Step
CVE-2026-58637
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.23% / 13.67%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:10
Updated-17 Jul, 2026 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Client-Side Caching Elevation of Privilege Vulnerability

Use after free in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_server_2012windows_10_22h2windows_server_2016windows_server_2022windows_10_21h2windows_10_1607windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 1607Windows Server 2012 R2Windows Server 2025Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows Server 2012Windows 11 Version 25H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2016Windows 11 version 26H1Windows Server 2025 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-416
Use After Free
CVE-2026-58632
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.29% / 20.91%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:10
Updated-17 Jul, 2026 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_10_22h2windows_server_2016windows_server_2022windows_10_21h2windows_10_1607windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 21H2Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows 11 Version 25H2Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2025 (Server Core installation)Windows Server 2016Windows 11 version 26H1Windows Server 2025Windows 11 Version 24H2
CWE ID-CWE-416
Use After Free
CVE-2026-58629
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.23% / 13.67%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:10
Updated-17 Jul, 2026 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DirectX Graphics Kernel Elevation of Privilege Vulnerability

Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_server_2012windows_10_22h2windows_11_23h2windows_server_2016windows_server_2022windows_10_21h2windows_10_1607windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 11 version 23H2Windows 10 Version 1607Windows Server 2012 R2Windows 11 Version 23H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows Server 2012Windows 11 Version 25H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2016Windows 11 version 26H1Windows Server 2025Windows 11 Version 24H2
CWE ID-CWE-416
Use After Free
CVE-2026-58628
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.18% / 7.89%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:10
Updated-17 Jul, 2026 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Wireless Network Manager Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Wireless Networking allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_10_22h2windows_server_2022windows_10_21h2windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 21H2Windows 11 Version 25H2Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2022Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows 11 version 26H1Windows Server 2025Windows 11 Version 24H2
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2026-58626
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.85% / 54.12%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:10
Updated-17 Jul, 2026 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Desktop Services Remote Code Execution Vulnerability

Use after free in Windows Remote Desktop Services allows an authorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_10_22h2windows_server_2022windows_10_21h2windows_server_2025windows_11_25h2windows_11_26h1Windows 10 Version 21H2Windows 11 Version 25H2Windows 10 Version 22H2Windows Server 2022Windows Server 2025 (Server Core installation)Windows 11 version 26H1Windows Server 2025Windows 11 Version 24H2
CWE ID-CWE-416
Use After Free
CVE-2026-58619
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.23% / 13.67%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:10
Updated-17 Jul, 2026 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Sensor Data Service Elevation of Privilege Vulnerability

Use after free in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_10_22h2windows_server_2016windows_server_2022windows_10_21h2windows_10_1607windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 21H2Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows 11 Version 25H2Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2025 (Server Core installation)Windows Server 2016Windows 11 version 26H1Windows Server 2025Windows 11 Version 24H2
CWE ID-CWE-416
Use After Free
CVE-2026-58613
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.33% / 24.87%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:10
Updated-17 Jul, 2026 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_10_22h2windows_server_2022windows_10_21h2windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 21H2Windows 11 Version 25H2Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2022Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows 11 version 26H1Windows Server 2025Windows 11 Version 24H2
CWE ID-CWE-416
Use After Free
CVE-2026-58594
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.77% / 51.43%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:10
Updated-17 Jul, 2026 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Desktop Client Remote Code Execution Vulnerability

Integer overflow or wraparound in Windows RDP allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_server_2012windows_10_22h2windows_server_2016windows_server_2022windows_10_21h2windows_10_1607windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 1607Windows Server 2012 R2Windows Server 2025Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows Server 2012Windows 11 Version 25H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2016Windows 11 version 26H1Windows Server 2025 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-58541
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.29% / 20.91%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:10
Updated-17 Jul, 2026 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft DWM Core Library Elevation of Privilege Vulnerability

Access of resource using incompatible type ('type confusion') in Windows DWM allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_10_22h2windows_server_2016windows_server_2022windows_10_21h2windows_10_1607windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 21H2Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows 11 Version 25H2Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2025 (Server Core installation)Windows Server 2016Windows 11 version 26H1Windows Server 2025Windows 11 Version 24H2
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2026-58545
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.24% / 15.12%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:10
Updated-17 Jul, 2026 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Security Feature Bypass Vulnerability

Improper access control in Windows Kernel allows an authorized attacker to bypass a security feature locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_server_2012windows_10_22h2windows_server_2016windows_server_2022windows_10_21h2windows_10_1607windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 1607Windows Server 2012 R2Windows Server 2025Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows Server 2012Windows 11 Version 25H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2016Windows 11 version 26H1Windows Server 2025 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-284
Improper Access Control
CVE-2026-58547
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.35% / 27.60%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:10
Updated-17 Jul, 2026 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability

Heap-based buffer overflow in Universal Plug and Play (upnp.dll) allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_10_22h2windows_server_2022windows_10_21h2windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 21H2Windows 11 Version 25H2Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2022Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows 11 version 26H1Windows Server 2025Windows 11 Version 24H2
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-58532
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.31% / 23.13%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:10
Updated-17 Jul, 2026 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Integer overflow or wraparound in Windows Kernel allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_server_2012windows_10_22h2windows_server_2016windows_server_2022windows_10_21h2windows_10_1607windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 1607Windows Server 2012 R2Windows Server 2025Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows Server 2012Windows 11 Version 25H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2016Windows 11 version 26H1Windows Server 2025 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-58540
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.28% / 19.75%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:10
Updated-17 Jul, 2026 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Installer Elevation of Privilege Vulnerability

Improper authorization in Windows Installer allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_server_2012windows_10_22h2windows_server_2016windows_server_2022windows_10_21h2windows_10_1607windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 1607Windows Server 2012 R2Windows Server 2025Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows Server 2012Windows 11 Version 25H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2016Windows 11 version 26H1Windows Server 2025 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-285
Improper Authorization
CVE-2026-58539
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.87% / 54.70%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:10
Updated-17 Jul, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Desktop Client Information Disclosure Vulnerability

Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_server_2012windows_10_22h2windows_server_2016windows_server_2022windows_10_21h2windows_10_1607windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 1607Windows Server 2012 R2Windows Server 2025Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows Server 2012Windows 11 Version 25H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2016Windows 11 version 26H1Windows Server 2025 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-58546
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.50% / 39.69%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:10
Updated-17 Jul, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Desktop Client Information Disclosure Vulnerability

Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_server_2012windows_10_22h2windows_server_2016windows_server_2022windows_10_21h2windows_10_1607windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 1607Windows Server 2012 R2Windows Server 2025Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows Server 2012Windows 11 Version 25H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2016Windows 11 version 26H1Windows Server 2025 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2026-58538
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.31% / 23.10%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:09
Updated-17 Jul, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Bluetooth Service Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_10_22h2windows_server_2022windows_10_21h2windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 21H2Windows 11 Version 25H2Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2022Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows 11 version 26H1Windows Server 2025Windows 11 Version 24H2
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-57087
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.78% / 52.00%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:09
Updated-17 Jul, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Windows Media Foundation Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_server_2012windows_10_22h2windows_server_2016windows_server_2022windows_10_21h2windows_10_1607windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 21H2Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows 11 Version 25H2Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2025 (Server Core installation)Windows Server 2016Windows 11 version 26H1Windows Server 2025Windows 11 Version 24H2
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-57092
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-9.9||CRITICAL
EPSS-0.99% / 58.56%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:09
Updated-17 Jul, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Windows VMSwitch Elevation of Privilege Vulnerability

Use after free in Windows VMSwitch allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_server_2012windows_10_22h2windows_server_2016windows_server_2022windows_10_21h2windows_10_1607windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 1607Windows Server 2012 R2Windows Server 2025Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows Server 2012Windows 11 Version 25H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2016Windows 11 version 26H1Windows Server 2025 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-416
Use After Free
CVE-2026-57085
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.27% / 19.29%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:09
Updated-17 Jul, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Print Spooler Information Disclosure Vulnerability

Out-of-bounds read in Windows Print Spooler Components allows an authorized attacker to disclose information locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_server_2012windows_10_22h2windows_server_2016windows_server_2022windows_10_21h2windows_10_1607windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 1607Windows Server 2012 R2Windows Server 2025Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows Server 2012Windows 11 Version 25H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2016Windows 11 version 26H1Windows Server 2025 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-57089
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.61% / 45.20%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:09
Updated-17 Jul, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows SMB Server Network Transport Driver (srvnet.sys) Remote Code Execution Vulnerability

Use after free in Windows SMB Server Network Transport Driver (srvnet.sys) allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_server_2012windows_10_22h2windows_server_2016windows_server_2022windows_10_21h2windows_10_1607windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 1607Windows Server 2012 R2Windows Server 2025Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows Server 2012Windows 11 Version 25H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2016Windows 11 version 26H1Windows Server 2025 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-416
Use After Free
CVE-2026-57091
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.36% / 28.34%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:09
Updated-17 Jul, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows File History Service Elevation of Privilege Vulnerability

Stack-based buffer overflow in Windows File History Service allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_10_22h2windows_server_2016windows_server_2022windows_10_21h2windows_10_1607windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 21H2Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows 11 Version 25H2Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2025 (Server Core installation)Windows Server 2016Windows 11 version 26H1Windows Server 2025Windows 11 Version 24H2
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-57090
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.81% / 52.90%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:09
Updated-17 Jul, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Windows Media Foundation Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_server_2012windows_10_22h2windows_server_2016windows_server_2022windows_10_21h2windows_10_1607windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 21H2Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows 11 Version 25H2Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2025 (Server Core installation)Windows Server 2016Windows 11 version 26H1Windows Server 2025Windows 11 Version 24H2
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-56650
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.31% / 23.10%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:09
Updated-17 Jul, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Network File System Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Network File System allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_server_2012windows_10_22h2windows_server_2016windows_server_2022windows_10_21h2windows_10_1607windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 1607Windows Server 2012 R2Windows Server 2025Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows Server 2012Windows 11 Version 25H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2016Windows 11 version 26H1Windows Server 2025 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-197
Numeric Truncation Error
CVE-2026-57084
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.52% / 40.60%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:09
Updated-17 Jul, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows File Explorer Information Disclosure Vulnerability

Use of uninitialized resource in Windows File Explorer allows an unauthorized attacker to disclose information locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_server_2012windows_10_22h2windows_server_2016windows_server_2022windows_10_21h2windows_10_1607windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 1607Windows Server 2012 R2Windows Server 2025Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows Server 2012Windows 11 Version 25H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2016Windows 11 version 26H1Windows Server 2025 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2026-57083
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.50% / 39.19%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:09
Updated-17 Jul, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Media Photo Codec Information Disclosure Vulnerability

Use of uninitialized resource in Microsoft Windows Codecs Library allows an unauthorized attacker to disclose information locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_server_2012windows_10_22h2windows_server_2016windows_server_2022windows_10_21h2windows_10_1607windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 1607Windows Server 2012 R2Windows Server 2025Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows Server 2012Windows 11 Version 25H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2016Windows 11 version 26H1Windows Server 2025 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2026-56649
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.65% / 47.11%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:09
Updated-17 Jul, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Network File System Remote Code Execution Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Network File System allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_server_2012windows_10_22h2windows_server_2016windows_server_2022windows_10_21h2windows_10_1607windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 1607Windows Server 2012 R2Windows Server 2025Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows Server 2012Windows 11 Version 25H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2016Windows 11 version 26H1Windows Server 2025 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE ID-CWE-416
Use After Free
CVE-2026-56648
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.47% / 37.93%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:09
Updated-17 Jul, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows NFS Server Elevation of Privilege Vulnerability

Time-of-check time-of-use (toctou) race condition in Windows Network File System allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_server_2012windows_10_22h2windows_server_2016windows_server_2022windows_10_21h2windows_10_1607windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 1607Windows Server 2012 R2Windows Server 2025Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows Server 2012Windows 11 Version 25H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2016Windows 11 version 26H1Windows Server 2025 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE ID-CWE-416
Use After Free
CVE-2026-56647
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.85% / 54.12%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:09
Updated-17 Jul, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Access Service Infrastructure Elevation of Privilege Vulnerability

Integer overflow or wraparound in Windows Remote Access Service Infrastructure allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_server_2012windows_10_22h2windows_server_2016windows_server_2022windows_10_21h2windows_10_1607windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 1607Windows Server 2012 R2Windows Server 2025Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows 11 Version 25H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2016Windows 11 version 26H1Windows Server 2025 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-56644
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.31% / 23.10%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:09
Updated-17 Jul, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DirectX Graphics Kernel Elevation of Privilege Vulnerability

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_10_22h2windows_server_2016windows_server_2022windows_10_21h2windows_10_1607windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 21H2Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows 11 Version 25H2Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2025 (Server Core installation)Windows Server 2016Windows 11 version 26H1Windows Server 2025Windows 11 Version 24H2
CWE ID-CWE-416
Use After Free
CVE-2026-56643
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.31% / 23.10%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:09
Updated-17 Jul, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DirectX Graphics Kernel Elevation of Privilege Vulnerability

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_10_22h2windows_server_2016windows_server_2022windows_10_21h2windows_10_1607windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 21H2Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows 11 Version 25H2Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2025 (Server Core installation)Windows Server 2016Windows 11 version 26H1Windows Server 2025Windows 11 Version 24H2
CWE ID-CWE-416
Use After Free
CVE-2026-50688
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.72% / 74.91%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:08
Updated-17 Jul, 2026 | 21:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Win32k Elevation of Privilege Vulnerability

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_server_2012windows_10_22h2windows_server_2016windows_server_2022windows_10_21h2windows_10_1607windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 1607Windows Server 2012 R2Windows Server 2025Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows Server 2012Windows 11 Version 25H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2016Windows 11 version 26H1Windows Server 2025 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-416
Use After Free
CVE-2026-50673
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.20% / 9.91%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:08
Updated-17 Jul, 2026 | 21:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Null pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_server_2012windows_10_22h2windows_server_2016windows_server_2022windows_10_21h2windows_10_1607windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 1607Windows Server 2012 R2Windows Server 2025Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows Server 2012Windows 11 Version 25H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2016Windows 11 version 26H1Windows Server 2025 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-50670
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.24% / 15.02%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:08
Updated-17 Jul, 2026 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Win32k Elevation of Privilege Vulnerability

Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_10_22h2windows_server_2022windows_10_21h2windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 21H2Windows 11 Version 25H2Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2022Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows 11 version 26H1Windows Server 2025Windows 11 Version 24H2
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-20
Improper Input Validation
CVE-2026-50312
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.33% / 24.80%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:06
Updated-17 Jul, 2026 | 21:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_server_2012windows_10_22h2windows_server_2016windows_server_2022windows_10_21h2windows_10_1607windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 1607Windows Server 2012 R2Windows Server 2025Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows Server 2012Windows 11 Version 25H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2016Windows 11 version 26H1Windows Server 2025 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-416
Use After Free
CVE-2026-50310
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.30% / 21.72%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:06
Updated-17 Jul, 2026 | 21:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Human Interface Device Information Disclosure Vulnerability

Integer overflow or wraparound in Windows Devices Human Interface allows an authorized attacker to disclose information locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_10_22h2windows_server_2022windows_10_21h2windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 21H2Windows 11 Version 25H2Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2022Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows 11 version 26H1Windows Server 2025Windows 11 Version 24H2
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-50321
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.15% / 4.96%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:06
Updated-17 Jul, 2026 | 21:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows USB Driver Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Driver allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_server_2012windows_10_22h2windows_server_2016windows_server_2022windows_10_21h2windows_10_1607windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 1607Windows Server 2012 R2Windows Server 2025Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows Server 2012Windows 11 Version 25H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2016Windows 11 version 26H1Windows Server 2025 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE ID-CWE-416
Use After Free
CVE-2026-50313
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.43% / 35.24%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:06
Updated-17 Jul, 2026 | 21:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows NTFS Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_server_2012windows_10_22h2windows_server_2016windows_server_2022windows_10_21h2windows_10_1607windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 1607Windows Server 2012 R2Windows Server 2025Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows Server 2012Windows 11 Version 25H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2016Windows 11 version 26H1Windows Server 2025 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-50326
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.31% / 23.10%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:06
Updated-17 Jul, 2026 | 21:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Unified Consent System Elevation of Privilege Vulnerability

Use after free in Windows Unified Consent System allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_10_22h2windows_10_21h2windows_server_2025windows_11_25h2windows_11_26h1Windows 10 Version 21H2Windows 11 Version 25H2Windows 10 Version 22H2Windows Server 2025Windows 11 version 26H1Windows Server 2025 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-416
Use After Free
CVE-2026-50307
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.20% / 10.04%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:06
Updated-17 Jul, 2026 | 21:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows TCP/IP Elevation of Privilege Vulnerability

Use after free in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_10_22h2windows_server_2022windows_10_21h2windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 21H2Windows 11 Version 25H2Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2022Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows 11 version 26H1Windows Server 2025Windows 11 Version 24H2
CWE ID-CWE-416
Use After Free
CVE-2026-50309
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.24% / 15.02%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:06
Updated-17 Jul, 2026 | 21:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows NTFS Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_server_2012windows_10_22h2windows_server_2016windows_server_2022windows_10_21h2windows_10_1607windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 1607Windows Server 2012 R2Windows Server 2025Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows Server 2012Windows 11 Version 25H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2016Windows 11 version 26H1Windows Server 2025 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-50306
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.24% / 15.02%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:06
Updated-17 Jul, 2026 | 21:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows TCP/IP Elevation of Privilege Vulnerability

Use after free in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_server_2012windows_10_22h2windows_server_2016windows_server_2022windows_10_21h2windows_10_1607windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 1607Windows Server 2012 R2Windows Server 2025Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows Server 2012Windows 11 Version 25H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2016Windows 11 version 26H1Windows Server 2025 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-416
Use After Free
CVE-2026-50302
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-4.2||MEDIUM
EPSS-0.24% / 14.57%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:06
Updated-17 Jul, 2026 | 21:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Cryptographic Services Security Feature Bypass Vulnerability

Improper certificate validation in Windows Cryptographic Services allows an unauthorized attacker to bypass a security feature over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_10_22h2windows_server_2022windows_10_21h2windows_server_2025windows_11_25h2windows_11_26h1Windows 10 Version 21H2Windows 11 Version 25H2Windows 10 Version 22H2Windows Server 2022Windows Server 2025 (Server Core installation)Windows 11 version 26H1Windows Server 2025Windows 11 Version 24H2
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-50303
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.20% / 10.26%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:06
Updated-17 Jul, 2026 | 21:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Key Guard Security Feature Bypass Vulnerability

Use of a cryptographic primitive with a risky implementation in Windows Key Guard allows an authorized attacker to bypass a security feature locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_10_22h2windows_server_2022windows_10_21h2windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 21H2Windows 11 Version 25H2Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2022Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows 11 version 26H1Windows Server 2025Windows 11 Version 24H2
CWE ID-CWE-1240
Use of a Cryptographic Primitive with a Risky Implementation
CVE-2026-50300
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.30% / 21.79%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:06
Updated-17 Jul, 2026 | 21:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows DWM Core Library Information Disclosure Vulnerability

Integer underflow (wrap or wraparound) in Windows Kernel allows an authorized attacker to disclose information locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_10_22h2windows_server_2016windows_server_2022windows_10_21h2windows_10_1607windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 21H2Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows 11 Version 25H2Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2025 (Server Core installation)Windows Server 2016Windows 11 version 26H1Windows Server 2025Windows 11 Version 24H2
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2026-50350
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.35% / 27.64%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:06
Updated-17 Jul, 2026 | 21:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Trusted Runtime Interface Driver Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_10_22h2windows_10_21h2windows_server_2025windows_11_25h2windows_11_26h1Windows 10 Version 21H2Windows 11 Version 25H2Windows 10 Version 22H2Windows Server 2025Windows 11 version 26H1Windows Server 2025 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-50325
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.20% / 10.34%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:06
Updated-17 Jul, 2026 | 21:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Win32k Elevation of Privilege Vulnerability

Improper access control in Windows Win32K allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_server_2012windows_10_22h2windows_server_2016windows_server_2022windows_10_21h2windows_10_1607windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 1607Windows Server 2012 R2Windows Server 2025Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows Server 2012Windows 11 Version 25H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2016Windows 11 version 26H1Windows Server 2025 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-284
Improper Access Control
CVE-2026-50297
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.20% / 10.34%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:06
Updated-17 Jul, 2026 | 21:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Win32k Elevation of Privilege Vulnerability

Improper access control in Windows Win32K allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_server_2012windows_10_22h2windows_server_2016windows_server_2022windows_10_21h2windows_10_1607windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 1607Windows Server 2012 R2Windows Server 2025Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows Server 2012Windows 11 Version 25H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2016Windows 11 version 26H1Windows Server 2025 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-284
Improper Access Control
CVE-2026-50296
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.20% / 9.87%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:06
Updated-17 Jul, 2026 | 21:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DirectX Graphics Kernel Elevation of Privilege Vulnerability

Use after free in Graphics Kernel allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_10_22h2windows_server_2016windows_server_2022windows_10_21h2windows_10_1607windows_server_2019windows_server_2025windows_11_25h2windows_11_26h1windows_10_1809Windows 10 Version 21H2Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows 11 Version 25H2Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2025 (Server Core installation)Windows Server 2016Windows 11 version 26H1Windows Server 2025Windows 11 Version 24H2
CWE ID-CWE-416
Use After Free
CVE-2026-50316
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.35% / 27.64%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:06
Updated-17 Jul, 2026 | 21:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Information Disclosure Vulnerability

Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_10_22h2windows_server_2022windows_10_21h2windows_server_2025windows_11_25h2windows_11_26h1Windows 10 Version 21H2Windows 11 Version 25H2Windows 10 Version 22H2Windows Server 2022Windows Server 2025 (Server Core installation)Windows 11 version 26H1Windows Server 2025Windows 11 Version 24H2
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 42
  • 43
  • Next