Windows 11 25h2

windows_11_25h2

Vendor: Microsoft • 512 CVEs

CVEs (512)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-40380 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 more May 14, 2026 May 12, 2026 N/A· v4 6.2 MEDIUM· v3 N/A· v2 Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack.
CVE-2026-40377 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 more May 14, 2026 May 12, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.
CVE-2026-40369 1Microsoft 4Windows 11 24h2 Windows 11 25h2Windows 11 26h1+1 more Jun 1, 2026 May 12, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-35424 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 more May 14, 2026 May 12, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network.
CVE-2026-35423 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 more May 14, 2026 May 12, 2026 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Out-of-bounds read in Telnet Client allows an unauthorized attacker to disclose information over a network.
CVE-2026-35422 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 more May 14, 2026 May 12, 2026 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized attacker to bypass a security feature over a network.
CVE-2026-35421 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 more May 14, 2026 May 12, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally.
CVE-2026-35419 1Microsoft 4Windows 11 24h2 Windows 11 25h2Windows 11 26h1+1 more May 14, 2026 May 12, 2026 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
CVE-2026-35418 1Microsoft 11Windows 10 1809 Windows 10 21h2Windows 10 22h2+8 more May 14, 2026 May 12, 2026 N/A· v4 7.0 HIGH· v3 N/A· v2 Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-35417 1Microsoft 11Windows 10 1809 Windows 10 21h2Windows 10 22h2+8 more Jun 1, 2026 May 12, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2026-35416 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 more Jun 1, 2026 May 12, 2026 N/A· v4 7.0 HIGH· v3 N/A· v2 Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-35415 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 more May 14, 2026 May 12, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Integer overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.
CVE-2026-34351 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 more May 14, 2026 May 12, 2026 N/A· v4 7.0 HIGH· v3 N/A· v2 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CVE-2026-34347 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 more May 14, 2026 May 12, 2026 N/A· v4 7.0 HIGH· v3 N/A· v2 Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2026-34345 1Microsoft 13Windows 10 1607 Windows 10 1809Windows 10 21h2+10 more Jun 1, 2026 May 12, 2026 N/A· v4 7.0 HIGH· v3 N/A· v2 Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-34344 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 more May 14, 2026 May 12, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-34343 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 more May 14, 2026 May 12, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Application Identity (AppID) Subsystem allows an authorized attacker to elevate privileges locally.
CVE-2026-34342 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 more May 14, 2026 May 12, 2026 N/A· v4 7.0 HIGH· v3 N/A· v2 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.
CVE-2026-34341 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 more May 14, 2026 May 12, 2026 N/A· v4 7.0 HIGH· v3 N/A· v2 Double free in Windows Link-Layer Discovery Protocol (LLDP) allows an authorized attacker to elevate privileges locally.
CVE-2026-34340 1Microsoft 11Windows 10 1809 Windows 10 21h2Windows 10 22h2+8 more May 14, 2026 May 12, 2026 N/A· v4 7.0 HIGH· v3 N/A· v2 Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.

Previous 123 4 5...26 Next