Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-34330 | HIGH | 7.8 | Integer overflow or wraparound in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-34329 | HIGH | 8.8 | Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network. | May 12, 2026 |
| CVE-2026-33841 | HIGH | 7.8 | Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-33840 | HIGH | 7.8 | Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-33839 | HIGH | 7.0 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-33838 | HIGH | 7.8 | Double free in Windows Message Queuing allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-33837 | HIGH | 7.8 | Heap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-33835 | HIGH | 7.8 | Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-33834 | HIGH | 7.8 | Improper access control in Windows Event Logging Service allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-33833 | HIGH | 8.2 | Improper neutralization of special elements in output used by a downstream component ('injection') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over … | May 12, 2026 |
| CVE-2026-33821 | HIGH | 7.7 | Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network. | May 12, 2026 |
| CVE-2026-33117 | CRITICAL | 9.1 | Improper authentication in Azure SDK allows an unauthorized attacker to bypass a security feature over a network. | May 12, 2026 |
| CVE-2026-33112 | HIGH | 8.8 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | May 12, 2026 |
| CVE-2026-33110 | HIGH | 8.8 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | May 12, 2026 |
| CVE-2026-32209 | MEDIUM | 4.4 | Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally. | May 12, 2026 |
| CVE-2026-32204 | HIGH | 7.8 | External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-32185 | MEDIUM | 5.5 | Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally. | May 12, 2026 |
| CVE-2026-32177 | HIGH | 7.3 | Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-32175 | MEDIUM | 4.3 | A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories … | May 12, 2026 |
| CVE-2026-32170 | MEDIUM | 6.7 | Double free in Windows Rich Text Edit Control allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-32161 | HIGH | 7.5 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Native WiFi Miniport Driver allows an unauthorized attacker to execute code over an … | May 12, 2026 |
| CVE-2026-31245 | MEDIUM | 5.3 | The mem0 1.0.0 server lacks authentication and authorization controls for its memory creation API endpoint (POST /memories). The endpoint allows unauthenticated users to submit arbitrary … | May 12, 2026 |
| CVE-2026-31244 | MEDIUM | 6.5 | The mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API endpoint (DELETE /memories/{memory_id}). The endpoint allows unauthenticated users to delete arbitrary … | May 12, 2026 |
| CVE-2026-31243 | MEDIUM | 6.5 | The mem0 1.0.0 server lacks authentication and authorization controls for its memory reset and table re-creation functionality accessible via the DELETE /memories endpoint. An unauthenticated … | May 12, 2026 |
| CVE-2026-31242 | CRITICAL | 9.1 | The mem0 v1.0.0 server lacks authentication and authorization controls for its memory reset functionality accessible via the DELETE /memories endpoint. An unauthenticated attacker can send … | May 12, 2026 |