Trending Zero-Day Explore Browse Search Saved

CVEInsight.

Free vulnerability intelligence for developers, security teams, and researchers. Data sourced from public databases for informational purposes only.

Explore

Home Trending Zero-Day Watch Attack Types Browse CVEs Search

Legal

Privacy Policy Terms of Service Data Disclaimer

© 2026CVEInsight. For informational use only — not a substitute for professional security advice.

CVE data sourced from NVD / NIST & public disclosures.

microsoft

windows_11_25h2

334 known vulnerabilities · sorted by CVSS score

Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges over a network.

microsoft / windows_10_1809+11

Published Oct 14, 2025

Page 1 of 17

Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.

microsoft / office+21

Published Nov 11, 2025

Improper restriction of names for files and other resources in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network.

microsoft / windows_10_1607+24

Published Mar 10, 2026

Heap-based buffer overflow in Internet Explorer allows an unauthorized attacker to execute code over a network.

microsoft / windows_10_1507+21

Published Oct 14, 2025

Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an authorized attacker to execute code over a network.

microsoft / windows_11_23h2+5

Published Dec 9, 2025

Integer overflow or wraparound in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.

microsoft / windows_10_1507+16

Published Oct 14, 2025

Use after free in RPC Runtime allows an authorized attacker to execute code over a network.

microsoft / windows_10_1607+24

Published Mar 10, 2026

Improper input validation in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.

microsoft / windows_10_1507+16

Published Oct 14, 2025

Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

microsoft / windows_10_1607+18

Published Dec 9, 2025

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

microsoft / windows_10_1607+18

Published Jan 13, 2026

Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.

microsoft / windows_10_1607+22

Published Feb 10, 2026

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

microsoft / windows_10_1607+22

Published Feb 10, 2026

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

microsoft / windows_10_1607+18

Published Dec 9, 2025

Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to elevate privileges over an adjacent network.

microsoft / windows_10_1607+24

Published Mar 10, 2026

Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

microsoft / remote_desktop_client+23

Published Oct 14, 2025

Heap-based buffer overflow in Windows File Server allows an authorized attacker to elevate privileges locally.

microsoft / windows_11_24h2+7

Published Mar 10, 2026

Improper access control in Windows Hyper-V allows an authorized attacker to bypass a security feature locally.

microsoft / windows_10_1607+14

Published Feb 10, 2026

Improper input validation in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

microsoft / windows_10_1607+15

Published Jan 13, 2026

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.

microsoft / windows_10_1607+18

Published Nov 11, 2025

Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.

microsoft / windows_10_1607+24

Published Mar 10, 2026