Common Vulnerabilities and Exposures (CVE)
CVE-2026-41094
Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network.
CVE-2026-41089
Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.
CVE-2026-41088
Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-40421
Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2026-40419
Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
CVE-2026-40417
Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally.
CVE-2026-40415
Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.
CVE-2026-40410
Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally.
CVE-2026-40408
Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.
CVE-2026-40407
Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-40406
Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.
CVE-2026-40405
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network.
CVE-2026-40399
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CVE-2026-40380
Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack.