Common Vulnerabilities and Exposures (CVE)

CVE-2026-41088

May 20, 2026 23:28:20 UTC

External control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2026-40421

May 20, 2026 23:28:19 UTC

External control of file name or path in Microsoft Office Word allows an unauthorized attacker to disclose information over a network.

CVE-2026-40419

May 20, 2026 23:28:19 UTC

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

CVE-2026-40417

May 20, 2026 23:28:18 UTC

Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally.

CVE-2026-40415

May 20, 2026 23:28:18 UTC

Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.

CVE-2026-40414

May 20, 2026 23:28:17 UTC

Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.

CVE-2026-40410

May 20, 2026 23:28:16 UTC

Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally.

CVE-2026-40408

May 20, 2026 23:28:16 UTC

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.

CVE-2026-40407

May 20, 2026 23:28:15 UTC

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

CVE-2026-40406

May 20, 2026 23:28:14 UTC

Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.

CVE-2026-40405

May 20, 2026 23:28:14 UTC

Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network.

CVE-2026-40399

May 20, 2026 23:28:13 UTC

Stack-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

CVE-2026-40380

May 20, 2026 23:28:13 UTC

Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack.

CVE-2026-40377

May 20, 2026 23:28:12 UTC

Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.

CVE-2026-40374

May 20, 2026 23:28:12 UTC

Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network.