Common Vulnerabilities and Exposures (CVE)

CVE-2026-41088

Jun 2, 2026 23:16:42 UTC

Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2026-40421

Jun 2, 2026 23:16:42 UTC

Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

CVE-2026-40419

Jun 2, 2026 23:16:41 UTC

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

CVE-2026-40417

Jun 2, 2026 23:16:41 UTC

Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally.

CVE-2026-40415

Jun 2, 2026 23:16:40 UTC

Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.

CVE-2026-40414

Jun 2, 2026 23:16:40 UTC

Windows TCP/IP Denial of Service Vulnerability

CVE-2026-40410

Jun 2, 2026 23:16:39 UTC

Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally.

CVE-2026-40408

Jun 2, 2026 23:16:38 UTC

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.

CVE-2026-40407

Jun 2, 2026 23:16:38 UTC

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

CVE-2026-40406

Jun 2, 2026 23:16:37 UTC

Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.

CVE-2026-40405

Jun 2, 2026 23:16:37 UTC

Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network.

CVE-2026-40399

Jun 2, 2026 23:16:36 UTC

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

CVE-2026-40380

Jun 2, 2026 23:16:36 UTC

Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack.

CVE-2026-40377

Jun 2, 2026 23:16:35 UTC

Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.

CVE-2026-40374

Jun 2, 2026 23:16:35 UTC

Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network.