CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2026-2441(2)	High	0.1%	GoogleChromium	Google Chromium CSS contains a use-after-free vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Feb 17, 2026	KEV
CVE-2024-43468	High	84.9%	MicrosoftConfiguration Manager	Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database.	Feb 12, 2026	KEV
CVE-2026-21533(2)	High	2.7%	MicrosoftWindows	Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.	Feb 10, 2026	KEV
CVE-2026-21519(1)	High	3.1%	MicrosoftWindows	Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.	Feb 10, 2026	KEV
CVE-2026-21513(3)	High	4.8%	MicrosoftWindows	Microsoft MSHTML Framework contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.	Feb 10, 2026	KEV
CVE-2026-21525(2)	High	3.4%	MicrosoftWindows	Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.	Feb 10, 2026	KEV
CVE-2026-21510(1)	High	3.8%	MicrosoftWindows	Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.	Feb 10, 2026	KEV
CVE-2026-21514(1)	High	4.5%	MicrosoftOffice	Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.	Feb 10, 2026	KEV
CVE-2026-21509(3)	High	9.3%	MicrosoftOffice	Microsoft Office contains a security feature bypass vulnerability in which reliance on untrusted inputs in a security decision in Microsoft Office could allow an unauthorized attacker to bypass a security feature locally. Some of the impacted product(s) could be end-of-life (EoL) and/or end-of-service (EoS). Users are advised to discontinue use and/or transition to a supported version.	Jan 26, 2026	KEV
CVE-2026-20805(1)	High	4.8%	MicrosoftWindows	Microsoft Windows Desktop Windows Manager contains an information disclosure vulnerability that allows an authorized attacker to disclose information locally.	Jan 13, 2026	KEV
CVE-2009-0556	High	78.2%	MicrosoftOffice	Microsoft Office PowerPoint contains a code injection vulnerability that allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an invalid index value that triggers memory corruption.	Jan 7, 2026	KEV
CVE-2025-14174(4)	High	0.8%	GoogleChromium	Google Chromium contains an out of bounds memory access vulnerability in ANGLE that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Dec 12, 2025	KEV
CVE-2025-62221	High	2.6%	MicrosoftWindows	Microsoft Windows Cloud Files Mini Filter Driver contains a use after free vulnerability that can allow an authorized attacker to elevate privileges locally.	Dec 9, 2025	KEV
CVE-2025-62215	High	0.6%	MicrosoftWindows	Microsoft Windows Kernel contains a race condition vulnerability that allows a local attacker with low-level privileges to escalate privileges. Successful exploitation of this vulnerability could enable the attacker to gain SYSTEM-level access.	Nov 12, 2025	KEV
CVE-2025-59287	High	73.0%	MicrosoftWindows	Microsoft Windows Server Update Service (WSUS) contains a deserialization of untrusted data vulnerability that allows for remote code execution.	Oct 24, 2025	KEV
CVE-2025-33073	High	54.2%	MicrosoftWindows	Microsoft Windows SMB Client contains an improper access control vulnerability that could allow for privilege escalation. An attacker could execute a specially crafted malicious script to coerce the victim machine to connect back to the attack system using SMB and authenticate.	Oct 20, 2025	KEV
CVE-2025-24990	High	4.3%	MicrosoftWindows	Microsoft Windows Agere Modem Driver contains an untrusted pointer dereference vulnerability that allows for privilege escalation. An attacker who successfully exploited this vulnerability could gain administrator privileges.	Oct 14, 2025	KEV
CVE-2025-59230	High	5.6%	MicrosoftWindows	Microsoft Windows contains an improper access control vulnerability in Windows Remote Access Connection Manager which could allow an authorized attacker to elevate privileges locally.	Oct 14, 2025	KEV
CVE-2021-43226	High	7.3%	MicrosoftWindows	Microsoft Windows Common Log File System Driver contains a privilege escalation vulnerability that could allow a local, privileged attacker to bypass certain security mechanisms.	Oct 6, 2025	KEV
CVE-2013-3918	High	87.0%	MicrosoftWindows	Microsoft Windows contains an out-of-bounds write vulnerability in the InformationCardSigninHelper Class ActiveX control, icardie.dll. An attacker could exploit the vulnerability by constructing a specially crafted webpage. When a user views the webpage, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.	Oct 6, 2025	KEV

CVE-2026-2441KEV

High

Google Chromium CSS contains a use-after-free vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 0.1%

CVE-2024-43468KEV

High

Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database.

MicrosoftEPSS 84.9%

CVE-2026-21533KEV

High

Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.

MicrosoftEPSS 2.7%

CVE-2026-21519KEV

High

Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.

MicrosoftEPSS 3.1%

CVE-2026-21513KEV

High

Microsoft MSHTML Framework contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.

MicrosoftEPSS 4.8%

CVE-2026-21525KEV

High

Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.

MicrosoftEPSS 3.4%

CVE-2026-21510KEV

High

Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.

MicrosoftEPSS 3.8%

CVE-2026-21514KEV

High

Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.

MicrosoftEPSS 4.5%

CVE-2026-21509KEV

High

Microsoft Office contains a security feature bypass vulnerability in which reliance on untrusted inputs in a security decision in Microsoft Office could allow an unauthorized attacker to bypass a security feature locally. Some of the impacted product(s) could be end-of-life (EoL) and/or end-of-service (EoS). Users are advised to discontinue use and/or transition to a supported version.

MicrosoftEPSS 9.3%

CVE-2026-20805KEV

High

Microsoft Windows Desktop Windows Manager contains an information disclosure vulnerability that allows an authorized attacker to disclose information locally.

MicrosoftEPSS 4.8%

CVE-2009-0556KEV

High

Microsoft Office PowerPoint contains a code injection vulnerability that allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an invalid index value that triggers memory corruption.

MicrosoftEPSS 78.2%

CVE-2025-14174KEV

High

Google Chromium contains an out of bounds memory access vulnerability in ANGLE that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 0.8%

CVE-2025-62221KEV

High

Microsoft Windows Cloud Files Mini Filter Driver contains a use after free vulnerability that can allow an authorized attacker to elevate privileges locally.

MicrosoftEPSS 2.6%

CVE-2025-62215KEV

High

Microsoft Windows Kernel contains a race condition vulnerability that allows a local attacker with low-level privileges to escalate privileges. Successful exploitation of this vulnerability could enable the attacker to gain SYSTEM-level access.

MicrosoftEPSS 0.6%

CVE-2025-59287KEV

High

Microsoft Windows Server Update Service (WSUS) contains a deserialization of untrusted data vulnerability that allows for remote code execution.

MicrosoftEPSS 73.0%

CVE-2025-33073KEV

High

Microsoft Windows SMB Client contains an improper access control vulnerability that could allow for privilege escalation. An attacker could execute a specially crafted malicious script to coerce the victim machine to connect back to the attack system using SMB and authenticate.

MicrosoftEPSS 54.2%

CVE-2025-24990KEV

High

Microsoft Windows Agere Modem Driver contains an untrusted pointer dereference vulnerability that allows for privilege escalation. An attacker who successfully exploited this vulnerability could gain administrator privileges.

MicrosoftEPSS 4.3%

CVE-2025-59230KEV

High

Microsoft Windows contains an improper access control vulnerability in Windows Remote Access Connection Manager which could allow an authorized attacker to elevate privileges locally.

MicrosoftEPSS 5.6%

CVE-2021-43226KEV

High

Microsoft Windows Common Log File System Driver contains a privilege escalation vulnerability that could allow a local, privileged attacker to bypass certain security mechanisms.

MicrosoftEPSS 7.3%

CVE-2013-3918KEV

High

Microsoft Windows contains an out-of-bounds write vulnerability in the InformationCardSigninHelper Class ActiveX control, icardie.dll. An attacker could exploit the vulnerability by constructing a specially crafted webpage. When a user views the webpage, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

MicrosoftEPSS 87.0%

4 5 6 7 8 9 10