CVSS: 6.7EPSS: 0%CPEs: 20EXPL: 0CVE-2026-41097 – Secure Boot Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2026-41097
12 May 2026 — Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41097 • CWE-1329: Reliance on Component That is Not Updateable •
CVSS: 7.4EPSS: 0%CPEs: 19EXPL: 0CVE-2026-40413 – Windows TCP/IP Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2026-40413
12 May 2026 — Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40413 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 25EXPL: 0CVE-2026-40403 – Windows Graphics Component Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2026-40403
12 May 2026 — Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40403 • CWE-122: Heap-based Buffer Overflow •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2026-40402 – Windows Hyper-V Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-40402
12 May 2026 — Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40402 • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 19EXPL: 0CVE-2026-40401 – Windows TCP/IP Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2026-40401
12 May 2026 — Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40401 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 0CVE-2026-40398 – Windows Remote Desktop Services Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-40398
12 May 2026 — Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40398 • CWE-122: Heap-based Buffer Overflow •
CVSS: 4.4EPSS: 0%CPEs: 25EXPL: 0CVE-2026-32209 – Windows Filtering Platform (WFP) Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2026-32209
12 May 2026 — Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32209 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 0CVE-2026-40397 – Windows Common Log File System Driver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-40397
12 May 2026 — Integer underflow (wrap or wraparound) in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40397 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 0CVE-2026-40382 – Windows Telephony Service Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-40382
12 May 2026 — Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40382 • CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 25EXPL: 0CVE-2026-34341 – Windows Link-Layer Discovery Protocol (LLDP) Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-34341
12 May 2026 — Double free in Windows Link-Layer Discovery Protocol (LLDP) allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34341 • CWE-415: Double Free •