CVE ID

Vulnerability Name

Severity

Vulnerability Description

CVE-2026-40403

Windows Graphics Component Remote Code Execution Vulnerability

Important

Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally.

CVE-2026-41089

Windows Netlogon Remote Code Execution Vulnerability

Important

Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.

CVE-2026-40367

Microsoft Word Remote Code Execution Vulnerability

Important

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-40402

Windows Hyper-V Elevation of Privilege Vulnerability

Important

Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.

CVE-2026-40365

Microsoft SharePoint Server Remote Code Execution Vulnerability

Important

Insufficient granularity of access control in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVE-2026-40358

Microsoft Office Remote Code Execution Vulnerability

Important

Unauthorized attackers induce users to download and open specially crafted files from websites to trigger the vulnerability and execute code locally.

CVE-2026-35421

Windows GDI Remote Code Execution Vulnerability

Important

Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally.

CVE-2026-41103

Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability

Important

Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-32161

Windows Native Wi-Fi Miniport Driver Remote Code Execution Vulnerability

Important

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Native Wi-Fi Miniport Driver allows an unauthorized attacker to execute code over an adjacent network.

CVE-2026-40361

CVE-2026-40366

Microsoft Word Remote Code Execution Vulnerability

Important

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-42898

Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability

Important

Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.

CVE-2026-42831

Microsoft Office Remote Code Execution Vulnerability

Important

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-41096

Windows DNS Client Remote Code Execution Vulnerability

Important

Attackers can send specially crafted DNS responses to the target system to trigger the vulnerability, causing improper processing on the DNS client and memory damage. Under specific configurations, unauthorized attackers can remotely execute code on the target system.

CVE-2026-40364

Microsoft Word Remote Code Execution Vulnerability

Important

Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-40363

Microsoft Office Remote Code Execution Vulnerability

Important

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.