Analyst command view

MSRC Driver CVE Board

Latest-state board for filtered MSRC CVEs from 2020-01-01 to today, tuned for fast triage across module, CWE, release window, exploitation signal, and acknowledgement context.

Live snapshot

Last Sync

2026-05-20T07:39:30Z

Freshness

1 day(s) ago

Refresh Policy

24h baseline + release watch

Storage

Latest snapshot only

Rows In View

4933

Current result set after filter and search.

Exploited Flagged

4189

Rows with a non-empty exploitation signal.

Distinct CWE

162

Unique weakness classes in this view.

Modules

1528

Unique inferred driver or component labels.

Module

CWE

Rows

Sort

Actions

Reset

Top CWE

162 classes

Unspecified2109 CWE-416: Use After Free443 CWE-122: Heap-based Buffer Overflow354 CWE-125: Out-of-bounds Read269 CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')147 CWE-20: Improper Input Validation142 CWE-190: Integer Overflow or Wraparound127 CWE-476: NULL Pointer Dereference126

Top Modules

1528 modules

Windows Kernel220 Windows Routing and Remote Access Service (RRAS)111 Windows Hyper-V101 Win32k100 Windows Graphics Component89 Windows Print Spooler69 Remote Procedure Call Runtime67 Microsoft Message Queuing (MSMQ)63

Release Month

May 2026

50 CVE | last update 1 day(s) ago

Release 2026-05-16 Other / OOB Count 1

CVE	Module	CWE	Title Advisory text and compact technical context	Release	Exploited	Acknowledgement
CVE-2026-6479	PostgreSQL SSL/GSS init causes No latest release note	CWE-674: Uncontrolled Recursion	PostgreSQL SSL/GSS init causes denial of service, via uncontrolled recursion CVSS vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	2026-05-16	-	-

Release 2026-05-15 Other / OOB Count 1

CVE	Module	CWE	Title Advisory text and compact technical context	Release	Exploited	Acknowledgement
CVE-2026-34956	Openvswitch: open vswitch No latest release note	CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')	Openvswitch: open vswitch: denial of service via malformed ftp epasv command CVSS vector: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H	2026-05-15	-	-

Release 2026-05-14 Other / OOB Count 1

CVE	Module	CWE	Title Advisory text and compact technical context	Release	Exploited	Acknowledgement
CVE-2026-41615	Microsoft Authenticator Exploitation Less Likely	CWE-200: Exposure of Sensitive Information to an Unauthorized Actor	Microsoft Authenticator Information Disclosure Vulnerability CVSS vector: AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-05-14	No	Reported By Sridhar Periyasamy

Release 2026-05-12 Patch Tuesday Count 47

CVE	Module	CWE	Title Advisory text and compact technical context	Release	Exploited	Acknowledgement
CVE-2026-41094	Microsoft Data Formulator Exploitation Less Likely	CWE-94: Improper Control of Generation of Code ('Code Injection')	Microsoft Data Formulator Remote Code Execution Vulnerability CVSS vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-05-12	No	Reported By Yoshizawa
CVE-2026-35438	Windows Admin Center Exploitation Less Likely	CWE-862: Missing Authorization	Windows Admin Center Elevation of Privilege Vulnerability CVSS vector: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:U/RL:O/RC:C	2026-05-12	No	Reported By sho odagiri with GMO Cybersecurity by Ierae inc
CVE-2026-35417	Windows Win32k Exploitation More Likely	CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')	Windows Win32k Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-05-12	No	Reported By Owen McCullough
CVE-2026-34344	Windows Ancillary Function Driver for WinSock Exploitation Less Likely	CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-05-12	No	Reported By Angelboy (@scwuaptx) with DEVCORE Puponia
CVE-2026-40369	Windows Kernel Exploitation More Likely	CWE-822: Untrusted Pointer Dereference	Windows Kernel Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-05-12	No	Reported By Calif.io in collaboration with Claude and Anthropic Research Adrian Denkiewicz at Doyensec in collaboration with Anthropic Research Len Sadowski (lytnc) and Oguz Bektas (_ozb_) Théo DUTEIS
CVE-2026-41088	Windows Ancillary Function Driver for WinSock Exploitation Unlikely	CWE-73: External Control of File Name or Path	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-05-12	No	Reported By Soon Oh with Microsoft
CVE-2026-40414	Windows TCP/IP Exploitation Unlikely	CWE-476: NULL Pointer Dereference	Windows TCP/IP Denial of Service Vulnerability CVSS vector: AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C	2026-05-12	No	Reported By Windows Attack Research & Protection (WARP) with Microsoft
CVE-2026-40413	Windows TCP/IP Exploitation Less Likely	CWE-476: NULL Pointer Dereference	Windows TCP/IP Denial of Service Vulnerability CVSS vector: AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C	2026-05-12	No	Reported By Microsoft
CVE-2026-40405	Windows TCP/IP Exploitation Less Likely	CWE-476: NULL Pointer Dereference	Windows TCP/IP Denial of Service Vulnerability CVSS vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C	2026-05-12	No	Reported By Microsoft
CVE-2026-40401	Windows TCP/IP Exploitation Unlikely	CWE-476: NULL Pointer Dereference	Windows TCP/IP Denial of Service Vulnerability CVSS vector: AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C	2026-05-12	No	Reported By Windows Attack Research & Protection (WARP) with Microsoft
CVE-2026-34350	Windows Storport Miniport Driver Exploitation Unlikely	CWE-476: NULL Pointer Dereference	Windows Storport Miniport Driver Denial of Service Vulnerability CVSS vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C	2026-05-12	No	Reported By Microsoft Offensive Research & Security Engineering
CVE-2026-34339	Windows Lightweight Directory Access Protocol (LDAP) Exploitation Less Likely	CWE-476: NULL Pointer Dereference	Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C	2026-05-12	No	Reported By Aniq Fakhrul Howard McGreehan with MSRC V&M
CVE-2026-34347	Windows Win32k Exploitation Less Likely	CWE-416: Use After Free	Windows Win32k Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-05-12	No	Reported By wenqunwang with China Telecom Research Institute
CVE-2026-34333	Windows Win32k Exploitation Less Likely	CWE-416: Use After Free CWE-190: Integer Overflow or Wraparound	Windows Win32k Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-05-12	No	Reported By wenqunwang with China Telecom Research Institute
CVE-2026-40408	Windows WAN ARP Driver Exploitation Less Likely	CWE-416: Use After Free	Windows WAN ARP Driver Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-05-12	No	Reported By hazard
CVE-2026-42825	Windows Telephony Service Exploitation Unlikely	CWE-416: Use After Free	Windows Telephony Service Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-05-12	No	Reported By Anonymous
CVE-2026-40382	Windows Telephony Service Exploitation Less Likely	CWE-416: Use After Free	Windows Telephony Service Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-05-12	No	Reported By DongJun Kim with Enki WhiteHat
CVE-2026-34338	Windows Telephony Service Exploitation Less Likely	CWE-416: Use After Free	Windows Telephony Service Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-05-12	No	Reported By DongJun Kim with Enki WhiteHat
CVE-2026-40415	Windows TCP/IP Exploitation Unlikely	CWE-416: Use After Free	Windows TCP/IP Remote Code Execution Vulnerability CVSS vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-05-12	No	Reported By Windows Attack Research & Protection (WARP) with Microsoft
CVE-2026-40406	Windows TCP/IP Exploitation Less Likely	CWE-416: Use After Free	Windows TCP/IP Information Disclosure Vulnerability CVSS vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C	2026-05-12	No	Reported By Microsoft
CVE-2026-40410	Windows SMB Client Exploitation Less Likely	CWE-416: Use After Free	Windows SMB Client Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-05-12	No	Reported By Anonymous
CVE-2026-34340	Windows Projected File System Exploitation Less Likely	CWE-416: Use After Free	Windows Projected File System Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-05-12	No	Reported By ChenJian with Sea Security Orca Team
CVE-2026-34332	Windows Kernel-Mode Driver Exploitation Unlikely	CWE-416: Use After Free	Windows Kernel-Mode Driver Remote Code Execution Vulnerability CVSS vector: AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-05-12	No	Reported By Microsoft Offensive Research & Security Engineering
CVE-2026-40402	Windows Hyper-V Exploitation Less Likely	CWE-416: Use After Free	Windows Hyper-V Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-05-12	No	Reported By Ashutosh with skyhighsecurity
CVE-2026-35418	Windows Cloud Files Mini Filter Driver Exploitation Unlikely	CWE-416: Use After Free CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition	Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-05-12	No	Reported By Anonymous
CVE-2026-34337	Windows Cloud Files Mini Filter Driver Exploitation Less Likely	CWE-416: Use After Free CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')	Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-05-12	No	Reported By Microsoft
CVE-2026-33835	Windows Cloud Files Mini Filter Driver Exploitation More Likely	CWE-416: Use After Free	Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-05-12	No	Reported By Joe Desimone with Elastic Security
CVE-2026-35416	Windows Ancillary Function Driver for WinSock Exploitation More Likely	CWE-416: Use After Free	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-05-12	No	Reported By Angelboy (@scwuaptx) with DEVCORE
CVE-2026-33840	Win32k Exploitation More Likely	CWE-416: Use After Free	Win32k Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-05-12	No	Reported By Minjea Park, ji9umi and Jmini with Stealien
CVE-2026-41095	Data Deduplication Exploitation Less Likely	CWE-416: Use After Free	Data Deduplication Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-05-12	No	Reported By ChenJian with Sea Security Orca Team
CVE-2026-32170	Windows Rich Text Edit Exploitation Less Likely	CWE-415: Double Free	Windows Rich Text Edit Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-05-12	No	-
CVE-2026-21530	Windows Rich Text Edit Exploitation Less Likely	CWE-415: Double Free	Windows Rich Text Edit Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-05-12	No	Reported By Daniel R
CVE-2026-33838	Windows Message Queuing (MSMQ) Exploitation Less Likely	CWE-415: Double Free	Windows Message Queuing (MSMQ) Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-05-12	No	Reported By Anonymous working with TrendAI Zero Day Initiative
CVE-2026-34341	Windows Link-Layer Discovery Protocol (LLDP) Exploitation Less Likely	CWE-415: Double Free	Windows Link-Layer Discovery Protocol (LLDP) Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-05-12	No	Reported By hazard
CVE-2026-34351	Windows TCP/IP Exploitation Less Likely	CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')	Windows TCP/IP Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-05-12	No	Reported By hazard
CVE-2026-34334	Windows TCP/IP Exploitation Unlikely	CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')	Windows TCP/IP Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-05-12	No	Reported By hazard
CVE-2026-34342	Windows Print Spooler Exploitation Less Likely	CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')	Windows Print Spooler Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-05-12	No	Reported By Marcin Wiazowski working with TrendAI Zero Day Initiative
CVE-2026-32161	Windows Native WiFi Miniport Driver Exploitation Less Likely	CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free	Windows Native WiFi Miniport Driver Remote Code Execution Vulnerability CVSS vector: AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-05-12	No	Reported By Daniel R
CVE-2026-34345	Windows Ancillary Function Driver for WinSock Exploitation Less Likely	CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-05-12	No	Reported By Angelboy (@scwuaptx) with DEVCORE
CVE-2026-34331	Win32k Exploitation Unlikely	CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free	Win32k Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-05-12	No	Reported By wenqunwang with China Telecom Research Institute
CVE-2026-33839	Win32k Exploitation Unlikely	CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')	Win32k Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-05-12	No	Reported By Anonymous
CVE-2026-41103	Microsoft SSO Plugin for Jira & Confluence Exploitation More Likely	CWE-303: Incorrect Implementation of Authentication Algorithm	Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability CVSS vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C	2026-05-12	No	Reported By Robert Fitzpatrick with Microsoft
CVE-2026-33834	Windows Event Logging Service Exploitation Less Likely	CWE-284: Improper Access Control	Windows Event Logging Service Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-05-12	No	Reported By George Hughey with MSRC Vulnerabilities & Mitigations
CVE-2026-40397	Windows Common Log File System Driver Exploitation More Likely	CWE-191: Integer Underflow (Wrap or Wraparound)	Windows Common Log File System Driver Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-05-12	No	Reported By Puneeth Kumar Katikela Microsoft
CVE-2026-35415	Windows Storage Spaces Controller Exploitation Less Likely	CWE-190: Integer Overflow or Wraparound	Windows Storage Spaces Controller Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-05-12	No	Reported By Jan Vojtesek with SentinelOne
CVE-2026-42896	Windows DWM Core Library Exploitation Less Likely	CWE-190: Integer Overflow or Wraparound CWE-122: Heap-based Buffer Overflow	Windows DWM Core Library Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-05-12	No	Reported By namnp with Viettel Cyber Security
CVE-2026-34330	Win32k Exploitation Unlikely	CWE-190: Integer Overflow or Wraparound CWE-416: Use After Free	Win32k Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-05-12	No	Reported By wenqunwang with China Telecom Research Institute