Analyst command view

MSRC Driver CVE Board

Latest-state board for filtered MSRC CVEs from 2020-01-01 to today, tuned for fast triage across module, CWE, release window, exploitation signal, and acknowledgement context.

Live snapshot

Last Sync

2026-05-20T07:39:30Z

Freshness

1 day(s) ago

Refresh Policy

24h baseline + release watch

Storage

Latest snapshot only

Rows In View

4933

Current result set after filter and search.

Exploited Flagged

4189

Rows with a non-empty exploitation signal.

Distinct CWE

162

Unique weakness classes in this view.

Modules

1528

Unique inferred driver or component labels.

Module

CWE

Rows

Sort

Actions

Reset

Top CWE

162 classes

Unspecified2109 CWE-416: Use After Free443 CWE-122: Heap-based Buffer Overflow354 CWE-125: Out-of-bounds Read269 CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')147 CWE-20: Improper Input Validation142 CWE-190: Integer Overflow or Wraparound127 CWE-476: NULL Pointer Dereference126

Top Modules

1528 modules

Windows Kernel220 Windows Routing and Remote Access Service (RRAS)111 Windows Hyper-V101 Win32k100 Windows Graphics Component89 Windows Print Spooler69 Remote Procedure Call Runtime67 Microsoft Message Queuing (MSMQ)63

Release Month

April 2026

2 CVE | last update 1 day(s) ago

Release 2026-04-02 Other / OOB Count 2

CVE	Module	CWE	Title Advisory text and compact technical context	Release	Exploited	Acknowledgement
CVE-2026-4897	Polkit: polkit No latest release note	CWE-770: Allocation of Resources Without Limits or Throttling	Polkit: polkit: denial of service via unbounded input processing through standard input CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	2026-04-02	-	-
CVE-2026-5201	Gdk-pixbuf: gdk-pixbuf No latest release note	CWE-122: Heap-based Buffer Overflow	Gdk-pixbuf: gdk-pixbuf: denial of service via heap-based buffer overflow when processing a specially crafted jpeg image CVSS vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	2026-04-02	-	-

Release Month

March 2026

48 CVE | last update 1 day(s) ago

Release 2026-03-29 Other / OOB Count 2

CVE	Module	CWE	Title Advisory text and compact technical context	Release	Exploited	Acknowledgement
CVE-2026-32241	Flannel vulnerable to cross-node No latest release note	CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')	Flannel vulnerable to cross-node remote code execution via extension backend BackendData injection CVSS vector: AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H	2026-03-29	-	-
CVE-2026-33936	python-ecdsa No latest release note	CWE-20: Improper Input Validation	python-ecdsa: Denial of Service via improper DER length validation in crafted private keys CVSS vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L	2026-03-29	-	Reported By Mohamed Abdelaal (0xmrma)

Release 2026-03-27 Other / OOB Count 3

CVE	Module	CWE	Title Advisory text and compact technical context	Release	Exploited	Acknowledgement
CVE-2026-33526	Squid vulnerable to No latest release note	CWE-416: Use After Free	Squid vulnerable to Denial of Service in ICP Request handling No CVSS vector published	2026-03-27	-	-
CVE-2026-32748	Squid has No latest release note	CWE-413: Improper Resource Locking	Squid has Denial of Service in ICP Response handling No CVSS vector published	2026-03-27	-	-
CVE-2026-4775	Libtiff: libtiff: arbitrary code execution or No latest release note	CWE-190: Integer Overflow or Wraparound	Libtiff: libtiff: arbitrary code execution or denial of service via signed integer overflow in tiff file processing CVSS vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	2026-03-27	-	-

Release 2026-03-25 Other / OOB Count 2

CVE	Module	CWE	Title Advisory text and compact technical context	Release	Exploited	Acknowledgement
CVE-2026-4426	Libarchive: libarchive No latest release note	CWE-1335: Incorrect Bitwise Shift of Integer	Libarchive: libarchive: denial of service via malformed iso file processing CVSS vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H	2026-03-25	-	-
CVE-2026-4424	Libarchive: libarchive No latest release note	CWE-125: Out-of-bounds Read	Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing CVSS vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	2026-03-25	-	-

Release 2026-03-21 Other / OOB Count 1

CVE	Module	CWE	Title Advisory text and compact technical context	Release	Exploited	Acknowledgement
CVE-2026-30922	pyasn1 Vulnerable to No latest release note	CWE-674: Uncontrolled Recursion	pyasn1 Vulnerable to Denial of Service via Unbounded Recursion CVSS vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	2026-03-21	-	-

Release 2026-03-20 Other / OOB Count 1

CVE	Module	CWE	Title Advisory text and compact technical context	Release	Exploited	Acknowledgement
CVE-2026-27135	nghttp2 No latest release note	CWE-617: Reachable Assertion	nghttp2 Denial of service: Assertion failure due to the missing state validation CVSS vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	2026-03-20	-	-

Release 2026-03-19 Other / OOB Count 2

CVE	Module	CWE	Title Advisory text and compact technical context	Release	Exploited	Acknowledgement
CVE-2026-32191	Microsoft Bing Images N/A	CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')	Microsoft Bing Images Remote Code Execution Vulnerability CVSS vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-03-19	No	Reported By XBOW with XBOW
CVE-2026-32194	Microsoft Bing Images N/A	CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')	Microsoft Bing Images Remote Code Execution Vulnerability CVSS vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-03-19	No	Reported By XBOW with XBOW

Release 2026-03-17 Other / OOB Count 1

CVE	Module	CWE	Title Advisory text and compact technical context	Release	Exploited	Acknowledgement
CVE-2026-4111	Libarchive: infinite loop No latest release note	CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')	Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchive CVSS vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	2026-03-17	-	-

Release 2026-03-11 Other / OOB Count 1

CVE	Module	CWE	Title Advisory text and compact technical context	Release	Exploited	Acknowledgement
CVE-2025-69652	GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in process_debug_info(), an invalid debug_info_p state may propagate into DWARF attribute parsing routines. When certain malformed attributes result in an unexpected data length of zero, byte_get_little_endian() triggers a fatal abort. No evidence of memory corruption or code execution was observed; the impact is limited to No latest release note	CWE-460: Improper Cleanup on Thrown Exception	GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in process_debug_info(), an invalid debug_info_p state may propagate into DWARF attribute parsing routines. When certain malformed attributes result in an unexpected data length of zero, byte_get_little_endian() triggers a fatal abort. No evidence of memory corruption or code execution was observed; the impact is limited to denial of service. CVSS vector: AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	2026-03-11	-	-

Release 2026-03-10 Patch Tuesday Count 35

CVE	Module	CWE	Title Advisory text and compact technical context	Release	Exploited	Acknowledgement
CVE-2026-26123	Microsoft Authenticator Exploitation Less Likely	CWE-939: Improper Authorization in Handler for Custom URL Scheme	Microsoft Authenticator Information Disclosure Vulnerability CVSS vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C	2026-03-10	No	Reported By Khaled Mohamed
CVE-2026-24287	Windows Kernel Exploitation Less Likely	CWE-73: External Control of File Name or Path	Windows Kernel Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-03-10	No	Reported By ChenJian with Sea Security Orca Team
CVE-2026-24291	Windows Accessibility Infrastructure (ATBroker.exe) Exploitation More Likely	CWE-732: Incorrect Permission Assignment for Critical Resource	Windows Accessibility Infrastructure (ATBroker.exe) Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-03-10	No	Reported By James Forshaw with Google Project Zero
CVE-2026-25177	Active Directory Domain Services Exploitation Less Likely	CWE-641: Improper Restriction of Names for Files and Other Resources	Active Directory Domain Services Elevation of Privilege Vulnerability CVSS vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-03-10	No	Reported By Shai Laron with Semperis
CVE-2026-25187	Winlogon Exploitation More Likely	CWE-59: Improper Link Resolution Before File Access ('Link Following')	Winlogon Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-03-10	No	Reported By James Forshaw with Google Project Zero
CVE-2026-25166	Windows System Image Manager Assessment and Deployment Kit (ADK) Exploitation Unlikely	CWE-502: Deserialization of Untrusted Data	Windows System Image Manager Assessment and Deployment Kit (ADK) Remote Code Execution Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-03-10	No	Reported By Tim Baker with dotSec
CVE-2026-25168	Windows Graphics Component Exploitation Less Likely	CWE-476: NULL Pointer Dereference	Windows Graphics Component Denial of Service Vulnerability CVSS vector: AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C	2026-03-10	No	Reported By 0ccbbf129444eb66344ccafb92b00df4
CVE-2026-24293	Windows Ancillary Function Driver for WinSock Exploitation Less Likely	CWE-476: NULL Pointer Dereference	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-03-10	No	Reported By Angelboy (@scwuaptx) with DEVCORE B1aN DongJun Kim with Enki WhiteHat and GwanHyun Lee
CVE-2026-25165	Performance Counters for Windows Exploitation Unlikely	CWE-476: NULL Pointer Dereference	Performance Counters for Windows Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-03-10	No	Reported By Souhail Hammou
CVE-2026-25190	Windows GDI Exploitation Less Likely	CWE-426: Untrusted Search Path	Windows GDI Remote Code Execution Vulnerability CVSS vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-03-10	No	-
CVE-2026-26132	Windows Kernel Exploitation More Likely	CWE-416: Use After Free	Windows Kernel Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-03-10	No	-
CVE-2026-24289	Windows Kernel Exploitation More Likely	CWE-416: Use After Free	Windows Kernel Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-03-10	No	Reported By Anonymous working with TrendAI Zero Day Initiative
CVE-2026-25170	Windows Hyper-V Exploitation Less Likely	CWE-416: Use After Free	Windows Hyper-V Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-03-10	No	Reported By hazard
CVE-2026-25189	Windows DWM Core Library Exploitation Less Likely	CWE-416: Use After Free	Windows DWM Core Library Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-03-10	No	Reported By Varun Goel
CVE-2026-24292	Windows Connected Devices Platform Service Exploitation Less Likely	CWE-416: Use After Free	Windows Connected Devices Platform Service Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-03-10	No	Reported By Zhang WangJunJie, He YiSheng with Hillstone Networks Security Research Institute
CVE-2026-25171	Windows Authentication Exploitation Less Likely	CWE-416: Use After Free	Windows Authentication Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-03-10	No	Reported By Anonymous
CVE-2026-25178	Windows Ancillary Function Driver for WinSock Exploitation Less Likely	CWE-416: Use After Free	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-03-10	No	Reported By wisiyeon with JUSTWIN
CVE-2026-24285	Win32k Exploitation Less Likely	CWE-416: Use After Free	Win32k Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-03-10	No	Reported By Marcin Wiazowski working with TrendAI Zero Day Initiative
CVE-2026-23669	RPC Runtime Library Exploitation Less Likely	CWE-416: Use After Free	RPC Runtime Library Remote Code Execution Vulnerability CVSS vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-03-10	No	Reported By Andrea Pierini with Semperis
CVE-2026-25167	Microsoft Brokering File System Exploitation Less Likely	CWE-416: Use After Free	Microsoft Brokering File System Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-03-10	No	Reported By hazard
CVE-2026-23667	Broadcast DVR Exploitation Unlikely	CWE-416: Use After Free	Broadcast DVR Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-03-10	No	Reported By Jongseong Kim (nevul37), SEC-agent team Hwiwon Lee (hwiwonl), SEC-agent team
CVE-2026-25169	Windows Graphics Component Exploitation Less Likely	CWE-369: Divide By Zero	Windows Graphics Component Denial of Service Vulnerability CVSS vector: AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C	2026-03-10	No	Reported By 0ccbbf129444eb66344ccafb92b00df4
CVE-2026-23668	Windows Graphics Component Exploitation More Likely	CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')	Windows Graphics Component Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-03-10	No	Reported By Marcin Wiazowski working with TrendAI Zero Day Initiative
CVE-2026-24296	Windows Device Association Service Exploitation Unlikely	CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')	Windows Device Association Service Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-03-10	No	-
CVE-2026-24295	Windows Device Association Service Exploitation Less Likely	CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free	Windows Device Association Service Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-03-10	No	-
CVE-2026-23671	Windows Bluetooth RFCOM Protocol Driver Exploitation Less Likely	CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free	Windows Bluetooth RFCOM Protocol Driver Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-03-10	No	Reported By hazard
CVE-2026-26128	Windows SMB Server Exploitation Less Likely	CWE-287: Improper Authentication	Windows SMB Server Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-03-10	No	Reported By Guillaume André with Synacktiv
CVE-2026-24294	Windows SMB Server Exploitation More Likely	CWE-287: Improper Authentication	Windows SMB Server Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-03-10	No	Reported By Guillaume André with Synacktiv
CVE-2026-26141	Hybrid Worker Extension (Arc‑enabled Windows VMs) Exploitation Unlikely	CWE-287: Improper Authentication	Hybrid Worker Extension (Arc‑enabled Windows VMs) Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-03-10	No	Reported By Michal Kamensky with Microsoft
CVE-2026-24290	Windows Projected File System Exploitation Less Likely	CWE-284: Improper Access Control	Windows Projected File System Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-03-10	No	Reported By ChenJian with Sea Security Orca Team
CVE-2026-25176	Windows Ancillary Function Driver for WinSock Exploitation Less Likely	CWE-284: Improper Access Control	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-03-10	No	Reported By Angelboy (@scwuaptx) with DEVCORE
CVE-2026-20967	System Center Operations Manager (SCOM) Exploitation Less Likely	CWE-20: Improper Input Validation	System Center Operations Manager (SCOM) Elevation of Privilege Vulnerability CVSS vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-03-10	No	Reported By Garrett Foster with SpecterOps Garrett Foster with SpecterOps
CVE-2026-25186	Windows Accessibility Infrastructure (ATBroker.exe) Exploitation Less Likely	CWE-200: Exposure of Sensitive Information to an Unauthorized Actor	Windows Accessibility Infrastructure (ATBroker.exe) Information Disclosure Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C	2026-03-10	No	Reported By James Forshaw with Google Project Zero
CVE-2026-26111	Windows Routing and Remote Access Service (RRAS) Exploitation Less Likely	CWE-190: Integer Overflow or Wraparound CWE-122: Heap-based Buffer Overflow	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability CVSS vector: AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-03-10	No	Reported By Microsoft
CVE-2026-25173	Windows Routing and Remote Access Service (RRAS) Exploitation Less Likely	CWE-190: Integer Overflow or Wraparound CWE-122: Heap-based Buffer Overflow	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability CVSS vector: AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-03-10	No	Reported By Anonymous