Analyst command view

MSRC Driver CVE Board

Latest-state board for filtered MSRC CVEs from 2020-01-01 to today, tuned for fast triage across module, CWE, release window, exploitation signal, and acknowledgement context.

Live snapshot

Last Sync

2026-05-20T07:39:30Z

Freshness

1 day(s) ago

Refresh Policy

24h baseline + release watch

Storage

Latest snapshot only

Rows In View

4933

Current result set after filter and search.

Exploited Flagged

4189

Rows with a non-empty exploitation signal.

Distinct CWE

162

Unique weakness classes in this view.

Modules

1528

Unique inferred driver or component labels.

Module

CWE

Rows

Sort

Actions

Reset

Top CWE

162 classes

Unspecified2109 CWE-416: Use After Free443 CWE-122: Heap-based Buffer Overflow354 CWE-125: Out-of-bounds Read269 CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')147 CWE-20: Improper Input Validation142 CWE-190: Integer Overflow or Wraparound127 CWE-476: NULL Pointer Dereference126

Top Modules

1528 modules

Windows Kernel220 Windows Routing and Remote Access Service (RRAS)111 Windows Hyper-V101 Win32k100 Windows Graphics Component89 Windows Print Spooler69 Remote Procedure Call Runtime67 Microsoft Message Queuing (MSMQ)63

Release Month

February 2026

3 CVE | last update 1 day(s) ago

Release 2026-02-10 Patch Tuesday Count 3

CVE	Module	CWE	Title Advisory text and compact technical context	Release	Exploited	Acknowledgement
CVE-2026-21244	Windows Hyper-V Exploitation Less Likely	CWE-122: Heap-based Buffer Overflow	Windows Hyper-V Remote Code Execution Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-02-10	No	Reported By cyanbamboo and b2ahex
CVE-2026-21246	Windows Graphics Component Exploitation Unlikely	CWE-122: Heap-based Buffer Overflow	Windows Graphics Component Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-02-10	No	Reported By lubinradar
CVE-2026-21236	Windows Ancillary Function Driver for WinSock Exploitation Unlikely	CWE-122: Heap-based Buffer Overflow	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-02-10	No	Reported By JUSTWIN Team

Release Month

January 2026

47 CVE | last update 1 day(s) ago

Release 2026-01-19 Other / OOB Count 2

CVE	Module	CWE	Title Advisory text and compact technical context	Release	Exploited	Acknowledgement
CVE-2026-0990	Libxml2: libxml2 No latest release note	CWE-674: Uncontrolled Recursion	Libxml2: libxml2: denial of service via uncontrolled recursion in xml catalog processing CVSS vector: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H	2026-01-19	-	-
CVE-2026-0992	Libxml2: libxml2 No latest release note	CWE-400: Uncontrolled Resource Consumption	Libxml2: libxml2: denial of service via crafted xml catalogs CVSS vector: AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L	2026-01-19	-	-

Release 2026-01-16 Other / OOB Count 2

CVE	Module	CWE	Title Advisory text and compact technical context	Release	Exploited	Acknowledgement
CVE-2026-0897	Keras via Excessive Memory Allocation in HDF5 Metadata No latest release note	CWE-770: Allocation of Resources Without Limits or Throttling	Denial of Service in Keras via Excessive Memory Allocation in HDF5 Metadata CVSS vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	2026-01-16	-	-
CVE-2026-20960	PowerApps Desktop Client Exploitation Less Likely	CWE-285: Improper Authorization	PowerApps Desktop Client Remote Code Execution Vulnerability CVSS vector: AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-16	No	Reported By Alasdair Gorniak and Tobias Diehl

Release 2026-01-13 Patch Tuesday Count 43

CVE	Module	CWE	Title Advisory text and compact technical context	Release	Exploited	Acknowledgement
CVE-2026-20962	Dynamic Root of Trust for Measurement (DRTM) Exploitation Less Likely	CWE-908: Use of Uninitialized Resource	Dynamic Root of Trust for Measurement (DRTM) Information Disclosure Vulnerability CVSS vector: AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C	2026-01-13	No	Reported By Andrea Allievi Hilal Asmat
CVE-2026-20860	Windows Ancillary Function Driver for WinSock Exploitation More Likely	CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By Angelboy (@scwuaptx) with DEVCORE
CVE-2026-20811	Win32k Exploitation Less Likely	CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') CWE-822: Untrusted Pointer Dereference	Win32k Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By Daniil Romanovych
CVE-2026-20935	Windows Virtualization-Based Security (VBS) Exploitation Less Likely	CWE-822: Untrusted Pointer Dereference	Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability CVSS vector: AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C	2026-01-13	No	-
CVE-2026-20819	Windows Virtualization-Based Security (VBS) Exploitation Less Likely	CWE-822: Untrusted Pointer Dereference	Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C	2026-01-13	No	Reported By Microsoft Offensive Research and Security Engineering
CVE-2026-20940	Windows Cloud Files Mini Filter Driver Exploitation Unlikely	CWE-822: Untrusted Pointer Dereference	Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By Vimal Sindh
CVE-2026-20857	Windows Cloud Files Mini Filter Driver Exploitation Unlikely	CWE-822: Untrusted Pointer Dereference	Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By haowei yan(jingdong dawnslab)
CVE-2026-20931	Windows Telephony Service Exploitation Unlikely	CWE-73: External Control of File Name or Path	Windows Telephony Service Elevation of Privilege Vulnerability CVSS vector: AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By Sergey Bliznyuk with Positive Technologies
CVE-2026-20941	Host Process for Windows Tasks Exploitation Less Likely	CWE-59: Improper Link Resolution Before File Access ('Link Following')	Host Process for Windows Tasks Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By Filip Dragović Nacl
CVE-2026-20810	Windows Ancillary Function Driver for WinSock Exploitation Less Likely	CWE-590: Free of Memory not on the Heap	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By haowei yan(jingdong dawnslab)
CVE-2026-20818	Windows Kernel Exploitation Unlikely	CWE-532: Insertion of Sensitive Information into Log File	Windows Kernel Information Disclosure Vulnerability CVSS vector: AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C	2026-01-13	No	Reported By Microsoft Offensive Research & Security Engineering
CVE-2026-20875	Windows Local Security Authority Subsystem Service (LSASS) Exploitation Less Likely	CWE-476: NULL Pointer Dereference	Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability CVSS vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By Ziran Lin with Microsoft
CVE-2026-20870	Windows Win32 Kernel Subsystem Exploitation Less Likely	CWE-416: Use After Free	Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By goodbyeselene
CVE-2026-20924	Windows Management Services Exploitation Less Likely	CWE-416: Use After Free CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')	Windows Management Services Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By Anonymous
CVE-2026-20923	Windows Management Services Exploitation Less Likely	CWE-416: Use After Free	Windows Management Services Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By Anonymous
CVE-2026-20877	Windows Management Services Exploitation Less Likely	CWE-416: Use After Free CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')	Windows Management Services Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By Anonymous
CVE-2026-20865	Windows Management Services Exploitation Less Likely	CWE-416: Use After Free	Windows Management Services Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By Anonymous
CVE-2026-20858	Windows Management Services Exploitation Less Likely	CWE-416: Use After Free CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')	Windows Management Services Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:T/RC:C	2026-01-13	No	Reported By Anonymous
CVE-2026-20854	Windows Local Security Authority Subsystem Service (LSASS) Exploitation Less Likely	CWE-416: Use After Free	Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability CVSS vector: AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By Howard McGreehan with MSRC V&M
CVE-2026-20859	Windows Kernel-Mode Driver Exploitation Less Likely	CWE-416: Use After Free	Windows Kernel-Mode Driver Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By hazard
CVE-2026-20822	Windows Graphics Component Exploitation Less Likely	CWE-416: Use After Free	Windows Graphics Component Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By Anonymous
CVE-2026-20844	Windows Clipboard Server Exploitation Less Likely	CWE-416: Use After Free CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')	Windows Clipboard Server Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By Anonymous
CVE-2026-20920	Win32k Exploitation Unlikely	CWE-416: Use After Free	Win32k Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By Varun Goel
CVE-2026-20842	Microsoft DWM Core Library Exploitation Less Likely	CWE-416: Use After Free	Microsoft DWM Core Library Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By Varun Goel
CVE-2026-21219	Inbox COM Objects (Global Memory) Exploitation Unlikely	CWE-416: Use After Free	Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability CVSS vector: AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By Zhiniang Peng with HUST & R4nger with CyberKunLun
CVE-2026-20871	Desktop Window Manager Exploitation More Likely	CWE-416: Use After Free	Desktop Window Manager Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By Anonymous working with Trend Zero Day Initiative
CVE-2026-20832	Windows Remote Procedure Call Interface Definition Language (IDL) Exploitation Less Likely	CWE-415: Double Free	Windows Remote Procedure Call Interface Definition Language (IDL) Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By Pwnforr777
CVE-2026-20863	Win32k Exploitation Less Likely	CWE-415: Double Free	Win32k Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By goodbyeselene
CVE-2026-20809	Windows Kernel Memory Exploitation Less Likely	CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition CWE-122: Heap-based Buffer Overflow	Windows Kernel Memory Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By Microsoft Offensive Research & Security Engineering
CVE-2026-20816	Windows Installer Exploitation More Likely	CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition	Windows Installer Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By JaGoTu with DCIT, a.s.
CVE-2026-20831	Windows Ancillary Function Driver for WinSock Exploitation Less Likely	CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By Angelboy (@scwuaptx) with DEVCORE dungnm with Viettel Cyber Security Lê Trần Hải Tùng with Viettel Cyber Security
CVE-2026-20853	Windows WalletService Exploitation Less Likely	CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')	Windows WalletService Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By Zhang WangJunJie, He YiSheng with Hillstone Networks Security Research Institute
CVE-2026-20934	Windows SMB Server Exploitation Unlikely	CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')	Windows SMB Server Elevation of Privilege Vulnerability CVSS vector: AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By Microsoft
CVE-2026-20927	Windows SMB Server Exploitation Unlikely	CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')	Windows SMB Server Denial of Service Vulnerability CVSS vector: AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By Microsoft
CVE-2026-20926	Windows SMB Server Exploitation Unlikely	CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')	Windows SMB Server Elevation of Privilege Vulnerability CVSS vector: AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By Microsoft
CVE-2026-20921	Windows SMB Server Exploitation Unlikely	CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')	Windows SMB Server Elevation of Privilege Vulnerability CVSS vector: AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By Microsoft
CVE-2026-20919	Windows SMB Server Exploitation Unlikely	CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')	Windows SMB Server Elevation of Privilege Vulnerability CVSS vector: AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By Microsoft
CVE-2026-20848	Windows SMB Server Exploitation Unlikely	CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')	Windows SMB Server Elevation of Privilege Vulnerability CVSS vector: AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By Microsoft
CVE-2026-20918	Windows Management Services Exploitation Unlikely	CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free	Windows Management Services Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By Anonymous Jongseong Kim (nevul37), SEC-agent team Hwiwon Lee (develacker), SEC-agent team
CVE-2026-20874	Windows Management Services Exploitation Less Likely	CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free	Windows Management Services Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By Anonymous
CVE-2026-20873	Windows Management Services Exploitation Less Likely	CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free	Windows Management Services Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By Anonymous
CVE-2026-20867	Windows Management Services Exploitation Unlikely	CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free CWE-415: Double Free	Windows Management Services Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By Anonymous
CVE-2026-20866	Windows Management Services Exploitation Less Likely	CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')	Windows Management Services Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By Anonymous