Analyst command view

MSRC Driver CVE Board

Latest-state board for filtered MSRC CVEs from 2020-01-01 to today, tuned for fast triage across module, CWE, release window, exploitation signal, and acknowledgement context.

Live snapshot

Last Sync

2026-05-20T07:39:30Z

Freshness

1 day(s) ago

Refresh Policy

24h baseline + release watch

Storage

Latest snapshot only

Rows In View

4933

Current result set after filter and search.

Exploited Flagged

4189

Rows with a non-empty exploitation signal.

Distinct CWE

162

Unique weakness classes in this view.

Modules

1528

Unique inferred driver or component labels.

Module

CWE

Rows

Sort

Actions

Reset

Top CWE

162 classes

Unspecified2109 CWE-416: Use After Free443 CWE-122: Heap-based Buffer Overflow354 CWE-125: Out-of-bounds Read269 CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')147 CWE-20: Improper Input Validation142 CWE-190: Integer Overflow or Wraparound127 CWE-476: NULL Pointer Dereference126

Top Modules

1528 modules

Windows Kernel220 Windows Routing and Remote Access Service (RRAS)111 Windows Hyper-V101 Win32k100 Windows Graphics Component89 Windows Print Spooler69 Remote Procedure Call Runtime67 Microsoft Message Queuing (MSMQ)63

Release Month

January 2026

39 CVE | last update 1 day(s) ago

Release 2026-01-13 Patch Tuesday Count 39

CVE	Module	CWE	Title Advisory text and compact technical context	Release	Exploited	Acknowledgement
CVE-2026-20861	Windows Management Services Exploitation Less Likely	CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free CWE-415: Double Free	Windows Management Services Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By Anonymous
CVE-2026-20869	Windows Local Session Manager (LSM) Exploitation Less Likely	CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')	Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By Jose Polo Bolano with Microsoft
CVE-2026-20808	Windows File Explorer Exploitation Less Likely	CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')	Windows File Explorer Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By Taewoo (Tae_ω02)
CVE-2026-20826	Tablet Windows User Interface (TWINUI) Subsystem Exploitation Less Likely	CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')	Tablet Windows User Interface (TWINUI) Subsystem Information Disclosure Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By Anonymous
CVE-2026-20836	DirectX Graphics Kernel Exploitation Less Likely	CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')	DirectX Graphics Kernel Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By cyanbamboo and b2ahex
CVE-2026-20814	DirectX Graphics Kernel Exploitation Less Likely	CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')	DirectX Graphics Kernel Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By cyanbamboo and b2ahex
CVE-2026-21221	Capability Access Management Service (camsvc) Exploitation Unlikely	CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free	Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By k0shl
CVE-2026-20830	Capability Access Management Service (camsvc) Exploitation Unlikely	CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free	Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By k0shl
CVE-2026-20815	Capability Access Management Service (camsvc) Exploitation Less Likely	CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')	Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By k0shl
CVE-2026-20965	Windows Admin Center Exploitation Less Likely	CWE-347: Improper Verification of Cryptographic Signature	Windows Admin Center Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By Ben Zamir with Cymulate Ilan Kalenadrov with Cymulate Elad Beber with Cymulate
CVE-2026-20843	Windows Routing and Remote Access Service (RRAS) Exploitation More Likely	CWE-284: Improper Access Control	Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By Ezrakie
CVE-2026-20825	Windows Hyper-V Exploitation Less Likely	CWE-284: Improper Access Control	Windows Hyper-V Information Disclosure Vulnerability CVSS vector: AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C	2026-01-13	No	Reported By Andrey Markovytch
CVE-2026-20929	Windows HTTP.sys Exploitation Unlikely	CWE-284: Improper Access Control	Windows HTTP.sys Elevation of Privilege Vulnerability CVSS vector: AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By Andrea Pierini with Semperis Ben Zamir with Cymulate Howard McGreehan with MSRC V&M
CVE-2026-0386	Windows Deployment Services Exploitation Unlikely	CWE-284: Improper Access Control	Windows Deployment Services Remote Code Execution Vulnerability CVSS vector: AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By Microsoft Offensive Research and Security Engineering (MORSE) with Microsoft
CVE-2026-20839	Windows Client-Side Caching (CSC) Service Exploitation Unlikely	CWE-284: Improper Access Control	Windows Client-Side Caching (CSC) Service Information Disclosure Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C	2026-01-13	No	Reported By Microsoft Offensive Research & Security Engineering
CVE-2026-20817	Windows Error Reporting Service Exploitation More Likely	CWE-280: Improper Handling of Insufficient Permissions or Privileges	Windows Error Reporting Service Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By Ruslan Sayfiev with GMO Cybersecurity by Ierae Denis Faiustov with GMO Cybersecurity by Ierae
CVE-2026-20856	Windows Server Update Service (WSUS) Exploitation Less Likely	CWE-20: Improper Input Validation	Windows Server Update Service (WSUS) Remote Code Execution Vulnerability CVSS vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By Chris Ward
CVE-2026-20838	Windows Kernel Exploitation Less Likely	CWE-209: Generation of Error Message Containing Sensitive Information	Windows Kernel Information Disclosure Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C	2026-01-13	No	Reported By Microsoft Offensive Research & Security Engineering
CVE-2026-20862	Windows Management Services Exploitation Unlikely	CWE-200: Exposure of Sensitive Information to an Unauthorized Actor	Windows Management Services Information Disclosure Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C	2026-01-13	No	Reported By Anonymous
CVE-2026-20939	Windows File Explorer Exploitation Unlikely	CWE-200: Exposure of Sensitive Information to an Unauthorized Actor	Windows File Explorer Information Disclosure Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C	2026-01-13	No	-
CVE-2026-20937	Windows File Explorer Exploitation Unlikely	CWE-200: Exposure of Sensitive Information to an Unauthorized Actor	Windows File Explorer Information Disclosure Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C	2026-01-13	No	-
CVE-2026-20932	Windows File Explorer Exploitation Unlikely	CWE-200: Exposure of Sensitive Information to an Unauthorized Actor	Windows File Explorer Information Disclosure Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C	2026-01-13	No	-
CVE-2026-20823	Windows File Explorer Exploitation Unlikely	CWE-200: Exposure of Sensitive Information to an Unauthorized Actor	Windows File Explorer Information Disclosure Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C	2026-01-13	No	Reported By Anonymous
CVE-2026-20827	Tablet Windows User Interface (TWINUI) Subsystem Exploitation Unlikely	CWE-200: Exposure of Sensitive Information to an Unauthorized Actor	Tablet Windows User Interface (TWINUI) Subsystem Information Disclosure Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C	2026-01-13	No	-
CVE-2026-20821	Remote Procedure Call Exploitation Unlikely	CWE-200: Exposure of Sensitive Information to an Unauthorized Actor	Remote Procedure Call Information Disclosure Vulnerability CVSS vector: AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C	2026-01-13	No	Reported By Communications Security Establishment
CVE-2026-20805	Desktop Window Manager Exploitation Detected	CWE-200: Exposure of Sensitive Information to an Unauthorized Actor	Desktop Window Manager Information Disclosure Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C	2026-01-13	Yes	Reported By Microsoft Threat Intelligence Center and Microsoft Security Response Center
CVE-2026-20828	Windows rndismp6.sys Exploitation Less Likely	CWE-125: Out-of-bounds Read	Windows rndismp6.sys Information Disclosure Vulnerability CVSS vector: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C	2026-01-13	No	Reported By B1aN
CVE-2026-20936	Windows NDIS Exploitation Unlikely	CWE-125: Out-of-bounds Read	Windows NDIS Information Disclosure Vulnerability CVSS vector: AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C	2026-01-13	No	-
CVE-2026-20829	TPM Trustlet Exploitation Less Likely	CWE-125: Out-of-bounds Read	TPM Trustlet Information Disclosure Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C	2026-01-13	No	Reported By Microsoft Offensive Research & Security Engineering
CVE-2026-20851	Capability Access Management Service (camsvc) Exploitation Less Likely	CWE-125: Out-of-bounds Read	Capability Access Management Service (camsvc) Information Disclosure Vulnerability CVSS vector: AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C	2026-01-13	No	Reported By k0shl
CVE-2026-20835	Capability Access Management Service (camsvc) Exploitation Less Likely	CWE-125: Out-of-bounds Read	Capability Access Management Service (camsvc) Information Disclosure Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C	2026-01-13	No	Reported By Jongseong Kim (nevul37), SEC-agent team Hwiwon Lee (hwiwonl), SEC-agent team k0shl
CVE-2026-20868	Windows Routing and Remote Access Service (RRAS) Exploitation Less Likely	CWE-122: Heap-based Buffer Overflow	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability CVSS vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By Anonymous
CVE-2026-20922	Windows NTFS Exploitation More Likely	CWE-122: Heap-based Buffer Overflow	Windows NTFS Remote Code Execution Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By Sergey Tarasov with Positive Technologies
CVE-2026-20840	Windows NTFS Exploitation More Likely	CWE-122: Heap-based Buffer Overflow	Windows NTFS Remote Code Execution Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By Sergey Tarasov with Positive Technologies
CVE-2024-55414	Windows Motorola Soft Modem Driver Exploitation Unlikely	CWE-122: Heap-based Buffer Overflow	Windows Motorola Soft Modem Driver Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By k0shl
CVE-2026-20837	Windows Media Exploitation Less Likely	CWE-122: Heap-based Buffer Overflow	Windows Media Remote Code Execution Vulnerability CVSS vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By Kai Lu with Palo Alto Networks
CVE-2026-20864	Windows Connected Devices Platform Service Exploitation Unlikely	CWE-122: Heap-based Buffer Overflow	Windows Connected Devices Platform Service Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By Zhang WangJunJie, He YiSheng with Hillstone Networks Security Research Institute
CVE-2026-20820	Windows Common Log File System Driver Exploitation More Likely	CWE-122: Heap-based Buffer Overflow	Windows Common Log File System Driver Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2026-01-13	No	Reported By 0rb1t with None
CVE-2023-31096	MITRE: CVE-2023-31096 Windows Agere Soft Modem Driver Exploitation More Likely	CWE-121: Stack-based Buffer Overflow	MITRE: CVE-2023-31096 Windows Agere Soft Modem Driver Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C	2026-01-13	No	Reported By Zeze with TeamT5

Release Month

December 2025

11 CVE | last update 1 day(s) ago

Release 2025-12-27 Other / OOB Count 1

CVE	Module	CWE	Title Advisory text and compact technical context	Release	Exploited	Acknowledgement
CVE-2025-13699	MariaDB mariadb-dump Utility Directory Traversal No latest release note	CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')	MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability CVSS vector: AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H	2025-12-27	-	-

Release 2025-12-19 Other / OOB Count 1

CVE	Module	CWE	Title Advisory text and compact technical context	Release	Exploited	Acknowledgement
CVE-2025-68156	Expr has No latest release note	CWE-770: Allocation of Resources Without Limits or Throttling	Expr has Denial of Service via Unbounded Recursion in Builtin Functions CVSS vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	2025-12-19	-	-

Release 2025-12-18 Other / OOB Count 2

CVE	Module	CWE	Title Advisory text and compact technical context	Release	Exploited	Acknowledgement
CVE-2025-64663	Custom Question Answering N/A	CWE-918: Server-Side Request Forgery (SSRF)	Custom Question Answering Elevation of Privilege Vulnerability CVSS vector: AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C	2025-12-18	No	-
CVE-2025-65041	Microsoft Partner Center No latest release note	CWE-285: Improper Authorization	Microsoft Partner Center Elevation of Privilege Vulnerability CVSS vector: AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:T/RC:C	2025-12-18	No	Reported By Gautam Peri

Release 2025-12-09 Patch Tuesday Count 7

CVE	Module	CWE	Title Advisory text and compact technical context	Release	Exploited	Acknowledgement
CVE-2025-62472	Windows Remote Access Connection Manager Exploitation More Likely	CWE-908: Use of Uninitialized Resource CWE-416: Use After Free	Windows Remote Access Connection Manager Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2025-12-09	No	Reported By anonymous
CVE-2025-62549	Windows Routing and Remote Access Service (RRAS) Exploitation Less Likely	CWE-822: Untrusted Pointer Dereference	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability CVSS vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2025-12-09	No	Reported By Anonymous
CVE-2025-54100	PowerShell Exploitation Less Likely	CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')	PowerShell Remote Code Execution Vulnerability CVSS vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2025-12-09	No	Reported By Osman Eren Güneş Melih Kaan Yıldız Anonymous Pēteris Hermanis Osipovs DeadOverflow Justin Necke
CVE-2025-62466	Windows Client-Side Caching Exploitation Less Likely	CWE-476: NULL Pointer Dereference	Windows Client-Side Caching Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2025-12-09	No	Reported By Ezrak1e
CVE-2025-62465	DirectX Graphics Kernel Exploitation Less Likely	CWE-476: NULL Pointer Dereference	DirectX Graphics Kernel Denial of Service Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C	2025-12-09	No	Reported By cyanbamboo and b2ahex
CVE-2025-62463	DirectX Graphics Kernel Exploitation Less Likely	CWE-476: NULL Pointer Dereference	DirectX Graphics Kernel Denial of Service Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C	2025-12-09	No	Reported By cyanbamboo and b2ahex
CVE-2025-62565	Windows File Explorer Exploitation Less Likely	CWE-416: Use After Free	Windows File Explorer Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2025-12-09	No	Reported By Anonymous