Microsoft Windows
3740 CVEs affecting Microsoft Windows. Latest disclosed: 2026-06-05. Critical: 289, High: 1081.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-1044 | Critical | 10.0 | 2016-05-11 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016… |
CVE-2016-1041 | Critical | 10.0 | 2016-05-11 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016… |
CVE-2016-1038 | Critical | 10.0 | 2016-05-11 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016… |
CVE-2016-1505 | Critical | 10.0 | 2016-02-03 | The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrate… |
CVE-2016-1985 | Critical | 10.0 | 2016-01-30 | HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache… |
CVE-2015-8459 | Critical | 10.0 | 2015-12-28 | Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Ado… |
CVE-2026-8398 | Critical | 9.8 | 2026-05-15 | A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows versions 12.5.0.2421 through 12.5.0.2434), distributed from… |
CVE-2026-42249 | Critical | 9.8 | 2026-04-29 | Ollama for Windows contains a Remote Code Execution vulnerability in its update mechanism due to improper handling of attacker‑controlled HTTP response headers… |
CVE-2026-42248 | Critical | 9.8 | 2026-04-29 | Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables. Unlike other platforms, the Windows implementation… |
CVE-2026-33519 | Critical | 9.8 | 2026-04-21 | An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check per… |
CVE-2026-33518 | Critical | 9.8 | 2026-04-21 | An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create develo… |
CVE-2024-3566 | Critical | 9.8 | 2024-04-10 | A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function whe… |
CVE-2017-17671 | Critical | 9.8 | 2017-12-14 | vBulletin through 5.3.x on Windows allows remote PHP code execution because a require_once call is reachable with an unauthenticated request that can include d… |
CVE-2017-3114 | Critical | 9.8 | 2017-12-09 | An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is p… |
CVE-2017-3112 | Critical | 9.8 | 2017-12-09 | An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is p… |
CVE-2017-11294 | Critical | 9.8 | 2017-12-09 | An issue was discovered in Adobe Shockwave 12.2.9.199 and earlier. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to… |
CVE-2017-11225 | Critical | 9.8 | 2017-12-09 | An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Prime… |
CVE-2017-11215 | Critical | 9.8 | 2017-12-09 | An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Prime… |
CVE-2017-11213 | Critical | 9.8 | 2017-12-09 | An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is p… |
CVE-2017-11282 | Critical | 9.8 | 2017-12-01 | Adobe Flash Player has an exploitable memory corruption vulnerability in the MP4 atom parser. Successful exploitation could lead to arbitrary code execution. T… |