Microsoft Windows_app
18 CVEs affecting Microsoft Windows_app. Latest disclosed: 2026-06-09. Critical: 0, High: 15.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-47289 | High | 8.8 | 2026-06-09 | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. |
CVE-2026-42985 | High | 8.8 | 2026-06-09 | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. |
CVE-2025-58718 | High | 8.8 | 2025-10-14 | Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network. |
CVE-2025-48817 | High | 8.8 | 2025-07-08 | Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network. |
CVE-2025-29966 | High | 8.8 | 2025-05-13 | Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network. |
CVE-2025-26645 | High | 8.8 | 2025-03-11 | Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network. |
CVE-2024-49105 | High | 8.4 | 2024-12-12 | Remote Desktop Client Remote Code Execution Vulnerability |
CVE-2025-27487 | High | 8.0 | 2025-04-08 | Heap-based buffer overflow in Remote Desktop Client allows an authorized attacker to execute code over a network. |
CVE-2020-0919 | High | 7.8 | 2020-04-15 | An elevation of privilege vulnerability exists in Remote Desktop App for Mac in the way it allows an attacker to load unsigned binaries, aka 'Microsoft Remote… |
CVE-2026-45639 | High | 7.5 | 2026-06-09 | Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network. |
CVE-2026-44801 | High | 7.5 | 2026-06-09 | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. |
CVE-2026-44799 | High | 7.5 | 2026-06-09 | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. |
CVE-2026-42992 | High | 7.5 | 2026-06-09 | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. |
CVE-2026-42909 | High | 7.5 | 2026-06-09 | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. |
CVE-2026-42908 | High | 7.5 | 2026-06-09 | Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network. |
CVE-2025-32715 | Medium | 6.5 | 2025-06-10 | Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network. |
CVE-2026-23656 | Medium | 5.9 | 2026-03-10 | Insufficient verification of data authenticity in Windows App Installer allows an unauthorized attacker to perform spoofing over a network. |
CVE-2026-21517 | Medium | 4.7 | 2026-02-10 | Improper link resolution before file access ('link following') in Windows App for Mac allows an authorized attacker to elevate privileges locally. |