CWE-822
Untrusted Pointer Dereference
Extended description
An attacker can supply a pointer for memory locations that the product is not expecting. If the pointer is dereferenced for a write operation, the attack might allow modification of critical state variables, cause a crash, or execute code. If the dereferencing operation is for a read, then the attack might allow reading of sensitive data, cause a crash, or set a variable to an unexpected value (since the value will be read from an unexpected memory location). There are several variants of this weakness, including but not necessarily limited to: The untrusted value is directly invoked as a function call. In OS kernels or drivers where there is a boundary between "userland" and privileged memory spaces, an untrusted pointer might enter through an API or system call (see CWE-781 for one such example). Inadvertently accepting the value from an untrusted control sphere when it did not have to be accepted as input at all. This might occur when the code was originally developed to be run by a single user in a non-networked environment, and the code is then ported to or otherwise exposed to a networked environment.
Common consequences3
- ConfidentialityRead Memory
If the untrusted pointer is used in a read operation, an attacker might be able to read sensitive portions of memory.
- AvailabilityDoS: Crash, Exit, or Restart
If the untrusted pointer references a memory location that is not accessible to the product, or points to a location that is "malformed" or larger than expected by a read or write operation, the application may terminate unexpectedly.
- IntegrityConfidentialityAvailabilityExecute Unauthorized Code or CommandsModify Memory
If the untrusted pointer is used in a function call, or points to unexpected data in a write operation, then code execution may be possible.
CVEs referencing this CWE100
| CVE | Description | Severity | EPSS | Flags | Modified |
|---|---|---|---|---|---|
| CVE-2023-21768 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | HIGH7.8 | 65%p99 | Weaponized | 2025-01-01 |
| CVE-2024-21338 | Windows Kernel Elevation of Privilege Vulnerability | HIGH7.8 | 52%p99 | KEV+RPoC | 2025-10-28 |
| CVE-2024-35250 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | HIGH7.8 | 25%p98 | KEVWeaponized | 2025-12-17 |
| CVE-2023-29360 | Microsoft Streaming Service Elevation of Privilege Vulnerability | HIGH8.4 | 22%p97 | KEVPoC | 2025-10-28 |
| CVE-2023-36033 | Windows DWM Core Library Elevation of Privilege Vulnerability | HIGH7.8 | 12%p96 | KEV | 2025-10-28 |
| CVE-2019-13334 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DXF files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8774. | HIGH7.8 | 6.67%p93 | 2024-11-21 | |
| CVE-2018-17893 | LAquis SCADA Versions 4.1.0.3870 and prior has an untrusted pointer dereference vulnerability, which may allow remote code execution. | NONE | 6.38%p93 | 2024-11-21 | |
| CVE-2025-24990 | Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update. Fax modem hardware dependent on this specific driver will no longer work on Windows. Microsoft recommends removing any existing dependencies on this hardware. | HIGH7.8 | 5.79%p92 | KEV | 2026-02-26 |
| CVE-2025-55681 | Out-of-bounds read in Windows DWM allows an authorized attacker to elevate privileges locally. | HIGH7.8 | 5.12%p91 | 2026-02-26 | |
| CVE-2024-21346 | Win32k Elevation of Privilege Vulnerability | HIGH7.8 | 4.15%p90 | 2025-05-09 | |
| CVE-2020-26991 | A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing ASM files. This could lead to pointer dereferences of a value obtained from untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11899) | HIGH8.8 | 3.99%p89 | 2024-11-21 | |
| CVE-2024-43629 | Windows DWM Core Library Elevation of Privilege Vulnerability | HIGH7.8 | 3.93%p89 | 2025-07-08 | |
| CVE-2018-14811 | Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer dereference vulnerabilities have been identified, which may allow remote code execution. | NONE | 3.58%p88 | 2024-11-21 | |
| CVE-2025-50165 | Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network. | CRITICAL9.8 | 3.54%p88 | PoC | 2026-02-26 |
| CVE-2026-40369 | Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | HIGH7.8 | 3.52%p88 | PoC | 2026-06-09 |
| CVE-2024-26254 | Microsoft Virtual Machine Bus (VMBus) Denial of Service Vulnerability | HIGH7.5 | 3.14%p86 | 2025-05-03 | |
| CVE-2017-12719 | An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A remote attacker is able to execute code to dereference a pointer within the program causing the application to become unavailable. | NONE | 3.05%p86 | 2026-05-13 | |
| CVE-2018-7497 | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several untrusted pointer dereference vulnerabilities have been identified, which may allow an attacker to execute arbitrary code. | NONE | 2.92%p85 | 2024-11-21 | |
| CVE-2023-1437 | All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent could contain raw memory pointers for the server to use as-is. This could allow an attacker to gain access to the remote file system and the ability to execute commands and overwrite files. | CRITICAL9.8 | 2.80%p85 | 2024-11-21 | |
| CVE-2020-27259 | The Omron CX-One Version 4.60 and prior may allow an attacker to supply a pointer to arbitrary memory locations, which may allow an attacker to remotely execute arbitrary code. | HIGH8.8 | 2.67%p84 | 2024-11-21 | |
| CVE-2018-19029 | LCDS Laquis SCADA prior to version 4.1.0.4150 allows an attacker using a specially crafted project file to supply a pointer for a controlled memory address, which may allow remote code execution, data exfiltration, or cause a system crash. | NONE | 2.67%p84 | 2024-11-21 | |
| CVE-2020-27277 | Delta Electronics DOPSoft Version 4.0.8.21 and prior has a null pointer dereference issue while processing project files, which may allow an attacker to execute arbitrary code. | HIGH7.8 | 2.19%p80 | 2024-11-21 | |
| CVE-2021-22649 | Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 have multiple NULL pointer dereference issues while processing project files, which may allow an attacker to execute arbitrary code. | HIGH7.8 | 2.16%p80 | 2024-11-21 | |
| CVE-2017-16728 | An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash. | NONE | 2.08%p79 | 2024-11-21 | |
| CVE-2024-20680 | Windows Message Queuing Client (MSMQC) Information Disclosure | MEDIUM6.5 | 2.04%p79 | 2025-06-09 | |
| CVE-2023-36596 | Remote Procedure Call Information Disclosure Vulnerability | HIGH7.5 | 2.04%p79 | 2025-04-14 | |
| CVE-2021-27496 | Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior lack proper validation of user-supplied data when parsing PRT files. This could lead to pointer dereferences of a value obtained from an untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process. | HIGH7.8 | 2.03%p78 | 2024-11-21 | |
| CVE-2024-20664 | Microsoft Message Queuing Information Disclosure Vulnerability | MEDIUM6.5 | 2.00%p78 | 2025-05-03 | |
| CVE-2023-21677 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | HIGH7.5 | 1.98%p78 | 2025-01-01 | |
| CVE-2024-30090 | Microsoft Streaming Service Elevation of Privilege Vulnerability | HIGH7.0 | 1.97%p78 | PoC | 2025-12-17 |
| CVE-2024-20663 | Windows Message Queuing Client (MSMQC) Information Disclosure | MEDIUM6.5 | 1.93%p77 | 2025-06-03 | |
| CVE-2020-27289 | Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior has a null pointer dereference issue while processing project files, which may allow an attacker to execute arbitrary code. | HIGH7.8 | 1.91%p77 | 2024-11-21 | |
| CVE-2024-38104 | Windows Fax Service Remote Code Execution Vulnerability | HIGH8.8 | 1.84%p76 | 2026-02-10 | |
| CVE-2024-43624 | Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability | HIGH8.8 | 1.81%p76 | 2025-07-08 | |
| CVE-2025-60719 | Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | HIGH7.0 | 1.68%p74 | PoC | 2026-02-26 |
| CVE-2024-37339 | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability | HIGH8.8 | 1.62%p73 | 2024-12-31 | |
| CVE-2024-37340 | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability | HIGH8.8 | 1.62%p73 | 2024-12-31 | |
| CVE-2021-31504 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.3.84 (package 16.6.3.134). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12691. | HIGH7.8 | 1.42%p69 | 2024-11-21 | |
| CVE-2021-31500 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12746. | HIGH7.8 | 1.42%p69 | 2024-11-21 | |
| CVE-2021-31481 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SLDPRT files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12659. | HIGH7.8 | 1.42%p69 | 2024-11-21 | |
| CVE-2024-37969 | Secure Boot Security Feature Bypass Vulnerability | HIGH8.0 | 1.37%p68 | 2026-02-10 | |
| CVE-2020-27288 | An untrusted pointer dereference has been identified in the way TPEditor(v1.98 and prior) processes project files, allowing an attacker to craft a special project file that may permit arbitrary code execution. | HIGH7.8 | 1.28%p66 | 2024-11-21 | |
| CVE-2020-1899 | The unserialize() function supported a type code, "S", which was meant to be supported only for APC serialization. This type code allowed arbitrary memory addresses to be accessed as if they were static StringData objects. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0. | HIGH7.5 | 1.22%p65 | 2024-11-21 | |
| CVE-2025-62549 | Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | HIGH8.8 | 1.20%p64 | 2026-04-16 | |
| CVE-2018-12548 | In OpenJDK + Eclipse OpenJ9 version 0.11.0 builds, the public jdk.crypto.jniprovider.NativeCrypto class contains public static natives which accept pointer values that are dereferenced in the native code. | NONE | 1.13%p62 | 2024-11-21 | |
| CVE-2024-38187 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | HIGH7.8 | 1.11%p62 | 2025-07-10 | |
| CVE-2024-38185 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | HIGH7.8 | 1.11%p62 | 2025-07-10 | |
| CVE-2026-21250 | Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally. | HIGH7.8 | 1.04%p59 | PoC | 2026-05-11 |
| CVE-2024-49090 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | HIGH7.8 | 1.04%p60 | 2026-06-09 | |
| CVE-2020-26997 | A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2020 (All versions < SE2020MP14), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could lead to pointer dereferences of a value obtained from untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11919) | HIGH7.8 | 1.04%p60 | 2024-11-21 | |
| CVE-2025-21381 | Microsoft Excel Remote Code Execution Vulnerability | HIGH7.8 | 1.01%p59 | 2026-02-13 | |
| CVE-2023-36045 | Microsoft Office Graphics Remote Code Execution Vulnerability | HIGH7.8 | 0.98%p58 | 2025-10-08 | |
| CVE-2025-21354 | Microsoft Excel Remote Code Execution Vulnerability | HIGH7.8 | 0.94%p56 | 2026-06-09 | |
| CVE-2021-38401 | Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an untrusted pointer dereference, which may allow an attacker to execute arbitrary code and cause the application to crash. | HIGH7.8 | 0.92%p56 | 2024-11-21 | |
| CVE-2022-22514 | An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash. | HIGH7.1 | 0.83%p53 | 2024-11-21 | |
| CVE-2024-43529 | Windows Print Spooler Elevation of Privilege Vulnerability | HIGH7.3 | 0.79%p51 | 2026-06-09 | |
| CVE-2025-21363 | Microsoft Word Remote Code Execution Vulnerability | HIGH7.8 | 0.76%p50 | 2026-06-09 | |
| CVE-2024-36461 | Within Zabbix, users have the ability to directly modify memory pointers in the JavaScript engine. | HIGH8.8 | 0.76%p50 | 2025-11-03 | |
| CVE-2024-20682 | Windows Cryptographic Services Remote Code Execution Vulnerability | HIGH7.8 | 0.76%p50 | 2025-05-03 | |
| CVE-2025-27747 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | HIGH7.8 | 0.73%p49 | 2026-02-13 | |
| CVE-2024-26252 | Windows rndismp6.sys Remote Code Execution Vulnerability | MEDIUM6.8 | 0.73%p49 | 2025-05-03 | |
| CVE-2020-27003 | A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing TIFF files. This could lead to pointer dereferences of a value obtained from untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12158) | HIGH7.8 | 0.72%p49 | 2024-11-21 | |
| CVE-2023-36011 | Win32k Elevation of Privilege Vulnerability | HIGH7.8 | 0.71%p48 | 2025-05-22 | |
| CVE-2024-43636 | Win32k Elevation of Privilege Vulnerability | HIGH7.8 | 0.68%p47 | 2025-07-08 | |
| CVE-2025-21358 | Windows Core Messaging Elevation of Privileges Vulnerability | HIGH7.8 | 0.67%p47 | 2026-02-13 | |
| CVE-2026-33120 | Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network. | HIGH8.8 | 0.66%p47 | 2026-06-01 | |
| CVE-2025-60728 | Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network. | MEDIUM4.3 | 0.66%p47 | 2026-02-13 | |
| CVE-2025-29812 | Untrusted pointer dereference in Windows Kernel Memory allows an authorized attacker to elevate privileges locally. | HIGH7.8 | 0.66%p47 | 2026-02-13 | |
| CVE-2025-24083 | Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally. | HIGH7.8 | 0.66%p46 | 2026-02-13 | |
| CVE-2025-49689 | Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally. | HIGH7.8 | 0.65%p46 | 2026-02-26 | |
| CVE-2025-24084 | Untrusted pointer dereference in Windows Subsystem for Linux allows an unauthorized attacker to execute code locally. | HIGH8.4 | 0.65%p46 | 2026-02-13 | |
| CVE-2024-43516 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability | HIGH7.8 | 0.61%p45 | 2026-06-09 | |
| CVE-2026-20955 | Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | HIGH7.8 | 0.60%p44 | 2026-04-01 | |
| CVE-2025-54905 | Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | HIGH7.1 | 0.59%p43 | 2026-02-20 | |
| CVE-2024-26213 | Microsoft Brokering File System Elevation of Privilege Vulnerability | HIGH7.0 | 0.58%p43 | 2025-05-03 | |
| CVE-2024-37983 | Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability | MEDIUM6.7 | 0.57%p43 | 2026-06-09 | |
| CVE-2024-37979 | Windows Kernel Elevation of Privilege Vulnerability | HIGH7.8 | 0.57%p43 | 2026-06-09 | |
| CVE-2024-37982 | Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability | HIGH7.8 | 0.57%p43 | 2026-06-09 | |
| CVE-2018-7502 | Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges. | NONE | 0.56%p42 | 2024-11-21 | |
| CVE-2026-20819 | Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to disclose information locally. | MEDIUM5.5 | 0.55%p41 | 2026-04-01 | |
| CVE-2020-14392 | An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability. | MEDIUM5.5 | 0.55%p42 | 2024-11-21 | |
| CVE-2026-26113 | Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally. | HIGH7.8 | 0.54%p41 | 2026-04-14 | |
| CVE-2024-43646 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability | HIGH7.8 | 0.54%p41 | 2025-07-08 | |
| CVE-2024-43631 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability | HIGH7.8 | 0.54%p41 | 2025-07-08 | |
| CVE-2023-36759 | Visual Studio Elevation of Privilege Vulnerability | MEDIUM6.7 | 0.53%p40 | 2025-10-30 | |
| CVE-2020-17392 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.3-47255. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handler for HOST_IOCTL_SET_KERNEL_SYMBOLS in the prl_hypervisor kext. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. Was ZDI-CAN-10519. | HIGH8.8 | 0.53%p41 | 2024-11-21 | |
| CVE-2026-20948 | Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. | HIGH7.8 | 0.52%p40 | 2026-04-01 | |
| CVE-2025-27739 | Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally. | HIGH7.8 | 0.52%p40 | 2026-02-13 | |
| CVE-2025-62556 | Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | HIGH7.8 | 0.51%p39 | 2026-04-16 | |
| CVE-2023-32040 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | MEDIUM5.5 | 0.51%p40 | 2025-02-28 | |
| CVE-2024-43553 | NT OS Kernel Elevation of Privilege Vulnerability | HIGH7.0 | 0.50%p38 | 2026-06-09 | |
| CVE-2023-27342 | PDF-XChange Editor EMF File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18766. | HIGH7.8 | 0.50%p39 | 2025-05-20 | |
| CVE-2026-20811 | Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. | HIGH7.8 | 0.49%p38 | 2026-04-01 | |
| CVE-2026-20938 | Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally. | HIGH7.8 | 0.48%p38 | 2026-04-01 | |
| CVE-2025-62560 | Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | HIGH7.8 | 0.47%p37 | 2026-04-16 | |
| CVE-2025-62561 | Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | HIGH7.8 | 0.47%p37 | 2026-04-16 | |
| CVE-2025-30381 | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | HIGH7.8 | 0.47%p37 | 2026-02-13 | |
| CVE-2023-23394 | Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability | MEDIUM5.5 | 0.47%p37 | 2025-01-01 | |
| CVE-2026-26112 | Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | HIGH7.8 | 0.46%p36 | 2026-04-14 | |
| CVE-2026-20857 | Untrusted pointer dereference in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. | HIGH7.8 | 0.46%p36 | 2026-04-01 |