Microsoft Windows 10 1809 vulnerabilities
1,697 known vulnerabilities affecting microsoft/windows_10_1809.
Total CVEs
1,697
CISA KEV
99
actively exploited
Public exploits
40
Exploited in wild
70
Severity breakdown
CRITICAL41HIGH1202MEDIUM449LOW5
Vulnerabilities
Page 6 of 85
CVE-2026-26180HIGHCVSS 7.8fixed in 10.0.17763.86442026-04-14
CVE-2026-26180 [HIGH] CWE-122 CVE-2026-26180: Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges loc
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-27918HIGHCVSS 7.0fixed in 10.0.17763.86442026-04-14
CVE-2026-27918 [HIGH] CWE-362 CVE-2026-27918: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-26161HIGHCVSS 7.8fixed in 10.0.17763.86442026-04-14
CVE-2026-26161 [HIGH] CWE-20 CVE-2026-26161: Untrusted pointer dereference in Windows Sensor Data Service allows an authorized attacker to elevat
Untrusted pointer dereference in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-27926HIGHCVSS 7.0fixed in 10.0.17763.86442026-04-14
CVE-2026-27926 [HIGH] CWE-362 CVE-2026-27926: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-32077HIGHCVSS 7.8fixed in 10.0.17763.86442026-04-14
CVE-2026-32077 [HIGH] CWE-822 CVE-2026-32077: Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an author
Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-27927HIGHCVSS 7.0fixed in 10.0.17763.86442026-04-14
CVE-2026-27927 [HIGH] CWE-362 CVE-2026-27927: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Projected File System allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-32093HIGHCVSS 7.0fixed in 10.0.17763.86442026-04-14
CVE-2026-32093 [HIGH] CWE-122 CVE-2026-32093: Concurrent execution using shared resource with improper synchronization ('race condition') in Funct
Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-32163HIGHCVSS 7.8fixed in 10.0.17763.86442026-04-14
CVE-2026-32163 [HIGH] CWE-362 CVE-2026-32163: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-27908HIGHCVSS 7.0fixed in 10.0.17763.86442026-04-14
CVE-2026-27908 [HIGH] CWE-416 CVE-2026-27908: Use after free in Windows TDI Translation Driver (tdx.sys) allows an authorized attacker to elevate
Use after free in Windows TDI Translation Driver (tdx.sys) allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-32159HIGHCVSS 7.8fixed in 10.0.17763.86442026-04-14
CVE-2026-32159 [HIGH] CWE-362 CVE-2026-32159: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-26167HIGHCVSS 7.8fixed in 10.0.17763.86442026-04-14
CVE-2026-26167 [HIGH] CWE-362 CVE-2026-26167: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-32083HIGHCVSS 7.0fixed in 10.0.17763.86442026-04-14
CVE-2026-32083 [HIGH] CWE-362 CVE-2026-32083: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-32082HIGHCVSS 7.0fixed in 10.0.17763.86442026-04-14
CVE-2026-32082 [HIGH] CWE-362 CVE-2026-32082: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-27917HIGHCVSS 7.0fixed in 10.0.17763.86442026-04-14
CVE-2026-27917 [HIGH] CWE-416 CVE-2026-27917: Use after free in Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) allows an authorized atta
Use after free in Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-27920HIGHCVSS 7.8fixed in 10.0.17763.86442026-04-14
CVE-2026-27920 [HIGH] CWE-822 CVE-2026-27920: Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an author
Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-26182HIGHCVSS 7.0fixed in 10.0.17763.86442026-04-14
CVE-2026-26182 [HIGH] CWE-416 CVE-2026-26182: Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to ele
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-32091HIGHCVSS 7.0fixed in 10.0.17763.86442026-04-14
CVE-2026-32091 [HIGH] CWE-362 CVE-2026-32091: Concurrent execution using shared resource with improper synchronization ('race condition') in Micro
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.
nvd
CVE-2026-27919HIGHCVSS 7.8fixed in 10.0.17763.86442026-04-14
CVE-2026-27919 [HIGH] CWE-822 CVE-2026-27919: Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an author
Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-26159HIGHCVSS 7.8fixed in 10.0.17763.86442026-04-14
CVE-2026-26159 [HIGH] CWE-306 CVE-2026-26159: Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an a
Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-20928MEDIUMCVSS 4.6fixed in 10.0.17763.86442026-04-14
CVE-2026-20928 [MEDIUM] CWE-212 CVE-2026-20928: Improper removal of sensitive information before storage or transfer in Windows Recovery Environment
Improper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an unauthorized attacker to bypass a security feature with a physical attack.
nvd