Filtered by vendor Microsoft
Subscribe
Total
24665 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-26177 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-04-23 | N/A | 7.0 HIGH |
| Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-26178 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2026-04-23 | N/A | 8.8 HIGH |
| Integer size truncation in Windows Advanced Rasterization Platform (WARP) allows an unauthorized attacker to elevate privileges locally. | |||||
| CVE-2026-26179 | 1 Microsoft | 6 Windows 11 23h2, Windows 11 24h2, Windows 11 25h2 and 3 more | 2026-04-23 | N/A | 7.8 HIGH |
| Double free in Windows Kernel allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-26180 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-04-23 | N/A | 7.8 HIGH |
| Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-26181 | 1 Microsoft | 6 Windows 11 23h2, Windows 11 24h2, Windows 11 25h2 and 3 more | 2026-04-23 | N/A | 7.8 HIGH |
| Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-26182 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-04-23 | N/A | 7.0 HIGH |
| Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-26183 | 1 Microsoft | 6 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 3 more | 2026-04-23 | N/A | 7.8 HIGH |
| Improper access control in Windows RPC API allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-26184 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 8 more | 2026-04-23 | N/A | 7.8 HIGH |
| Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-33414 | 2 Microsoft, Podman Project | 2 Windows, Podman | 2026-04-23 | N/A | 7.8 HIGH |
| Podman is a tool for managing OCI containers and pods. Versions 4.8.0 through 5.8.1 contain a command injection vulnerability in the HyperV machine backend in pkg/machine/hyperv/stubber.go, where the VM image path is inserted into a PowerShell double-quoted string without sanitization, allowing $() subexpression injection. Because PowerShell evaluates subexpressions inside double-quoted strings before executing the outer command, an attacker who can control the VM image path through a crafted machine name or image directory can execute arbitrary PowerShell commands with the privileges of the Podman process. On typical Windows installations this means SYSTEM-level code execution, and only Windows is affected as the code is exclusive to the HyperV backend. This issue has been patched in version 5.8.2. | |||||
| CVE-2026-27906 | 1 Microsoft | 6 Windows 10 21h2, Windows 10 22h2, Windows 11 23h2 and 3 more | 2026-04-23 | N/A | 4.4 MEDIUM |
| Improper input validation in Windows Hello allows an authorized attacker to bypass a security feature locally. | |||||
| CVE-2026-33825 | 1 Microsoft | 1 Defender Antimalware Platform | 2026-04-23 | N/A | 7.8 HIGH |
| Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-66769 | 2 Gonitro, Microsoft | 2 Nitro Pdf Pro, Windows | 2026-04-23 | N/A | 7.5 HIGH |
| A NULL pointer dereference in Nitro PDF Pro for Windows v14.41.1.4 allows attackers to cause a Denial of Service (DoS) via a crafted XFA packet. | |||||
| CVE-2025-69624 | 2 Gonitro, Microsoft | 2 Nitro Pdf Pro, Windows | 2026-04-23 | N/A | 7.5 HIGH |
| Nitro PDF Pro for Windows 14.41.1.4 contains a NULL pointer dereference vulnerability in the JavaScript implementation of app.alert(). When app.alert() is called with more than one argument and the first argument evaluates to null (for example, app.alert(app.activeDocs, true) when app.activeDocs is null), the engine routes the call through a fallback path intended for non-string arguments. In this path, js_ValueToString() is invoked on the null value and returns an invalid string pointer, which is then passed to JS_GetStringChars() without validation. Dereferencing this pointer leads to an access violation and application crash when opening a crafted PDF. | |||||
| CVE-2026-27907 | 1 Microsoft | 6 Windows 11 23h2, Windows 11 24h2, Windows 11 25h2 and 3 more | 2026-04-23 | N/A | 7.8 HIGH |
| Integer underflow (wrap or wraparound) in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-27908 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-04-23 | N/A | 7.0 HIGH |
| Use after free in Windows TDI Translation Driver (tdx.sys) allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-27909 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-04-23 | N/A | 7.8 HIGH |
| Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-27910 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-04-23 | N/A | 7.8 HIGH |
| Improper handling of insufficient permissions or privileges in Windows Installer allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-27911 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-04-23 | N/A | 7.8 HIGH |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-27912 | 1 Microsoft | 6 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 3 more | 2026-04-23 | N/A | 8.0 HIGH |
| Improper authorization in Windows Kerberos allows an authorized attacker to elevate privileges over an adjacent network. | |||||
| CVE-2026-27913 | 1 Microsoft | 5 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 2 more | 2026-04-23 | N/A | 7.7 HIGH |
| Improper input validation in Windows BitLocker allows an unauthorized attacker to bypass a security feature locally. | |||||