Filtered by vendor Microsoft
Subscribe
Total
24665 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-33100 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-04-17 | N/A | 7.0 HIGH |
| Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-33101 | 1 Microsoft | 5 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 and 2 more | 2026-04-17 | N/A | 7.8 HIGH |
| Use after free in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-33824 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-04-17 | N/A | 9.8 CRITICAL |
| Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2026-33826 | 1 Microsoft | 6 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 3 more | 2026-04-17 | N/A | 8.0 HIGH |
| Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network. | |||||
| CVE-2026-33827 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-04-17 | N/A | 8.1 HIGH |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2026-33104 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-04-17 | N/A | 7.0 HIGH |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-6307 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-04-17 | N/A | 8.8 HIGH |
| Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2026-6313 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-04-17 | N/A | 3.1 LOW |
| Insufficient policy enforcement in CORS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2026-33118 | 1 Microsoft | 1 Edge Chromium | 2026-04-16 | N/A | 4.3 MEDIUM |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||||
| CVE-2026-27284 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2026-04-16 | N/A | 7.8 HIGH |
| InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2026-27283 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2026-04-16 | N/A | 7.8 HIGH |
| InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2026-27238 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2026-04-16 | N/A | 7.8 HIGH |
| InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2026-27286 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2026-04-16 | N/A | 5.5 MEDIUM |
| InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2026-27285 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2026-04-16 | N/A | 5.5 MEDIUM |
| InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application or disrupt its functionality. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2026-34626 | 3 Adobe, Apple, Microsoft | 5 Acrobat, Acrobat Dc, Acrobat Reader Dc and 2 more | 2026-04-16 | N/A | 6.3 MEDIUM |
| Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary file system read in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2026-34622 | 3 Adobe, Apple, Microsoft | 5 Acrobat, Acrobat Dc, Acrobat Reader Dc and 2 more | 2026-04-16 | N/A | 8.6 HIGH |
| Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2026-35199 | 1 Microsoft | 1 Symcrypt | 2026-04-16 | N/A | 6.1 MEDIUM |
| SymCrypt is the core cryptographic function library currently used by Windows. From 103.5.0 to before 103.11.0, The SymCryptXmssSign function passes a 64-bit leaf count value to a helper function that accepts a 32-bit parameter. For XMSS^MT parameter sets with total tree height >= 32 (which includes standard predefined parameters), this causes silent truncation to zero, resulting in a drastically undersized scratch buffer allocation followed by a heap buffer overflow during signature computation. Exploiting this issue would require an application using SymCrypt to perform an XMSS^MT signature using an attacker-controlled parameter set. It is uncommon for applications to allow the use of attacker-controlled parameter sets for signing, since signing is a private key operation, and private keys must be trusted by definition. Additionally, XMSS(^MT) signing should only be performed in a Hardware Security Module (HSM). XMSS(^MT) signing is provided in SymCrypt only for testing purposes. This is a general rule irrespective of this CVE; XMSS(^MT) and other stateful signature schemes are only cryptographically secure when it is guaranteed that the same state cannot be reused for two different signatures, which cannot be guaranteed by software alone. For this reason, XMSS(^MT) signing is also not FIPS approved when performed outside of an HSM. Fixed in version 103.11.0. | |||||
| CVE-2026-27222 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2026-04-15 | N/A | 5.5 MEDIUM |
| Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Divide By Zero vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application or render it unresponsive. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2026-27310 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2026-04-15 | N/A | 7.8 HIGH |
| Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2026-27311 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2026-04-15 | N/A | 7.8 HIGH |
| Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||