Skip to main content
CVE-2026-33825 HIGH POC KEV PATCH THREAT Exploit Likely Act Now

Privilege escalation in Microsoft Defender Antimalware Platform versions before 4.18.26030.3011 allows authenticated local attackers to gain elevated system privileges through insufficiently granular access controls. CVSS 7.8 (High) reflects local attack vector requiring low privileges. EPSS score of 0.04% (12th percentile) indicates low probability of widespread exploitation. Microsoft has released a patched version (4.18.26030.3011) addressing the access control deficiency.

Information Disclosure Microsoft
NVD VulDB GitHub
CVSS 3.1
7.8
EPSS
0.0%
Threat
5.5
CVE-2026-33116 HIGH POC PATCH GHSA Exploit Unlikely This Week

Infinite loop denial-of-service vulnerability in Microsoft .NET Framework (3.5 through 4.8.1), .NET 8.0, 9.0, and 10.0 allows unauthenticated remote attackers to exhaust server resources via specially crafted network requests. The vulnerability (CWE-835) stems from unreachable loop exit conditions in core .NET processing logic, enabling complete service disruption with low attack complexity. Vendor-released patches are available across all affected product lines. No public exploit identified at

Denial Of Service Net 10 0 Net 8 0 Net 9 0 Microsoft Net Framework 3 5 +5
NVD VulDB GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2026-26171 HIGH POC PATCH GHSA Exploit Unlikely This Week

Denial-of-service condition in Microsoft .NET Framework 8.0, 9.0, and 10.0 allows unauthenticated remote attackers to exhaust system resources through network-based uncontrolled resource consumption. Affects .NET 8.0 versions prior to 8.0.26, .NET 9.0 versions prior to 9.0.15, and .NET 10.0 versions prior to 10.0.6. Microsoft has released patches addressing CWE-400 resource exhaustion. No evidence of active exploitation (not listed in CISA KEV) at time of analysis, though the network-accessible, unauthenticated attack vector and low complexity (CVSS AV:N/AC:L/PR:N) present significant availability risk for internet-facing .NET applications.

Denial Of Service Net 10 0 Net 8 0 Net 9 0
NVD VulDB HeroDevs GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2026-33120 HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft SQL Server 2022 (GDR) allows authenticated network attackers to execute arbitrary code with high confidentiality, integrity, and availability impact via untrusted pointer dereference. The vulnerability affects SQL Server 2022 (GDR) versions below 16.0.1175.1, requires low-privilege authenticated access (PR:L), and has low attack complexity (AC:L), making it straightforward to exploit once network access is obtained. Vendor-released patch available (version 16.0.1175.1). No public exploit identified at time of analysis, though the network attack vector and low complexity suggest moderate near-term exploitation risk.

Information Disclosure Microsoft Sql Server 2022 Gdr
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-32171 HIGH PATCH Exploit Unlikely This Week

Azure Logic Apps fails to adequately protect stored credentials, enabling authenticated attackers with network access to escalate privileges and gain unauthorized access to sensitive data. With a CVSS score of 8.8 and low attack complexity (AC:L), this vulnerability poses significant risk to cloud environments where Logic Apps handle integration credentials. Microsoft has released a patch addressing the credential protection weakness. No public exploit identified at time of analysis, though the low complexity suggests straightforward exploitation once authentication is obtained.

Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-26167 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Push Notifications across Windows 10/11 and Server 2016-2025 allows low-privileged authenticated users to gain SYSTEM-level access via race condition exploitation. The vulnerability affects all currently supported Windows versions with confirmed vendor patches available. Attack complexity is low with no user interaction required, enabling straightforward exploitation once local access is obtained. The scope change (S:C) indicates the attacker can impact reso

Information Disclosure Race Condition Microsoft
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-33115 HIGH PATCH NEWS Exploit Unlikely This Week

Memory corruption in Microsoft Office Word enables local code execution through a use-after-free flaw affecting Microsoft 365 Apps for Enterprise and Office LTSC 2021/2024 for Windows and Mac. Despite the local attack vector (AV:L), the vulnerability requires no privileges (PR:N) or user interaction (UI:N), allowing unauthorized attackers to execute arbitrary code with high impact to confidentiality, integrity, and availability (CVSS 8.4). Vendor-released patch available via Microsoft Security Response Center as of April 2026. No public exploit identified at time of analysis, though the technical simplicity (AC:L) and memory corruption primitive increase weaponization risk.

Denial Of Service Use After Free Memory Corruption Microsoft
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-33114 HIGH PATCH NEWS Exploit Unlikely This Week

Microsoft Office Word untrusted pointer dereference (CWE-822) enables local code execution with high impact across Microsoft 365 Apps for Enterprise and Office LTSC 2021/2024 editions (Windows and macOS). The vulnerability requires local access but no privileges or user interaction (CVSS:3.1/AV:L/AC:L/PR:N/UI:N), allowing unauthenticated local attackers to achieve full system compromise. Vendor-released patch available per Microsoft Security Response Center advisory. No public exploit identified at time of analysis. SSVC assessment indicates no confirmed exploitation, non-automatable attack, but total technical impact (full control).

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-32190 HIGH PATCH NEWS Exploit Unlikely This Week

Use-after-free memory corruption in Microsoft Office (versions 2016 through LTSC 2024, including Microsoft 365 Apps for Enterprise) enables local code execution with no authentication or user interaction required. Attackers with local system access can execute arbitrary code with high impact to confidentiality, integrity, and availability (CVSS 8.4). No public exploit identified at time of analysis. Vendor-released patch available via Microsoft Security Response Center for all affected versions.

Denial Of Service Use After Free Memory Corruption Microsoft
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-40323 HIGH PATCH GHSA This Week

Soundness violation in SP1 V6 recursive proof verifier enables malicious provers to construct recursive proofs from invalid shard proofs that native verifiers would reject. The vulnerability affects SP1 zkVM versions 6.0.0 through 6.0.2 (Rust crates sp1_sdk, sp1_recursion_circuit, sp1_prover) and allows forgery of zero-knowledge proofs by exploiting missing consistency checks between commitment-side and evaluation-side trace shape witnesses in the jagged PCS verifier circuit. This permits misrepresentation of circuit structure itself, not just data, undermining the fundamental soundness guarantees of the proof system. No public exploit exists at time of analysis, though the vulnerability was identified through SP1's bug bounty program on Code4rena. CVSS 8.9 reflects high integrity impact to both vulnerable and subsequent system components.

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
8.9
EPSS
0.0%
CVE-2026-32192 HIGH PATCH Exploit Unlikely This Week

Privilege escalation in Azure Monitor Agent versions prior to 1.41.0 exploits insecure deserialization of untrusted data, allowing authenticated local attackers with low privileges to achieve full system compromise (high confidentiality, integrity, and availability impact). CVSS 7.8 severity reflects local attack vector with low complexity and no user interaction required. No public exploit identified at time of analysis, though the vulnerability class (CWE-502) is well-understood and frequently targeted. Microsoft has released patch version 1.41.0 to address this flaw.

Deserialization Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2026-32184 HIGH PATCH Exploit Unlikely This Week

Deserialization of untrusted data in Microsoft HPC Pack 2019 enables authenticated local attackers to escalate privileges to SYSTEM level. Affects all versions below 6.3.8355. Vendor-released patch available via Microsoft Security Response Center. CVSS 7.8 reflects high impact (complete system compromise) with low attack complexity requiring only low-level authenticated access. No public exploit identified at time of analysis, though CWE-502 deserialization flaws are well-understood and commonly weaponized once technical details emerge.

Deserialization Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2026-24893 HIGH PATCH This Week

Remote code execution in openITCOCKPIT Community Edition (versions prior to 5.5.2) allows authenticated users with host management permissions to execute arbitrary OS commands on the monitoring backend via command injection in host address fields. The vulnerability stems from unsanitized user input being expanded into Nagios/Icinga monitoring command templates and executed via shell, enabling full system compromise. CVSS score of 8.8 reflects network-accessible attack with low complexity requiring only low-privilege authentication. No public exploit identified at time of analysis, with EPSS data unavailable for this recently disclosed CVE.

Command Injection RCE Openitcockpit
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-26178 HIGH PATCH Exploit Unlikely This Week

Integer size truncation in Windows Advanced Rasterization Platform (WARP) enables unauthenticated remote attackers to achieve code execution with elevated privileges across Windows 10, 11, and Server editions by persuading users to interact with malicious content. Microsoft has released security updates addressing this vulnerability across all supported Windows versions. No public exploit identified at time of analysis, though the unauthenticated remote attack vector (CVSS AV:N/PR:N) combined wi

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-32157 HIGH PATCH NEWS Exploit Unlikely This Week

Remote code execution in Microsoft Remote Desktop Client for Windows allows unauthenticated network attackers to execute arbitrary code by delivering a malicious connection file or server response, requiring user interaction. This use-after-free vulnerability (CWE-416) affects Windows 10 (versions 1607-22H2), Windows 11 (22H3-26H1), Windows Server (2012-2025), and standalone Remote Desktop client versions below 2.0.1070.0. With CVSS 8.8 (network-accessible, no authentication required, low comple

Denial Of Service Use After Free Memory Corruption Remote Desktop Client For Windows Desktop
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-35196 HIGH PATCH This Week

OS command injection in Chamilo LMS prior to 2.0.0-RC.3 allows authenticated attackers to execute arbitrary system commands via session poisoning of the course ID parameter. Attackers with low-privilege accounts can manipulate the $_SESSION['_cid'] variable to inject shell metacharacters into shell_exec() calls in the gradebook certificate export functionality, achieving full system compromise. CVSS 8.8 (High) with network attack vector and low complexity. No public exploit identified at time of analysis, though technical details are disclosed in the GitHub advisory. EPSS data not available for this recent CVE.

PHP Command Injection
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-26143 HIGH PATCH Exploit Unlikely This Week

Authentication bypass in Microsoft PowerShell 7.4 (versions prior to 7.4.14) and 7.5 (versions prior to 7.5.5) allows local attackers to bypass security features through improper input validation. The vulnerability requires user interaction but no authentication (PR:N), enabling attackers to achieve high impact across confidentiality, integrity, and availability. Microsoft has released patches addressing this security feature bypass. EPSS data not available; no confirmed active exploitation (CISA KEV) identified at time of analysis.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-23657 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office Word via use-after-free memory corruption affects Microsoft 365 Apps for Enterprise and Office LTSC 2024. Unauthenticated attackers can achieve full system compromise (confidentiality, integrity, availability) by inducing users to open specially crafted Word documents, triggering memory reuse vulnerabilities during document parsing. Vendor patch available via Microsoft Security Response Center. No public exploit identified at time of analysis, though CVSS 7.8 indicates high severity when user interaction occurs.

Denial Of Service Use After Free Memory Corruption Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-32225 HIGH PATCH Exploit Likely This Week

Windows Shell security feature bypass enables unauthenticated remote attackers to defeat protection mechanisms across all supported Windows client and server versions (Windows 10 1607 through Windows 11 26H1, Server 2012 through Server 2025) via network-based attack requiring user interaction. The CVSS 8.8 rating reflects complete compromise potential (high confidentiality, integrity, and availability impact) despite low attack complexity. Microsoft has released patches addressing this authentic

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-39815 HIGH This Week

SQL injection in Fortinet FortiDDoS-F 7.2.1-7.2.2 allows authenticated remote attackers to execute unauthorized code or commands with high impact to confidentiality, integrity, and availability. The vulnerability resides in the web management interface and requires low attack complexity with no user interaction. No public exploit identified at time of analysis, with EPSS data not yet available for this recently disclosed CVE.

Fortinet SQLi
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-32168 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Azure Monitor Agent versions prior to 1.35.9 enables authenticated users to gain elevated system privileges through improper input validation flaws. The vulnerability requires low attack complexity and no user interaction, allowing low-privileged attackers with local access to achieve complete system compromise (high confidentiality, integrity, and availability impact). EPSS data not available; no public exploit identified at time of analysis; SSVC framework indicates total technical impact but no active exploitation and non-automatable exploitation vector.

Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-26163 HIGH PATCH Exploit Unlikely This Week

Windows Kernel double free vulnerability enables local privilege escalation across Windows 10, 11, and Server editions when exploited by authenticated users with low-level privileges. The CWE-415 flaw affects all currently supported Windows versions from legacy Windows Server 2012 R2 through the latest Windows 11 26H1 and Windows Server 2025 builds. With CVSS 7.8 (AV:L/AC:L/PR:L), the vulnerability requires only local access and low-privilege authentication, making it valuable for second-stage a

Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-26180 HIGH PATCH Exploit Unlikely This Week

Heap-based buffer overflow in the Windows Kernel enables local privilege escalation to SYSTEM on Windows 10 (versions 1607 through 22H2), Windows 11 (versions 22H3 through 26H1), and Windows Server (2012 through 2025). Authenticated local attackers with low privileges can exploit this memory corruption vulnerability to gain complete system control. Microsoft has released patches addressing 21 affected product versions. No public exploit identified at time of analysis, though the local attack vec

Heap Overflow Buffer Overflow Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-26179 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Kernel via double free vulnerability enables low-privileged authenticated users to gain SYSTEM-level access across Windows 11 (versions 22H3 through 26H1) and Windows Server 2022/2025. The vulnerability requires local access and low privileges (PR:L) but presents low attack complexity (AC:L) with no user interaction required. Vendor-released patches are available for all affected versions. No public exploit identified at time of analysis, though the straightforward attack complexity and severe impact make this a priority for patching in enterprise environments.

Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-32200 HIGH PATCH Exploit Unlikely This Week

Use-after-free memory corruption in Microsoft PowerPoint (versions 2016, 2019, LTSC 2021, LTSC 2024, and Microsoft 365 Apps for Enterprise) enables local code execution when users open malicious files. An attacker with no privileges can achieve full system compromise (high confidentiality, integrity, and availability impact) by convincing a user to open a crafted PowerPoint document. Vendor patch available via Microsoft Security Response Center. No public exploit code or confirmed active exploitation (CISA KEV) identified at time of analysis, though CVSS 7.8 rating reflects high severity for local attack scenarios.

Denial Of Service Use After Free Memory Corruption Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-32199 HIGH PATCH Exploit Unlikely This Week

Microsoft Excel use-after-free vulnerability (CWE-416) enables arbitrary code execution when a user opens a specially crafted Excel file. Affects Microsoft 365 Apps for Enterprise, Excel 2016, Office 2019, Office LTSC 2021/2024 (Windows and Mac), and Office Online Server. CVSS 7.8 (High) requires local access and user interaction but no authentication. No public exploit identified at time of analysis. Microsoft released patches addressing all affected product lines per MSRC update guide.

Denial Of Service Use After Free Memory Corruption Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-32198 HIGH PATCH Exploit Unlikely This Week

Use-after-free vulnerability in Microsoft Office Excel enables local code execution when users open maliciously crafted Excel files. Affects all major Office versions including Microsoft 365 Apps for Enterprise, Excel 2016, Office 2019, Office LTSC 2021/2024 (Windows and Mac), and Office Online Server. Attack requires no authentication (PR:N) but demands user interaction (opening a weaponized document). CVSS 7.8 (High) reflects significant impact potential (code execution with high confidentiali

Denial Of Service Use After Free Memory Corruption Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-32197 HIGH PATCH Exploit Unlikely This Week

Use-after-free memory corruption in Microsoft Excel across Office 2016-2024 and Microsoft 365 enables local code execution when a user opens a malicious spreadsheet. Attackers must craft a weaponized Excel file and trick users into opening it, after which arbitrary code runs with the victim's privileges. No authentication is required, though user interaction is necessary. Exploitation probability remains moderate (CVSS 7.8) with no confirmed active exploitation (no CISA KEV listing) and no publi

Denial Of Service Use After Free Memory Corruption Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-33095 HIGH PATCH Exploit Unlikely This Week

Use-after-free memory corruption in Microsoft Office Word enables local code execution with high privileges when victims open malicious documents. Affects Microsoft 365 Apps for Enterprise and Office LTSC 2021/2024 for Windows and Mac (versions below 16.108.26041219 for Mac; click-to-run editions require latest security updates). CVSS 7.8 reflects local attack vector requiring user interaction, but exploitation grants complete system compromise (confidentiality, integrity, availability all rated High). No public exploit identified at time of analysis, though use-after-free vulnerabilities are well-understood exploitation primitives. Vendor-released patch available through Microsoft security updates.

Denial Of Service Use After Free Memory Corruption Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-32189 HIGH PATCH Exploit Unlikely This Week

Microsoft Excel memory corruption via use-after-free enables arbitrary code execution when victims open malicious spreadsheet files. This vulnerability affects all major Office deployments including Microsoft 365 Apps for Enterprise, Excel 2016, Office 2019, and Office LTSC 2021/2024 for both Windows and macOS, as well as Office Online Server. Attackers require user interaction to open a crafted file, but no authentication is needed (CVSS PR:N), making this exploitable through phishing or file-sharing attacks. Vendor patches are available through Microsoft Security Response Center. No public exploit or active exploitation confirmed at time of analysis, though the straightforward attack vector (local file + user click) and high impact (code execution with full system privileges) warrant prompt patching.

Denial Of Service Use After Free Memory Corruption Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-27914 HIGH PATCH Exploit Likely This Week

Microsoft Management Console privilege escalation affects all supported Windows versions (10, 11, Server 2012-2025) via improper access control, allowing authenticated local users to gain SYSTEM-level privileges. CVSS 7.8 (High) reflects significant impact with low attack complexity requiring only low-level user credentials. Vendor-released patches available across all affected platforms through Microsoft's May 2025 update cycle. No public exploit identified at time of analysis, though the authe

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-26172 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Push Notifications service affects Windows 10 21H2/22H2, Windows 11 22H3-26H1, and Windows Server 2022/2025 via race condition vulnerability. Authenticated low-privilege attackers can gain SYSTEM-level privileges through improper synchronization during concurrent operations (CWE-362). CVSS 7.8 (High) with high attack complexity (AC:H) and scope change (S:C). No public exploit identified at time of analysis. Microsoft released patches in January 2026 security

Information Disclosure Race Condition Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-40261 HIGH PATCH GHSA This Week

Command injection in Composer's Perforce integration allows remote code execution when installing packages from malicious repositories. The vulnerability exists in versions before 2.2.27 and 2.9.6, affecting all users who install dependencies from source (--prefer-source or dev versions) regardless of whether Perforce is installed. Attackers can inject shell commands through crafted source references or connection parameters in package metadata served by compromised Composer repositories. CVSS 8.8 (High) with network attack vector, low complexity, and no authentication required (though user interaction is needed). No confirmed active exploitation (CISA KEV), but publicly available exploit code exists per GitHub advisory disclosure.

Command Injection
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-27910 HIGH PATCH Exploit Unlikely This Week

Windows Installer privilege escalation via improper permission handling enables authenticated local users to gain SYSTEM-level access across all supported Windows 10, 11, and Server platforms (2012-2025). The vulnerability (CWE-280: Improper Handling of Insufficient Privileges) requires low-privilege local access but offers complete system compromise with low attack complexity. CVSS 7.8 High severity reflects full confidentiality, integrity, and availability impact. Vendor-released patches are a

Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-40291 HIGH PATCH This Week

{id} endpoint to assign themselves ROLE_ADMIN privileges, bypassing intended access controls. The vulnerability stems from inadequate authorization checks that verify only record ownership without restricting modification of security-critical fields. With CVSS 8.8 (High) and low attack complexity requiring only basic authentication, this represents a critical access control failure in educational platforms. No public exploit code or active exploitation (CISA KEV) identified at time of analysis, though the straightforward attack vector makes exploitation trivial for malicious insiders.

Privilege Escalation Chamilo Lms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-32160 HIGH PATCH This Week

Local privilege escalation in Windows Push Notifications service affects Windows 10 (1809-22H2), Windows 11 (22H3-26H1), and Windows Server 2019-2025 via race condition in shared resource synchronization. Low-privileged authenticated users can exploit timing vulnerabilities in notification handling to elevate to SYSTEM-level privileges with high confidentiality, integrity, and availability impact (scope change to other security contexts). CVSS 7.8 (high complexity, local vector). Vendor-released

Information Disclosure Race Condition Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-32159 HIGH PATCH Exploit Unlikely This Week

Privilege escalation in Windows Push Notifications service affects all supported Windows 10, 11, and Server versions through a race condition that allows low-privileged authenticated users to gain SYSTEM-level access. The vulnerability (CWE-362) stems from improper synchronization when multiple threads access shared resources in the notification subsystem. Attack complexity is high (AC:H), requiring precise timing to win the race, but successful exploitation grants complete system compromise wit

Information Disclosure Race Condition Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-32158 HIGH PATCH This Week

Privilege escalation in Windows Push Notifications service across Windows 10, 11, and Server versions (1809 through 26H1) allows low-privileged local attackers to gain SYSTEM-level access via race condition exploitation. The vulnerability stems from improper synchronization when multiple threads access shared resources in the notification framework, enabling scope escape from user context to elevated privileges. Vendor-released patches are available for all affected versions. No public exploit i

Information Disclosure Race Condition Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-38529 HIGH GHSA This Week

Authenticated attackers can reset arbitrary user passwords in Webkul Krayin CRM v2.2.x through a Broken Object-Level Authorization (BOLA) vulnerability in the /Settings/UserController.php endpoint, enabling full account takeover of any user account. The attack requires low-privilege authentication (PR:L) and is exploitable remotely with low complexity (AV:N/AC:L), presenting an 8.8 CVSS severity with high impact to confidentiality, integrity, and availability. EPSS data not available; no CISA KEV listing identified; publicly available exploit code exists per researcher disclosure.

PHP Privilege Escalation
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-27928 HIGH PATCH Exploit Unlikely This Week

Windows Hello authentication bypass on Server 2016-2025 allows unauthenticated remote attackers to circumvent biometric/PIN security mechanisms over a network despite high attack complexity. CVSS 8.7 (Critical) with scope change indicates potential lateral movement from compromised Hello authentication into broader Windows security context. Vendor-released patches available for all affected versions (builds 10.0.14393.9060, 10.0.17763.8644, 10.0.20348.5020, 10.0.25398.2274, 10.0.26100.32690). No confirmed active exploitation (CISA KEV) or public exploit code identified at time of analysis, though VulDB tracking suggests security community awareness.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
8.7
EPSS
0.1%
CVE-2026-40248 HIGH GHSA This Week

Unauthenticated attackers with network access to the free5GC UDR service's 5G Service Based Interface can create or overwrite Traffic Influence Subscriptions due to missing return statement after path validation. The vulnerability affects free5GC UDR versions prior to the patch (commit in GHSA-jgq2-qv8v-5cmj), allowing arbitrary subscription injection with attacker-controlled notification URIs and SUPI values while receiving misleading 404 responses. Public exploit code exists in the form of a d

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-40247 HIGH GHSA This Week

Unauthenticated information disclosure in free5GC UDR service allows remote attackers to retrieve sensitive Traffic Influence Subscription data through improper path validation. Due to a missing return statement after sending HTTP 404 responses, attackers can read subscription records containing subscriber IMSIs, network slice identifiers, and callback URIs without authentication by supplying arbitrary path values. EPSS score of 0.06% suggests low widespread exploitation probability, though the vulnerability requires only network access to the 5G Service Based Interface with no authentication or user interaction (CVSS:4.0 AV:N/AC:L/PR:N/UI:N). Publicly available exploit code exists in the original disclosure.

Authentication Bypass Information Disclosure
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-40246 HIGH GHSA This Week

Unauthenticated deletion of Traffic Influence Subscriptions in free5GC UDR service (GitHub package free5gc/udr) allows remote attackers to disrupt 5G policy notification workflows by exploiting a missing return statement after path validation. The vulnerability affects any free5GC deployment where the 5G Service Based Interface (SBI) is network-accessible to untrusted parties. Public exploit code exists demonstrating deletion via crafted DELETE requests to invalid API paths. EPSS score of 0.06% (19th percentile) suggests low widespread exploitation probability, though the attack requires only network access and no authentication (AV:N/PR:N), making it trivially exploitable in misconfigured deployments.

Authentication Bypass
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-25654 HIGH CISA This Week

SINEC NMS versions prior to V4.0 SP3 allow authenticated remote attackers to reset any user account password due to improper authorization validation (CWE-639). An attacker with low-privilege credentials can escalate to administrative access by resetting privileged user passwords, enabling complete system compromise with high impact to confidentiality, integrity, and availability (CVSS 8.8). No public exploit code identified at time of analysis, though the network attack vector (AV:N) and low complexity (AC:L) increase exploitation feasibility for authenticated attackers.

Authentication Bypass Sinec Nms
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-40876 HIGH PATCH GHSA This Week

Authenticated SFTP users in goshs (a Go-based HTTP/SFTP file server) can read and write files outside the configured SFTP root directory via a path validation bypass. The vulnerability affects the SFTP subsystem in goshs beta.4 and earlier v2.x versions, exploiting a flawed string-prefix check that treats sibling directories (e.g., /tmp/goshsroot_evil) as valid when the configured root is /tmp/goshsroot. Public exploit code exists with video demonstrations showing complete jail escape, allowing authenticated attackers to list directories, download sensitive files, create arbitrary directories, and upload malicious content outside the intended boundary. Fix released in goshs v2.0.0 per vendor advisory GHSA-5h6h-7rc9-3824.

File Upload Path Traversal
NVD GitHub
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-34617 HIGH This Week

Cross-site scripting (XSS) in Adobe Connect versions 12.10 and earlier, including the 2025.3 release line, enables privilege escalation when low-privileged authenticated users trick victims into visiting malicious URLs. The changed scope (CVSS S:C) indicates the vulnerability can affect resources beyond the vulnerable application's security context. EPSS data not available; no evidence of active exploitation (not in CISA KEV) or public exploit code at time of analysis. Requires user interaction (UI:R) but has low attack complexity (AC:L) and network-based attack vector (AV:N), making social engineering campaigns feasible.

Privilege Escalation XSS Adobe
NVD
CVSS 3.1
8.7
EPSS
0.0%
CVE-2026-27668 HIGH CISA This Week

Privilege escalation in Siemens RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) versions prior to V5.8 allows authenticated User Administrators to escalate their own privileges through improper group administration controls. Authenticated attackers with low-privilege User Administrator credentials can exploit flawed group membership logic to grant themselves unrestricted access to any device group at any access level, achieving full administrative control over critical industrial infrastructure. CVSS 8.8 (High) reflects network-accessible attack vector with low complexity and no user interaction required. No public exploit identified at time of analysis, though the attack path is straightforward for authenticated insiders.

Privilege Escalation Ruggedcom Crossbow Secure Access Manager Primary Sam P
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-27305 HIGH This Week

Path traversal in Adobe ColdFusion 2023.18, 2025.6 and earlier enables unauthenticated remote attackers to read arbitrary files from the server file system without user interaction. The vulnerability carries a CVSS score of 8.6 (High) due to network accessibility, low complexity, and scope change, allowing access to sensitive files and directories beyond intended boundaries. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis, though the lack of authentication requirements and low attack complexity suggest elevated risk for publicly accessible ColdFusion instances.

Path Traversal Coldfusion
NVD VulDB
CVSS 3.1
8.6
EPSS
0.1%
CVE-2026-34622 HIGH This Week

Prototype pollution in Adobe Acrobat Reader allows arbitrary code execution when victims open malicious PDF files. Affects Acrobat Reader versions through 26.001.21411, 24.001.30360, and 24.001.30362. Attack requires local file access with user interaction (CVSS AV:L/UI:R) but achieves scope change and full CIA impact (S:C/C:H/I:H/A:H), yielding CVSS 8.6. No public exploit identified at time of analysis. Vendor advisory available from Adobe (APSB26-44). EPSS data not provided; exploitation status limited to user-interaction-dependent local attack vector.

Prototype Pollution Adobe RCE
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2026-34160 HIGH PATCH This Week

Unauthenticated Server-Side Request Forgery (SSRF) in Chamilo LMS versions prior to 2.0.0-RC.3 allows remote attackers to access internal network services and cloud metadata endpoints via unfiltered package-url parameter in the PENS plugin. Attackers can steal AWS IAM credentials from 169.254.169.254, probe internal infrastructure, and trigger state-changing operations on internal services without requiring authentication. CVSS 8.6 (High) with Changed Scope reflects the ability to pivot from the LMS to other internal systems. No public exploit identified at time of analysis, though the attack vector is straightforward requiring only HTTP requests to the exposed endpoint.

Authentication Bypass PHP SSRF Microsoft
NVD GitHub
CVSS 3.1
8.6
EPSS
0.1%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy