Stored CSV formula injection in FacturaScripts (all versions through 2026.1) lets an authenticated low-privilege user plant spreadsheet formula payloads in ordinary text fields (customer/supplier/product names, contacts) that execute when an administrator opens a routine list export. Because Core/Lib/Export/CSVExport.php::writeData() wraps values without neutralising leading =,+,-,@,tab, or carriage-return characters, and Tools::noHtml() only strips HTML metacharacters, the payload reaches the CSV verbatim and Excel/LibreOffice run it (including DDE process spawning) in the admin's OS context. A live PoC was verified on 2026-04-30, so publicly available exploit code exists, though there is no active exploitation confirmed (not in CISA KEV).
Privilege escalation in Microsoft Windows DHCP Server (across Windows Server 2012 through 2025 and Windows 10 1607/1809) allows an authenticated attacker on an adjacent network to elevate privileges by triggering a heap-based buffer overflow (CWE-122). Exploitation yields full confidentiality, integrity, and availability impact (C:H/I:H/A:H) on the affected server, effectively giving the attacker high-privilege control of the DHCP service host. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV.
Elevation of privilege in the Microsoft Windows RPC API lets an unauthenticated attacker on an adjacent network gain higher privileges by exploiting an improper authentication weakness (CWE-287), provided a user is lured into an interaction. The flaw spans a broad range of client and server builds from Windows Server 2012 through Windows Server 2025 and Windows 10 1607 through Windows 11 26H1. No public exploit identified at time of analysis; the issue was reported by Microsoft, which has released a fix.
Arbitrary code execution in Adobe Animate 2023 and 2024 arises from an untrusted search path (CWE-426) flaw that lets a malicious file, when opened by a victim, load attacker-controlled code in the context of the current user. The issue was reported by Adobe (advisory APSB26-83), requires user interaction, and carries a CVSS 3.1 base score of 7.9 with a changed scope. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Local privilege escalation in Microsoft Windows Narrator (the built-in screen reader) arises from improper neutralization of special elements in its Braille support component, allowing an already-authenticated local attacker (PR:L) to inject and execute OS commands that run with elevated privileges. All supported Windows client and server builds from Windows 10 1809 through Windows 11 26H1 and Windows Server 2019-2025 are affected, and Microsoft has released a patch. There is no public exploit identified at time of analysis and the CVE is not in CISA KEV, so exploitation is not confirmed as active.
Local code execution in Windows Media on Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 lets an attacker run arbitrary code by luring a user into opening a maliciously crafted media file. The CVSS 3.1 base score is 7.8 with full confidentiality, integrity, and availability impact but requiring user interaction, and there is no public exploit identified at time of analysis. Microsoft has released a patch via MSRC.
Local code execution in Microsoft Windows Terminal (shipped on Windows 10 21H2/22H2, Windows 11 24H2/25H2/26H1, and Windows Server 2022/2025) arises from an integer overflow (CWE-190) that an unauthorized attacker can trigger, but only after luring a logged-on user into interacting with malicious content. There is no public exploit identified at time of analysis and the flaw is not in CISA KEV, so this is a defense-in-depth patch rather than an emergency, though the CVSS 7.8 reflects full confidentiality, integrity, and availability impact once triggered. Microsoft has released a patch via the MSRC update guide.
Local code execution in Microsoft Windows NTFS driver (heap-based buffer overflow, CWE-122) allows an attacker to run arbitrary code with the privileges of the exploited context. The flaw affects a broad range of Windows client and server releases from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025. CVSS 7.8 with high confidentiality, integrity, and availability impact; exploitation requires local access and user interaction, and there is no public exploit identified at time of analysis.
Local privilege escalation in Windows User Interface Core (UI Core) affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a relative path traversal flaw lets an already-authenticated low-privileged user escalate to higher privileges on the local machine. The CVSS 3.1 score of 7.8 reflects full confidentiality, integrity, and availability impact once triggered, though attack requires local access and existing low-level privileges. Reported by Microsoft with a patch available; no public exploit identified at time of analysis and it is not listed in CISA KEV.
Local code execution in Microsoft Office Excel (spanning Excel 2016, Office 2019, Office LTSC 2021/2024, Microsoft 365 Apps for Enterprise, the macOS builds, and Office Online Server) arises from an out-of-bounds read (CWE-125) that an attacker triggers by convincing a user to open a maliciously crafted workbook. The CVSS 3.1 base score is 7.8 with high confidentiality, integrity, and availability impact, but exploitation requires user interaction (opening the file) and no active exploitation or public proof-of-concept has been reported. There is no public exploit identified at time of analysis; Microsoft has released a patch via its Security Update Guide.
Local code execution in Microsoft Excel (Office 2016 through LTSC 2024, Microsoft 365 Apps, and Mac editions) allows an attacker to run arbitrary code by tricking a user into opening a maliciously crafted spreadsheet that triggers a type-confusion condition in Excel's file parser. The CVSS 3.1 score is 7.8 (High) with the local vector reflecting file-open exploitation rather than remote-network access, and success requires user interaction. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Local code execution in Microsoft Office Excel (across Microsoft 365 Apps for Enterprise, Office 2019, Office LTSC 2021/2024, and their macOS equivalents) arises from a use-after-free (CWE-416) memory-corruption flaw triggered when a user opens a maliciously crafted spreadsheet. The CVSS vector (AV:L/AC:L/PR:N/UI:R) indicates an unauthenticated attacker can achieve full confidentiality, integrity, and availability impact but requires the victim to open a file, making it a classic phishing-delivered client-side bug. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, though Excel memory-corruption bugs are historically attractive targets.
Local code execution in Windows GDI+ (the Graphics Device Interface Plus rendering component) affects a broad range of Microsoft Windows client and server releases from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025. An attacker who convinces a user to open or preview a specially crafted image or document triggers a heap-based buffer overflow (CWE-122) during graphics parsing, yielding arbitrary code execution in the context of the current user. The CVSS 3.1 base score is 7.8 (AV:L/AC:L/PR:N/UI:R); there is no public exploit identified at time of analysis and it is not listed in CISA KEV, but GDI+ image-parsing flaws are historically attractive to attackers.
Local privilege escalation in the Windows File History Service lets an authenticated, low-privileged attacker corrupt a stack buffer (CWE-121) to run code with elevated (SYSTEM-level) privileges on affected Windows client and server releases. The flaw spans a broad range of supported editions from Windows 10 1607 through Windows 11 26H1 and Windows Server 2016 through 2025, including Server Core installations. No public exploit was identified at time of analysis, and the CVE is not listed in CISA KEV.
Local code execution in the Microsoft Windows NTFS file-system driver lets an attacker run arbitrary code by inducing a victim to interact with a specially crafted NTFS artifact (e.g., a malicious volume, VHD, or file). The flaw stems from an integer underflow (CWE-191) and spans a broad range of Windows client and server builds from Windows Server 2012 through Windows Server 2025 and Windows 10/11. Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Local code execution in the Windows NTFS driver (CVE-2026-49797) allows an attacker with local access to run arbitrary code by tricking a user into interacting with a maliciously crafted NTFS artifact, exploiting a heap-based buffer overflow (CWE-122). The flaw affects a broad range of Windows client and server releases from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. Microsoft has released a patch; no public exploit identified at time of analysis and it is not listed in CISA KEV.
Heap-based buffer overflow in Universal Plug and Play (upnp.dll) allows an authorized attacker to elevate privileges locally.
Local code execution in the Windows Media component of Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 allows an authenticated local attacker to run arbitrary code by triggering a heap-based buffer overflow. Successful exploitation yields high confidentiality, integrity, and availability impact within the current security context, and Microsoft has released a patch. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV.
Local code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, 365 Apps for Enterprise, and Office for Mac) arises from a heap-based buffer overflow (CWE-122) that an attacker triggers by getting a victim to open a maliciously crafted Office document. Rated CVSS 7.8 with high impact to confidentiality, integrity, and availability, exploitation requires user interaction but no prior authentication or privileges. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV, but Microsoft has released a patch via the MSRC update guide.
Local code execution in Microsoft Office (Microsoft 365 Apps, Office 2016/2019, LTSC 2021/2024, and Office for Mac) arises from a heap-based buffer overflow (CWE-122) that an attacker triggers by convincing a user to open a maliciously crafted document. The CVSS 3.1 score is 7.8 (AV:L/AC:L/PR:N/UI:R) with high impact to confidentiality, integrity, and availability, meaning code runs in the context of the current user. No public exploit identified at time of analysis, and it is not listed in CISA KEV; a vendor patch is available via MSRC.
Local code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, Microsoft 365 Apps for Enterprise, and Office for Mac) arises from a heap-based buffer overflow (CWE-122) triggered when a user opens a maliciously crafted document. Rated CVSS 7.8 (AV:L/UI:R), an attacker who convinces a victim to open a weaponized file can run arbitrary code in the context of the current user. Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Local arbitrary code execution in Microsoft Office (Microsoft 365 Apps for Enterprise, Office 2016/2019, Office LTSC 2021/2024, and their macOS equivalents) arises from a heap-based buffer overflow (CWE-122) that an attacker triggers by convincing a user to open a maliciously crafted Office document. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R) shows the flaw requires user interaction but no prior privileges, yielding full high-impact compromise of confidentiality, integrity, and availability in the user's context. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, so exploitation status is not currently confirmed.
Local code execution in Microsoft Office OneNote (Microsoft 365 Apps for Enterprise and Office for Mac editions) arises from a heap-based buffer overflow (CWE-122) that lets an attacker run arbitrary code in the context of the current user when a victim opens a maliciously crafted OneNote file. The CVSS 3.1 score is 7.8 with a local attack vector requiring user interaction (AV:L/UI:R), and impact is total across confidentiality, integrity, and availability. There is no public exploit identified at time of analysis, and CISA SSVC lists exploitation status as none.
Local code execution in Microsoft Excel (including Microsoft 365 Apps, Office 2016/2019, Office LTSC 2021/2024, and Office for Mac) arises from a heap-based buffer overflow (CWE-122) triggered when a victim opens a maliciously crafted spreadsheet, letting an attacker run arbitrary code in the user's context. The CVSS 3.1 score is 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), reflecting that exploitation needs user interaction but no prior privileges once the file is opened. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; Microsoft has released a patch.
Local code execution in the Microsoft Graphics Component affects a broad range of supported Windows client and server releases (Windows 10 1607 through Windows 11 26H1, and Windows Server 2012 through Server 2025). An attacker who convinces a user to open a specially crafted file or content triggers an out-of-bounds read (CWE-125) that Microsoft rates as enabling code execution with high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; exploitation requires local access plus user interaction, making it a standard patch-cycle priority rather than an emergency.
Local privilege escalation in Microsoft's NAT Helper Components (ipnathlp.dll), the driver behind Internet Connection Sharing and NAT translation on Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025. An authenticated attacker who already has low-privilege access can exploit a use-after-free memory corruption bug to run code at higher privilege (SYSTEM). No public exploit identified at time of analysis, and it is not listed in CISA KEV, but Microsoft has released a patch.
Local privilege escalation in the Microsoft Windows Kernel allows an authenticated attacker to elevate to SYSTEM by triggering an integer overflow (CWE-190) in a kernel code path. The flaw affects a broad range of supported Windows client and server releases (Windows 10 1607 through Windows 11 26H1, and Windows Server 2012 through Server 2025). Reported by Microsoft with a vendor patch available; no public exploit identified at time of analysis and no EPSS or KEV data supplied.
Local privilege escalation in the Microsoft Windows Kernel allows an authenticated attacker to elevate to SYSTEM by exploiting a use-after-free (CWE-416) memory corruption condition, spanning Windows 10 (1607 through 22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2016 through 2025. Reported by Microsoft with a CVSS 3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N), the flaw grants full confidentiality, integrity, and availability impact on the local system. No public exploit identified at time of analysis, and it is not listed in CISA KEV; a vendor patch is available.
Local privilege escalation in the Microsoft Windows Kernel (CWE-416 use-after-free) lets an already-authenticated low-privilege user corrupt kernel memory and gain SYSTEM-level control across a broad range of Windows 10, Windows 11, and Windows Server 2016 through 2025 builds. Microsoft self-reported the flaw and has shipped a patch through the Update Guide; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. With CVSS 7.8 (AV:L/PR:L) it is a classic Patch-Tuesday local EoP suitable as a second-stage primitive after initial access.
Local privilege escalation in the Microsoft Windows USB Hub Driver allows an authenticated low-privileged user to elevate to SYSTEM by triggering an untrusted pointer dereference (CWE-822), affecting Windows 10 (1809/21H2/22H2) and Windows Server 2019 through 2025. Successful exploitation yields full confidentiality, integrity, and availability impact on the local host. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV, but Microsoft has released a patch.
Local privilege escalation in the Microsoft Windows Kernel lets an authenticated attacker who already has low-privileged code execution on a host elevate to SYSTEM by exploiting a use-after-free (CWE-416) memory corruption. It affects a broad range of supported Windows client and server builds - Windows 10 (1809/21H2/22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2019/2022/2025 - and Microsoft has released a patch. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, so exploitation appears unproven publicly despite the reliably-exploitable nature of kernel UAF flaws.
Local privilege escalation in the Windows Connected User Experiences and Telemetry service (DiagTrack) lets an already-authenticated user run arbitrary code with SYSTEM-level rights by triggering a CWE-843 type-confusion condition. The flaw affects a broad range of currently-supported Windows client and server builds, from Windows 10 1607 through Windows 11 26H1 and Windows Server 2016 through 2025. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.
Local privilege escalation in Windows Image Acquisition (WIA) affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a NULL pointer dereference can be leveraged by an already-authenticated local user to elevate privileges. Microsoft rates it 7.8 (High) with full confidentiality, integrity, and availability impact despite the flaw class typically causing denial of service. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.
Local privilege escalation in the Windows Unified Consent System (UCS) lets an already-authenticated attacker exploit a use-after-free memory-corruption flaw (CWE-416) to gain higher privileges, potentially up to SYSTEM. It affects a broad range of current Windows client and server builds including Windows 10 21H2/22H2, Windows 11 24H2/25H2/26H1, and Windows Server 2025. Reported by Microsoft with a CVSS 3.1 base score of 7.8; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Arbitrary code execution in Microsoft Office Excel arises from a use-after-free (CWE-416) memory-corruption flaw affecting Microsoft 365 Apps for Enterprise, Office 2019, Office LTSC 2021/2024, Office for Mac, and Office Online Server. The CVSS 3.1 vector (AV:L/UI:R) makes this a user-interaction-dependent, locally-scoped issue: a victim must open a maliciously crafted Excel workbook, after which the attacker gains code execution in the user's security context. No public exploit is identified at time of analysis and it is not listed in CISA KEV, but a vendor patch is available.
Arbitrary code execution in Microsoft Office Excel arises from a heap-based buffer overflow (CWE-122) that an attacker triggers when a victim opens a maliciously crafted spreadsheet, running code in the security context of the current user. The flaw spans a broad Office footprint including Microsoft 365 Apps for Enterprise, Excel 2016, Office 2019, Office LTSC 2021/2024, the macOS Office editions, and Office Online Server. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; the CVSS 7.8 rating reflects high impact gated by required user interaction.
Local code execution in Microsoft Excel arises from a heap-based buffer overflow (CWE-122) that an attacker triggers by luring a victim into opening a maliciously crafted spreadsheet, yielding attacker code in the user's security context. It affects a broad Office family including Microsoft 365 Apps for Enterprise, Excel 2016, Office 2019, Office LTSC 2021/2024, the macOS editions, and Office Online Server. The CVSS 3.1 base score is 7.8 and the vector requires user interaction (UI:R); there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Local code execution in Microsoft Office Excel (Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, Office for Mac, Office Online Server) arises from an out-of-bounds read (CWE-125) that an attacker weaponizes by luring a victim into opening a crafted spreadsheet, yielding code execution in the user's security context. The flaw carries a CVSS 7.8 (AV:L/AC:L/PR:N/UI:R) and requires no privileges but does require user interaction. Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Arbitrary code execution in Microsoft Excel (spanning Microsoft 365 Apps, Office 2016/2019, Office LTSC 2021/2024, Office for Mac, and Office Online Server) allows an unauthorized attacker to run code in the victim's context by tricking them into opening a maliciously crafted spreadsheet. The flaw is a heap-based buffer overflow (CWE-122) that executes with the local user's privileges once the file is opened. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.
Local code execution in Microsoft Excel (Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, Office for Mac, and Office Online Server) arises from an out-of-bounds read (CWE-125) triggered when a victim opens a maliciously crafted spreadsheet. CVSS 7.8 with high impact to confidentiality, integrity, and availability; no public exploit identified at time of analysis. Exploitation requires user interaction (opening the file) but no prior authentication or privileges on the target beyond the ability to induce the user to open the document.
Local arbitrary code execution in Microsoft Excel arises from a buffer over-read (CWE-126) triggered when a victim opens a maliciously crafted spreadsheet, letting an attacker run code in the context of the current user. The flaw spans Office 2016/2019, Microsoft 365 Apps, Office LTSC 2021/2024 (Windows and Mac) and Office Online Server; a vendor patch is available via MSRC. No public exploit has been identified at time of analysis, and the CVSS 7.8 (AV:L/UI:R) rating reflects that user interaction is required.
Local code execution in Microsoft Excel (and the broader Office family including Microsoft 365 Apps for Enterprise, Office 2019/2021/2024 LTSC, Office for Mac, and Office Online Server) stems from a heap-based buffer overflow that triggers when a user opens a maliciously crafted spreadsheet. The CVSS vector (AV:L/AC:L/PR:N/UI:R) indicates an unauthenticated attacker gains full code execution in the victim's context but only after the target opens the file. No public exploit identified at time of analysis, and it is not listed in CISA KEV; a vendor patch is available from Microsoft (MSRC CVE-2026-55041).
Local code execution in Microsoft Excel (and the broader Office suite through Microsoft 365 Apps, Office 2019/2021/2024 LTSC, Office for Mac, and Office Online Server) arises from an integer underflow (CWE-191) in Excel's file parsing, letting an attacker run arbitrary code in the context of the user who opens a maliciously crafted spreadsheet. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R) shows no attacker privileges are needed but the victim must open the file, giving full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, and it is not listed in CISA KEV; a vendor patch is available.
Arbitrary code execution in Microsoft Excel (across Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, Office for Mac, and Office Online Server) arises from a heap-based buffer overflow (CWE-122) that triggers when a victim opens a maliciously crafted spreadsheet. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R) confirms this is a local, user-interaction-dependent file-format attack rather than a remote network exploit, yielding code execution in the context of the current user. No public exploit has been identified at time of analysis, and the CVE is not listed in CISA KEV; a Microsoft patch is available.
Local code execution in Microsoft Excel (spanning Microsoft 365 Apps for Enterprise, Excel 2016, Office 2019, Office LTSC 2021/2024, the macOS Office builds, and Office Online Server) arises from an integer overflow (CWE-190) triggered when the application parses a maliciously crafted spreadsheet. An unauthorized attacker who convinces a victim to open a booby-trapped file can run arbitrary code in the context of the current user, with full confidentiality, integrity, and availability impact per the 7.8 CVSS vector. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.
Local code execution in Microsoft Excel (Microsoft 365 Apps, Office 2019/LTSC 2021/2024, Office for Mac, and Office Online Server) arises from a type-confusion flaw (CWE-843) in how Excel parses spreadsheet content. An attacker who convinces a victim to open a malicious workbook can run arbitrary code in the context of the current user, gaining high confidentiality, integrity, and availability impact. Reported by Microsoft with a patch available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Local code execution in Microsoft Excel (2016, Office 2019, Office LTSC 2021/2024, Microsoft 365 Apps, Office for Mac, and Office Online Server) arises from a use-after-free memory corruption (CWE-416) that an attacker triggers when a victim opens a maliciously crafted spreadsheet. Exploitation runs code in the context of the current user and requires user interaction (opening the file), with no public exploit identified at time of analysis. This is a locally-exploited, phishing-delivered class of bug typical of Office file-format handlers, patched by Microsoft via MSRC.
Local code execution in Microsoft Excel (and the broader Office family through Microsoft 365 Apps, Office 2019/2021/2024 LTSC, Office for Mac, and Office Online Server) arises from a stack-based buffer overflow (CWE-121) triggered when a user opens a maliciously crafted spreadsheet. An attacker who convinces a victim to open the file runs arbitrary code in the security context of the current user, with high impact to confidentiality, integrity, and availability. There is no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV; Microsoft has released a patch.
Arbitrary code execution in Adobe Premiere Pro is possible via a heap-based buffer overflow (CWE-122) triggered when a victim opens a maliciously crafted project or media file, running attacker code in the context of the current user. The flaw is local and requires user interaction, with no public exploit identified at time of analysis; Adobe self-reported it in advisory APSB26-76. CVSS 7.8 reflects high confidentiality, integrity, and availability impact but a local attack vector gated by the user opening a malicious file.