Skip to main content

Microsoft

17290 CVEs vendor

Monthly

CVE-2026-33819 CRITICAL PATCH NEWS NO ACTION HOSTED Monitor

Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network.

Microsoft Deserialization
NVD
CVSS 3.1
10.0
EPSS
0.3%
CVE-2026-32210 CRITICAL PATCH NEWS NO ACTION HOSTED Monitor

Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network.

Microsoft SSRF
NVD
CVSS 3.1
9.3
EPSS
0.0%
CVE-2026-41213 npm MEDIUM PATCH This Month

@node-oauth/oauth2-server is a module for implementing an OAuth2 server in Node.js. The token exchange path accepts RFC7636-invalid code_verifier values (including one-character strings) for S256 PKCE flows. Because short/weak verifiers are accepted and failed verifier attempts do not consume the authorization code, an attacker who intercepts an authorization code can brute-force code_verifier guesses online until token issuance succeeds.

Node.js Information Disclosure Microsoft
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-6921 HIGH PATCH This Week

Race in GPU in Google Chrome on Windows prior to 147.0.7727.117 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: Medium)

Race Condition Information Disclosure Microsoft Google Chrome
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-1352 MEDIUM This Month

Authenticated users can trigger a denial of service in IBM Db2 11.5.0-11.5.9 and 12.1.0-12.1.4 for Linux, UNIX, and Windows through improper neutralization of special elements in database query logic, causing service unavailability without requiring user interaction or special configuration. The vulnerability affects both standalone Db2 instances and Db2 Connect Server deployments, with CVSS 6.5 reflecting network accessibility and authenticated access requirements. No public exploit code or active exploitation has been identified at the time of analysis.

Microsoft IBM Denial Of Service
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-32679 HIGH This Week

DLL hijacking in LiveOn Meet Client and Canon Network Camera Plugin installers allows local attackers to execute arbitrary code with installer privileges when users run vulnerable installer executables from directories containing malicious DLLs. The flaw affects four installer executables (Downloader5Installer.exe, Downloader5InstallerForAdmin.exe, CanonNWCamPlugin.exe, CanonNWCamPluginForAdmin.exe) version 1.0.0.0. No public exploit identified at time of analysis, though the attack technique is well-documented. CVSS 8.4 (High) reflects significant impact contingent on user interaction and attacker's ability to place malicious files in the installer directory before execution - real-world risk depends heavily on organizational download practices and endpoint controls preventing untrusted DLL placement.

Information Disclosure Microsoft
NVD VulDB
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-0539 HIGH This Week

Local privilege escalation in pcvisit Remote Host Modul on Windows allows low-privileged users to gain NT AUTHORITY\SYSTEM by overwriting the service binary with malicious code that executes automatically at boot. All versions after 22.6.22.1329 through 25.12.3.1745 are affected due to weak file permissions (CWE-276). Vendor patched in version 25.12.3.1745 per advisory. EPSS and KEV status unknown, but vulnerability is trivial to exploit (CVSS AV:L/AC:L/PR:L) with maximum local impact (8.5 High).

Microsoft Privilege Escalation
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-33519 CRITICAL Act Now

An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials.

Information Disclosure Kubernetes Microsoft
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-33518 CRITICAL Act Now

An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privileges than expected.

Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-34294 MEDIUM This Month

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Microsoft Active Directory). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows low privileged attacker with network access via LDAP to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Identity Manager Connector accessible data as well as unauthorized read access to a subset of Oracle Identity Manager Connector accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N).

Authentication Bypass Oracle Microsoft
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-3298 HIGH PATCH This Week

Out-of-bounds buffer write in CPython's asyncio.ProactorEventLoop (Windows only) allows remote attackers to trigger memory corruption via oversized network data. The sock_recvfrom_into() method lacks buffer size validation when the nbytes parameter is used, enabling writes beyond allocated memory boundaries. Patch available via GitHub PR #148809. CVSS 8.8 reflects network-accessible attack surface with no authentication required, though exploitation is platform-specific (Windows only) and requires specific asyncio usage patterns.

Memory Corruption Microsoft Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2026-39973 Maven HIGH PATCH GHSA This Week

Path traversal in Apktool 3.0.0-3.0.1 enables malicious APK files to write arbitrary files during decoding operations, potentially achieving remote code execution by overwriting shell configuration files or startup scripts. This security regression, introduced December 12, 2025 when sanitization controls were removed from resource decoder logic, allows attackers to embed directory traversal sequences in APK metadata that escape output directories and target critical system files like ~/.ssh/config or Windows Startup folders. CVSS 7.1 with local attack vector and required user interaction. No active exploitation (CISA KEV) or public POC identified at time of analysis, but exploit development is straightforward given the detailed technical disclosure in GitHub advisory GHSA-m8mh-x359-vm8m.

Path Traversal Microsoft Google
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-41527 MEDIUM PATCH This Month

KDE Kleopatra before 26.08.0 on Windows allows local users to obtain the privileges of a Kleopatra user, because there is an error in the mechanism (KUniqueService) for ensuring that only one instance is running.

Information Disclosure Microsoft
NVD GitHub
CVSS 3.1
6.9
EPSS
0.0%
CVE-2026-0930 LOW PATCH Monitor

Out-of-bounds read in wolfSSHd on Windows allows authenticated users to leak adjacent stack memory via malformed terminal resize requests, exposing sensitive data through pseudo-console output. Affects wolfSSH versions prior to 1.5.0. CVSS score of 2.3 reflects low severity due to authentication requirement and limited confidentiality impact; vendor patch available.

Microsoft Buffer Overflow
NVD GitHub
CVSS 4.0
2.3
EPSS
0.0%
CVE-2026-41389 npm MEDIUM PATCH This Month

OpenClaw versions 2026.4.7 through 2026.4.14 fail to enforce path containment on tool-result media references, enabling attackers to craft malicious tool-result inputs that trigger arbitrary local file reads or Windows UNC path access without authentication. An attacker can disclose sensitive files or extract credentials by exploiting this path-traversal weakness in the tool-result processing logic, requiring only network access and the ability to provide crafted tool-result media parameters to an exposed endpoint.

Information Disclosure Microsoft
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-40321 NuGet HIGH PATCH GHSA This Week

Stored cross-site scripting (XSS) via malicious SVG file upload in DNN Platform (DotNetNuke) versions before 10.2.2 allows low-privileged authenticated users to execute arbitrary JavaScript in the context of other users' browsers. Attackers can craft SVG files containing embedded scripts that execute when viewed by victims, with elevated impact if targeting administrative users. EPSS data not provided; no CISA KEV listing indicates no confirmed widespread exploitation at time of analysis. CVSS 8.1 (High) reflects the scope change and high confidentiality/integrity impact despite requiring both authentication and user interaction.

Information Disclosure Microsoft
NVD GitHub VulDB
CVSS 3.1
8.0
EPSS
0.0%
CVE-2026-40306 NuGet MEDIUM PATCH This Month

DNN (DotNetNuke) 10.0.0 through 10.2.1 installations use an identical Host GUID across all new deployments, enabling attackers to impersonate the host administrator account and gain unauthorized access to sensitive CMS functionality. This affects only fresh installations-upgrades from 9.x retain unique identifiers. The vulnerability requires network access to exploit but no authentication or user interaction, and is patched in version 10.2.2.

Information Disclosure Microsoft
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-40305 NuGet MEDIUM PATCH This Month

DNN (DotNetNuke) Platform versions 6.0.0 through 10.2.1 allow authenticated users to bypass authorization controls in the friends feature and force acceptance of friend requests on behalf of other users, resulting in unauthorized relationship modifications. The vulnerability requires valid user credentials (PR:L) and affects the integrity of user social graphs without exposing sensitive data. No public exploit code or active exploitation has been confirmed; vendors have released patched version 10.2.2.

Authentication Bypass Microsoft
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-35603 npm MEDIUM PATCH GHSA This Month

Claude Code prior to version 2.1.75 on Windows allows low-privileged local users to execute arbitrary code by placing a malicious configuration file in an unprotected shared directory (C:\ProgramData\ClaudeCode\managed-settings.json). The vulnerability exploits the default writability of ProgramData to non-administrative users and the absence of directory ownership validation, enabling privilege escalation or lateral impact when a victim user subsequently launches the application. This requires local system access and user interaction (launching Claude Code), limiting real-world impact to shared multi-user systems.

Information Disclosure Microsoft
NVD GitHub VulDB
CVSS 4.0
5.4
EPSS
0.0%
CVE-2026-33516 HIGH PATCH This Week

Out-of-bounds read in xrdp RDP server versions ≤0.10.5 allows remote unauthenticated attackers to crash the service or disclose process memory by sending a malformed Confirm Active PDU during RDP capability negotiation. Attack complexity is low but requires user interaction. EPSS data not available; no CISA KEV listing or public POC identified at time of analysis. Vendor-released patch available in version 0.10.6 per GitHub security advisory GHSA-rvh9-9wm3-28c7.

Denial Of Service Information Disclosure Microsoft Buffer Overflow Suse
NVD GitHub VulDB
CVSS 4.0
7.7
EPSS
0.1%
CVE-2026-21709 MEDIUM PATCH This Month

Bypass of Windows Driver Signature Enforcement in Veeam Backup and Replication 12.x and Software Appliance 13.x allows local administrators to load unsigned kernel drivers, potentially enabling persistent kernel-level compromise. The vulnerability requires high-level administrative privileges and is not actively exploited in the wild; however, EPSS scoring (0.01%) suggests this is a low-probability exploitation target despite the high CVSS score, indicating the attack scenario is constrained by strict privilege and configuration requirements.

Command Injection Microsoft Backup And Replication Software Appliance
NVD VulDB
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-5131 MEDIUM PATCH This Month

GREENmod before 2.8.33 allows remote code execution and server-side request forgery via incorrectly configured named pipes that accept unauthenticated XML or JSON file uploads, processing them with service-level privileges on Windows systems. An attacker on the network can abuse this to trigger SSRF attacks against SMB or WebDAV targets accessible to the service account, potentially compromising internal Windows infrastructure without authentication.

SSRF Microsoft
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-15622 MEDIUM This Month

Sparx Enterprise Architect client stores and transmits OAuth2 client secrets in plaintext, allowing local attackers to extract credentials and impersonate the application to obtain unauthorized access tokens. The vulnerability affects at least version 16.1.1627 and potentially earlier versions; local file system access is required to retrieve the exposed secrets, but once obtained, an attacker can perform remote authentication without additional privileges. NCSC-FI reported this vulnerability and it is tracked as EUVD-2025-209512; exploitation likelihood is elevated due to the ease of credential extraction from local storage.

Information Disclosure Microsoft
NVD VulDB
CVSS 4.0
6.2
EPSS
0.0%
CVE-2026-6482 HIGH PATCH This Week

Local privilege escalation in Rapid7 Insight Agent (versions > 4.1.0.2) on Windows allows unprivileged users to execute arbitrary code as SYSTEM via OpenSSL configuration file planting. The agent service loads openssl.cnf from a non-existent directory writable by standard users, enabling full host compromise without authentication. CVSS 8.5 with proof-of-concept exploit code available (E:P). EPSS data not provided; not currently listed in CISA KEV.

Privilege Escalation Microsoft OpenSSL
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-40322 CRITICAL Act Now

SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, Mermaid diagrams are rendered with securityLevel set to "loose", and the resulting SVG is injected into the DOM via innerHTML. This allows attacker-controlled javascript: URLs in Mermaid code blocks to survive into the rendered output. On desktop builds using Electron, windows are created with nodeIntegration enabled and contextIsolation disabled, escalating the stored XSS to arbitrary code execution when a victim opens a note containing a malicious Mermaid block and clicks the rendered diagram node. This issue has been fixed in version 3.6.4.

XSS Microsoft RCE
NVD GitHub VulDB
CVSS 3.1
9.0
EPSS
0.0%
CVE-2026-33472 MEDIUM PATCH This Month

Cryptomator is an open-source client-side encryption application for cloud storage. Version 1.19.1 contains a logic flaw in CheckHostTrustController.getAuthority() that allows an attacker to bypass the security fix for CVE-2026-32303. The method hardcodes the URI scheme based on port number, causing HTTPS URLs with port 80 to produce the same authority string as HTTP URLs, which defeats both the consistency check and the HTTP block validation. An attacker with write access to a cloud-synced vault.cryptomator file can craft a Hub configuration where apiBaseUrl and authEndpoint use HTTPS with port 80 to pass auto-trust validation, while tokenEndpoint uses plaintext HTTP. The vault is auto-trusted without user prompt, and a network-positioned attacker can intercept the OAuth token exchange to access the Cryptomator Hub API as the victim. This issue has been fixed in version 1.19.2.

Authentication Bypass Microsoft Hashicorp
NVD GitHub
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-23772 HIGH PATCH This Week

Local privilege escalation in Dell Storage Manager - Replay Manager for Microsoft Servers 8.0 allows low-privileged authenticated users to gain elevated privileges with high integrity and availability impact. Dell has released security advisory DSA-2026-058 with patches. The CVSS 7.3 (High) score reflects significant post-exploitation impact, though local access and existing authentication requirements limit initial attack surface. No active exploitation (CISA KEV) or public proof-of-concept code identified at time of analysis.

Privilege Escalation Dell Microsoft
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-32179 NuGet CRITICAL PATCH GHSA Act Now

Integer underflow in Microsoft QUIC's ACK frame parser enables remote unauthenticated privilege escalation. The vulnerability (CWE-191: integer wrap-around) affects Microsoft's native QUIC library implementations (both OpenSSL and SChannel variants) distributed via NuGet packages. With CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) and vendor-confirmed patch available (commit 1e6e999b), this represents a critical network-exposed flaw in QUIC protocol implementations. No active exploitation confirmed (not in CISA KEV) and public exploit code status unknown at time of analysis, but the straightforward attack vector (network-accessible protocol parsing) and authentication bypass capability warrant immediate patching priority for systems using Microsoft QUIC libraries.

Authentication Bypass Integer Overflow Microsoft
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-22676 HIGH PATCH This Week

Local privilege escalation in Barracuda RMM (all versions prior to 2025.2.2) enables authenticated Windows users to execute arbitrary code as NT AUTHORITY\SYSTEM by writing malicious files to the insecurely-permissioned C:\Windows\Automation directory. Vendor-released patch version 2025.2.2 addresses the filesystem ACL misconfiguration. EPSS data unavailable; no confirmed active exploitation (not in CISA KEV), though VulnCheck public advisory increases likelihood of POC development. CVSS 8.5 reflects high local impact requiring only low-privileged authentication.

Privilege Escalation Microsoft
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-40346 npm MEDIUM PATCH GHSA This Month

## Summary NocoBase's workflow HTTP request plugin and custom request action plugin make server-side HTTP requests to user-provided URLs without any SSRF protection. An authenticated user can access internal network services, cloud metadata endpoints, and localhost. ## Vulnerable Code ### 1. Workflow HTTP Request Plugin **`packages/plugins/@nocobase/plugin-workflow-request/src/server/RequestInstruction.ts` lines 117-128:** ```typescript return axios.request({ url: trim(url), // User-controlled, no validation method, headers, params, timeout, ...(method.toLowerCase() !== 'get' && data != null ? { data: transformer ? await transformer(data) : data } : {}), }); ``` The `url` at line 98 comes directly from user workflow configuration with only whitespace trimming. ### 2. Custom Request Action Plugin **`packages/plugins/@nocobase/plugin-action-custom-request/src/server/actions/send.ts` lines 172-198:** ```typescript const axiosRequestConfig = { baseURL: ctx.origin, ...options, url: getParsedValue(url, variables), // User-controlled via template headers: { ... }, params: getParsedValue(arrayToObject(params), variables), data: getParsedValue(toJSON(data), variables), }; const res = await axios(axiosRequestConfig); // No IP validation ``` ## Missing Protections - No `request-filtering-agent` or SSRF library (confirmed via grep across entire codebase) - No private IP range filtering - No cloud metadata endpoint blocking - No URL scheme validation - No DNS rebinding protection ## Attack Scenario 1. Authenticated user creates a workflow with HTTP Request node 2. Sets URL to `http://169.254.169.254/latest/meta-data/iam/security-credentials/` 3. Triggers the workflow 4. Server fetches AWS metadata and returns IAM credentials in workflow execution logs Alternatively via Custom Request action: 1. Create custom request with URL `http://127.0.0.1:5432` or `http://10.0.0.1:8080/admin` 2. Execute the action 3. Server makes request to internal service ## Impact - **Cloud metadata theft**: AWS/GCP/Azure credentials via metadata endpoints - **Internal network access**: Scan and interact with services on private IP ranges - **Database access**: Connect to localhost databases (PostgreSQL, Redis, etc.) - **Authentication required**: Yes (authenticated user), but any workspace member can create workflows

PostgreSQL SSRF Microsoft Redis
NVD GitHub VulDB
CVSS 4.0
6.4
EPSS
0.0%
CVE-2026-6361 HIGH PATCH This Week

Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)

Microsoft Google Heap Overflow Buffer Overflow RCE +1
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-6311 HIGH PATCH This Week

Uninitialized Use in Accessibility in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Information Disclosure Microsoft Google Chrome
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-6359 HIGH PATCH This Week

Use after free in Video in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Use After Free Microsoft Memory Corruption Google Denial Of Service +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-32631 HIGH PATCH This Week

Git for Windows is the Windows port of Git. Versions prior to 2.53.0.windows.3 do not have protections that prevent attackers from obtaining a user's NTLM hash. The NTLM hash can be obtained by tricking users into cloning a malicious repository, or checking out a malicious branch, that accesses an attacker-controlled server. By default, NTLM authentication does not need any user interaction. By brute-forcing the NTLMv2 hash (which is expensive, but possible), credentials can be extracted. This issue has been fixed in version 2.53.0.windows.3.

Information Disclosure Microsoft
NVD GitHub VulDB
CVSS 3.1
7.4
EPSS
0.1%
CVE-2025-15610 CRITICAL Act Now

Deserialization of untrusted data vulnerability in OpenText, Inc RightFax on Windows, 64 bit, 32 bit allows Object Injection.This issue affects RightFax: through 25.4.

Deserialization Microsoft
NVD VulDB
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-4682 HIGH This Week

Certain HP DeskJet All in One devices may be vulnerable to remote code execution caused by a buffer overflow when specially crafted Web Services for Devices (WSD) scan requests are improperly validated and handled by the MFP. WSD Scan is a Microsoft Windows-based network scanning protocol that allows a PC to discover scanners (and MFPs) on a network and send scan jobs to them without requiring vendor specific drivers or utilities.

HP RCE Buffer Overflow Stack Overflow Microsoft
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-25219 PyPI MEDIUM PATCH This Month

The `access_key` and `connection_string` connection properties were not marked as sensitive names in secrets masker. This means that user with read permission could see the values in Connection UI, as well as when Connection was accidentaly logged to logs, those values could be seen in the logs. Azure Service Bus used those properties to store sensitive values. Possibly other providers could be also affected if they used the same fields to store sensitive data. If you used Azure Service Bus connection with those values set or if you have other connections with those values storing sensitve values, you should upgrade Airflow to 3.2.0.

Information Disclosure Microsoft
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-39842 Maven CRITICAL PATCH GHSA Act Now

Remote code execution as root in OpenRemote IoT platform's rules engine (versions prior to 1.20.3) allows authenticated non-superuser attackers with write:rules role to execute arbitrary Java code via unsandboxed JavaScript rulesets. The vulnerability stems from Nashorn ScriptEngine.eval() executing user-supplied JavaScript without ClassFilter restrictions, enabling Java.type() access to any JVM class including java.lang.Runtime. Attackers can compromise the entire multi-tenant platform, steal c

Information Disclosure RCE Apple Docker Deserialization +5
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-33414 Go MEDIUM PATCH GHSA This Month

Command injection in Podman's HyperV machine backend allows local administrators with high privileges to execute arbitrary PowerShell commands at SYSTEM level on Windows hosts by crafting a malicious VM image path containing PowerShell subexpression syntax. The vulnerability affects Podman v4 and v5 on Windows only; a vendor patch is available via commit 571c842.

Command Injection RCE Microsoft
NVD GitHub VulDB
CVSS 4.0
4.0
EPSS
0.0%
CVE-2026-39906 HIGH This Week

NTLMv2 credential leakage in Unisys WebPerfect Image Suite 3.0.3960.22810 and 3.0.3960.22604 enables remote unauthenticated attackers to extract machine-account hashes via deprecated .NET Remoting TCP channels, facilitating network-wide lateral movement and privilege escalation through hash relay attacks. Disclosed by VulnCheck, this flaw exploits insecure object deserialization to coerce NTLM authentication to attacker-controlled UNC paths. EPSS data not available; no KEV listing or public exploit code identified at time of analysis, though the disclosed technical details provide sufficient information for weaponization.

Privilege Escalation Microsoft
NVD VulDB GitHub
CVSS 4.0
7.0
EPSS
0.2%
CVE-2026-34160 HIGH PATCH This Week

Unauthenticated Server-Side Request Forgery (SSRF) in Chamilo LMS versions prior to 2.0.0-RC.3 allows remote attackers to access internal network services and cloud metadata endpoints via unfiltered package-url parameter in the PENS plugin. Attackers can steal AWS IAM credentials from 169.254.169.254, probe internal infrastructure, and trigger state-changing operations on internal services without requiring authentication. CVSS 8.6 (High) with Changed Scope reflects the ability to pivot from the LMS to other internal systems. No public exploit identified at time of analysis, though the attack vector is straightforward requiring only HTTP requests to the exposed endpoint.

Authentication Bypass PHP SSRF Microsoft
NVD GitHub
CVSS 3.1
8.6
EPSS
0.1%
CVE-2026-5756 HIGH This Week

Unauthenticated Configuration File Modification Vulnerability in DRC Central Office Services (COS) allows an attacker to modify the server's configuration file, potentially leading to mass data exfiltration, malicious traffic interception, or disruption of testing services.

Information Disclosure Microsoft
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-33829 MEDIUM POC PATCH This Month

Windows Snipping Tool leaks sensitive information to unauthenticated network attackers via user interaction, enabling spoofing attacks. The vulnerability affects Windows 10 (versions 1607, 1809, 21H2, 22H2) and Windows 11 (versions 22H3, 23H2, 24H2, 25H2, 26H1), as well as Windows Server 2012 through 2025. Microsoft has released patches for all affected versions; exploitation requires user interaction but no specialized technical knowledge.

Information Disclosure Microsoft
NVD VulDB GitHub Exploit-DB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-33824 CRITICAL PATCH NEWS Exploit Unlikely Act Now

Remote code execution in Windows IKE Extension (Internet Key Exchange) via double free memory corruption allows unauthenticated network attackers to execute arbitrary code on Windows 10 (1607-22H2), Windows 11 (22H3-26H1), and Windows Server (2016-2025). CVSS 9.8 critical severity with network vector requiring no authentication or user interaction. Vendor patch released by Microsoft addresses CWE-415 double free weakness. EPSS score of 0.07% (21st percentile) suggests low observed exploitation probability despite critical severity rating, indicating this may be a targeted or difficult-to-exploit vulnerability in production environments. No CISA KEV listing or public POC identified at time of analysis.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-33827 HIGH PATCH NEWS Exploit Unlikely This Week

Remote code execution in Windows TCP/IP networking stack across Windows 10, 11, and Server versions allows unauthenticated network attackers to execute arbitrary code by exploiting a race condition in shared resource synchronization. The vulnerability affects all supported Windows versions from Server 2012 through Windows 11 26H1 and Server 2025. Microsoft has released patches addressing this high-severity flaw (CVSS 8.1). No public exploit identified at time of analysis, though SSVC assessment

Authentication Bypass Race Condition Microsoft
NVD VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-33115 HIGH PATCH NEWS Exploit Unlikely This Week

Memory corruption in Microsoft Office Word enables local code execution through a use-after-free flaw affecting Microsoft 365 Apps for Enterprise and Office LTSC 2021/2024 for Windows and Mac. Despite the local attack vector (AV:L), the vulnerability requires no privileges (PR:N) or user interaction (UI:N), allowing unauthorized attackers to execute arbitrary code with high impact to confidentiality, integrity, and availability (CVSS 8.4). Vendor-released patch available via Microsoft Security Response Center as of April 2026. No public exploit identified at time of analysis, though the technical simplicity (AC:L) and memory corruption primitive increase weaponization risk.

Denial Of Service Use After Free Memory Corruption Microsoft
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-33114 HIGH PATCH NEWS Exploit Unlikely This Week

Microsoft Office Word untrusted pointer dereference (CWE-822) enables local code execution with high impact across Microsoft 365 Apps for Enterprise and Office LTSC 2021/2024 editions (Windows and macOS). The vulnerability requires local access but no privileges or user interaction (CVSS:3.1/AV:L/AC:L/PR:N/UI:N), allowing unauthenticated local attackers to achieve full system compromise. Vendor-released patch available per Microsoft Security Response Center advisory. No public exploit identified at time of analysis. SSVC assessment indicates no confirmed exploitation, non-automatable attack, but total technical impact (full control).

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-33104 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Win32K graphics subsystem (Win32K-GRFX) allows authenticated attackers with low privileges to gain SYSTEM-level access by exploiting a race condition during concurrent resource access. Affects all supported Windows 10, Windows 11, and Windows Server versions from 2012 through 2025. Microsoft has released patches addressing this CWE-362 synchronization flaw. No public exploit identified at time of analysis, though the local attack vector and high complexity (

Information Disclosure Race Condition Microsoft
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-33103 MEDIUM PATCH This Month

Improper access control in Microsoft Dynamics 365 (on-premises) version 9.0 allows authenticated local attackers to disclose sensitive information without user interaction. The vulnerability stems from insufficient authorization checks that permit users with low-level privileges to access confidential data through local access vectors. This affects Dynamics 365 on-premises deployments up to version 9.0.0043.x, with vendor-released patches available from Microsoft.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-33101 HIGH PATCH This Week

Local privilege escalation in Windows Print Spooler Components allows authenticated attackers with low privileges to achieve complete system compromise (high confidentiality, integrity, and availability impact) by exploiting a use-after-free memory corruption vulnerability. Affects Windows 11 versions 24H2, 25H2, 26H1, Windows Server 2022 23H2 Edition, and Windows Server 2025. CVSS score 7.8 reflects local attack vector with low complexity and no user interaction required. No public exploit or CISA KEV status identified at time of analysis, though use-after-free vulnerabilities in Print Spooler have historically been attractive exploitation targets.

Denial Of Service Use After Free Memory Corruption Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-33100 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Ancillary Function Driver for WinSock (AFD.sys) affects all supported Windows 10, Windows 11, and Windows Server versions from 2012 through 2025. The CWE-416 use-after-free memory corruption flaw allows low-privileged authenticated attackers with local access to elevate to SYSTEM privileges, achieving complete control over confidentiality, integrity, and availability. SSVC framework rates this as non-automatable with total technical impact. No public exploit

Denial Of Service Use After Free Memory Corruption Microsoft
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-33099 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation via use-after-free in Windows Ancillary Function Driver for WinSock (AFD.sys) allows authenticated low-privileged attackers to execute arbitrary code with SYSTEM privileges across all supported Windows versions. Microsoft has released patches for Windows 10 (versions 1607-22H2), Windows 11 (versions 22H3-25H2), and Windows Server (2012-2022 23H2). The vulnerability requires local access and low privileges (PR:L) with high attack complexity (AC:H), but no public exploit

Denial Of Service Use After Free Memory Corruption Microsoft
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-32225 HIGH PATCH Exploit Likely This Week

Windows Shell security feature bypass enables unauthenticated remote attackers to defeat protection mechanisms across all supported Windows client and server versions (Windows 10 1607 through Windows 11 26H1, Server 2012 through Server 2025) via network-based attack requiring user interaction. The CVSS 8.8 rating reflects complete compromise potential (high confidentiality, integrity, and availability impact) despite low attack complexity. Microsoft has released patches addressing this authentic

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-32201 MEDIUM POC KEV PATCH THREAT CISA Exploited Act Now

Improper input validation in Microsoft SharePoint Server enables network-based spoofing attacks without authentication, allowing attackers to forge communications and deceive users. Affects SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition. This vulnerability is confirmed actively exploited (CISA KEV) with publicly available exploit code, making it a critical operational priority despite the moderate CVSS score of 6.5.

Authentication Bypass Microsoft
NVD VulDB GitHub
CVSS 3.1
6.5
EPSS
1.2%
Threat
4.3
CVE-2026-32200 HIGH PATCH Exploit Unlikely This Week

Use-after-free memory corruption in Microsoft PowerPoint (versions 2016, 2019, LTSC 2021, LTSC 2024, and Microsoft 365 Apps for Enterprise) enables local code execution when users open malicious files. An attacker with no privileges can achieve full system compromise (high confidentiality, integrity, and availability impact) by convincing a user to open a crafted PowerPoint document. Vendor patch available via Microsoft Security Response Center. No public exploit code or confirmed active exploitation (CISA KEV) identified at time of analysis, though CVSS 7.8 rating reflects high severity for local attack scenarios.

Denial Of Service Use After Free Memory Corruption Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-32199 HIGH PATCH Exploit Unlikely This Week

Microsoft Excel use-after-free vulnerability (CWE-416) enables arbitrary code execution when a user opens a specially crafted Excel file. Affects Microsoft 365 Apps for Enterprise, Excel 2016, Office 2019, Office LTSC 2021/2024 (Windows and Mac), and Office Online Server. CVSS 7.8 (High) requires local access and user interaction but no authentication. No public exploit identified at time of analysis. Microsoft released patches addressing all affected product lines per MSRC update guide.

Denial Of Service Use After Free Memory Corruption Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-32198 HIGH PATCH Exploit Unlikely This Week

Use-after-free vulnerability in Microsoft Office Excel enables local code execution when users open maliciously crafted Excel files. Affects all major Office versions including Microsoft 365 Apps for Enterprise, Excel 2016, Office 2019, Office LTSC 2021/2024 (Windows and Mac), and Office Online Server. Attack requires no authentication (PR:N) but demands user interaction (opening a weaponized document). CVSS 7.8 (High) reflects significant impact potential (code execution with high confidentiali

Denial Of Service Use After Free Memory Corruption Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-32197 HIGH PATCH Exploit Unlikely This Week

Use-after-free memory corruption in Microsoft Excel across Office 2016-2024 and Microsoft 365 enables local code execution when a user opens a malicious spreadsheet. Attackers must craft a weaponized Excel file and trick users into opening it, after which arbitrary code runs with the victim's privileges. No authentication is required, though user interaction is necessary. Exploitation probability remains moderate (CVSS 7.8) with no confirmed active exploitation (no CISA KEV listing) and no publi

Denial Of Service Use After Free Memory Corruption Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-32196 MEDIUM PATCH Exploit Unlikely This Month

Stored cross-site scripting (XSS) in Windows Admin Center before version 2.6.5.16 allows unauthenticated remote attackers to inject malicious scripts that execute in the browsers of other users, enabling account spoofing and data theft. The vulnerability requires user interaction (clicking a malicious link) but has network-wide scope, affecting all users of the Admin Center instance. Microsoft has released a patched version; exploitation is currently limited to scenarios where attackers can socially engineer clicks on crafted URLs.

XSS Microsoft
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-32190 HIGH PATCH NEWS Exploit Unlikely This Week

Use-after-free memory corruption in Microsoft Office (versions 2016 through LTSC 2024, including Microsoft 365 Apps for Enterprise) enables local code execution with no authentication or user interaction required. Attackers with local system access can execute arbitrary code with high impact to confidentiality, integrity, and availability (CVSS 8.4). No public exploit identified at time of analysis. Vendor-released patch available via Microsoft Security Response Center for all affected versions.

Denial Of Service Use After Free Memory Corruption Microsoft
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-32171 HIGH PATCH Exploit Unlikely This Week

Azure Logic Apps fails to adequately protect stored credentials, enabling authenticated attackers with network access to escalate privileges and gain unauthorized access to sensitive data. With a CVSS score of 8.8 and low attack complexity (AC:L), this vulnerability poses significant risk to cloud environments where Logic Apps handle integration credentials. Microsoft has released a patch addressing the credential protection weakness. No public exploit identified at time of analysis, though the low complexity suggests straightforward exploitation once authentication is obtained.

Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-32164 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows User Interface Core across Windows 10, 11, and Server 2016-2025 allows low-privileged authenticated users to gain elevated system access via a race condition vulnerability. Attack complexity is high (AC:H), requiring precise timing exploitation of shared resource synchronization flaws. Vendor-released patches are available for all affected versions. No public exploit identified at time of analysis, though the local attack vector and authenticated requirement

Information Disclosure Race Condition Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-32163 HIGH PATCH This Week

Privilege escalation in Windows User Interface Core across Windows 10 (1809-22H2), Windows 11 (22H3-26H1), and Windows Server (2019-2025) allows authenticated local attackers to gain elevated privileges via race condition exploitation. Vendor-released patches available for all affected versions. No public exploit identified at time of analysis. CVSS 7.8 (high) with local attack vector and high complexity (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C) indicates significant real-world risk in multi-user environments where low-privilege users can access affected systems.

Information Disclosure Race Condition Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-32162 HIGH PATCH Exploit Likely This Week

Local privilege escalation in Windows COM across Windows 10 (1809, 21H2, 22H2), Windows 11 (22H3-26H1), and Windows Server (2019-2025) allows unauthenticated attackers with local access to achieve full system compromise (high confidentiality, integrity, and availability impact) by exploiting acceptance of untrusted data alongside trusted data. CVSS 8.4 reflects the severe impact of complete privilege escalation despite requiring local access. Vendor-released patch available with specific build n

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-32153 HIGH PATCH Exploit Unlikely This Week

Use-after-free in Microsoft Windows Speech component enables local privilege escalation to SYSTEM on Windows 10 (versions 1809, 21H2, 22H2) and Windows 11 (versions 22H3 through 26H1). Authenticated local attackers with low privileges can exploit memory corruption to gain full system control with low attack complexity and no user interaction required. CVSS 7.8 (High). Vendor-released patches available for all affected versions. No public exploit identified at time of analysis, though the straigh

Denial Of Service Use After Free Memory Corruption Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-32151 MEDIUM PATCH Exploit Unlikely This Month

Windows Shell information disclosure vulnerability (CVE-2026-32151) allows authenticated network attackers to read sensitive data without authorization. The vulnerability affects Windows 10 versions 1607-22H2, Windows 11 versions 22H3-26H1, Windows Server 2012-2025, and associated Server Core installations. Microsoft has released vendor patches for all affected versions; exploitation requires valid credentials and network access but no user interaction.

Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-32149 HIGH PATCH Exploit Unlikely This Week

Windows Hyper-V local privilege escalation via improper input validation (CWE-20) enables authenticated low-privilege attackers with user interaction to execute arbitrary code with high confidentiality, integrity, and availability impact across Windows 10 (versions 1607-22H2), Windows 11 (versions 22H3-26H1), and Windows Server (2016-2025). Microsoft released patches addressing the vulnerability with EPSS exploitation probability data not available; no public exploit identified at time of analys

Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2026-32091 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows Brokering File System allows unprivileged attackers with physical or local access to gain SYSTEM-level privileges through a race condition vulnerability. The flaw affects all supported Windows 10, Windows 11, and Windows Server versions from 2016 through 2025. Despite an 8.4 CVSS score indicating high severity, real-world risk is moderate: EPSS score of 0.04% (12th percentile) suggests low exploitation likelihood, SSVC framework confirms no active exploitation, and the local attack vector limits exposure to scenarios where attackers already have local access. Vendor-released patches are available for all affected versions.

Authentication Bypass Race Condition Microsoft
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-32088 MEDIUM PATCH Exploit Unlikely This Month

Windows Biometric Service contains a race condition in concurrent resource access that allows unauthorized attackers to bypass biometric authentication controls via physical attack, affecting Windows 10 (versions 1809, 21H2, 22H2), Windows 11 (versions 22H3, 23H2, 24H2, 25H2, 26H1), and Windows Server 2019, 2022, and 2025. The vulnerability requires physical access to the device and carries a moderate CVSS score of 6.1 (physical attack vector); Microsoft has released patches for all affected versions.

Authentication Bypass Race Condition Microsoft
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-32084 MEDIUM PATCH This Month

Windows File Explorer exposes sensitive information to authenticated local users with low privileges, allowing them to read confidential data without modification or service disruption. This affects multiple Windows 10 and Windows 11 versions, as well as Windows Server 2012 through 2025. Microsoft has released patches addressing the information disclosure vector; exploitation requires local system access and valid user credentials.

Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-32080 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows WalletService across Server 2016 through Server 2025 allows low-privileged authenticated attackers to gain SYSTEM-level access by exploiting a use-after-free memory corruption flaw. Attack complexity is high (CVSS AC:H), requiring precise timing or race condition exploitation. Patch available per vendor advisory (MSRC). No public exploit identified at time of analysis, EPSS data not provided.

Denial Of Service Use After Free Memory Corruption Microsoft
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-32079 MEDIUM PATCH This Month

Windows File Explorer information disclosure vulnerability in Windows 10 and Windows 11 allows authenticated local attackers to read sensitive files through a flaw in access control validation. CVSS 5.5 indicates moderate risk with confidentiality impact but no integrity or availability compromise. Patch available from Microsoft; no public exploit code or active exploitation confirmed at time of analysis.

Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-32078 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Projected File System (ProjFS) across Windows 10, Windows 11, and Windows Server 2019-2025 allows authenticated low-privileged users to gain SYSTEM-level control via use-after-free memory corruption. Attack requires local access and low-privileged credentials (CVSS PR:L) but no user interaction, enabling complete compromise of confidentiality, integrity, and availability. Vendor-released patches are available for all affected versions. No public exploit identified at time of analysis, though the vulnerability class (use-after-free) is well-understood and commonly targeted once details emerge.

Denial Of Service Use After Free Memory Corruption Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-32077 HIGH PATCH Exploit Unlikely This Week

Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host enables authenticated local attackers to elevate privileges to SYSTEM level across all supported Windows 10, Windows 11, and Windows Server versions from 2012 through 2025. The vulnerability (CWE-822) requires low-privilege authenticated access and minimal attack complexity (CVSS 7.8, AV:L/AC:L/PR:L). No public exploit identified at time of analysis. Microsoft released patches for all affected versions including

Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-32076 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Storage Spaces Controller (Windows 11 22H2-26H1, Server 2022-2025) enables low-privileged authenticated users to gain SYSTEM-level access via out-of-bounds read exploitation. CVSS 7.8 (High). No public exploit identified at time of analysis, but ENISA EUVD tracking indicates European regulatory attention. Vendor-released patches available for all affected versions.

Buffer Overflow Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-32074 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation via double free vulnerability in Windows Projected File System (ProjFS) enables low-privileged authenticated users to achieve SYSTEM-level access across Windows 10, Windows 11, and Windows Server environments. The CWE-415 memory corruption flaw requires low attack complexity and no user interaction, affecting all actively supported Windows versions from legacy 1809 builds through current 26H1 releases. Vendor-released patches are available with build numbers confirmed

Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-32072 MEDIUM PATCH Exploit Unlikely This Month

Improper authentication in Windows Active Directory enables local spoofing attacks on unauthenticated users, allowing attackers with local access to bypass authentication mechanisms and gain unauthorized access to sensitive information. This vulnerability affects multiple Windows 10 and Windows 11 versions as well as Windows Server 2016 through 2025. A vendor-released patch is available from Microsoft, and the moderate CVSS score (6.2) reflects the local attack vector requirement combined with high confidentiality impact.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-32070 HIGH PATCH Exploit Likely This Week

Local privilege escalation in Windows Common Log File System (CLFS) Driver affects Windows 10, 11, and Server 2012-2025 through a use-after-free memory corruption flaw. Authenticated local attackers with low privileges can exploit this vulnerability to gain SYSTEM-level access, achieving full control over confidentiality, integrity, and availability. While no public exploit identified at time of analysis, the Windows CLFS driver has been a frequent target for privilege escalation exploits histor

Denial Of Service Use After Free Memory Corruption Microsoft
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-32069 HIGH PATCH Exploit Unlikely This Week

Privilege escalation in Windows Projected File System (ProjFS) enables low-privileged local users to gain SYSTEM-level control through a double-free memory corruption vulnerability across Windows 10, 11, and Server 2019-2025. Vendor-released patch available for all affected versions (build numbers 10.0.17763.8644+, 10.0.19044.7184+, 10.0.22631.6936+, 10.0.26100.32690+, and newer). No public exploit identified at time of analysis, though the local attack vector with low complexity (CVSS AV:L/AC:L

Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-32068 HIGH PATCH This Week

Local privilege escalation in Windows SSDP Service affects all supported Windows 10, Windows 11, and Windows Server versions from 2012 through 2025 via a race condition vulnerability. Authenticated local users with low privileges can exploit improper synchronization in shared resource access to gain SYSTEM-level privileges, achieving full system compromise. Vendor-released patches are available across all affected versions. No public exploit identified at time of analysis, though the local attack vector and high impact warrant priority patching on multi-user or sensitive systems.

Information Disclosure Race Condition Microsoft
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-27930 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows GDI allows local unauthenticated attackers to disclose sensitive information with user interaction. The vulnerability affects Windows 10 versions 1607, 1809, 21H2, and 22H2, all Windows 11 versions from 22H3 through 26H1, and Windows Server 2012 through 2025. No public exploit code or active exploitation has been confirmed; a vendor patch is available.

Buffer Overflow Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-27928 HIGH PATCH Exploit Unlikely This Week

Windows Hello authentication bypass on Server 2016-2025 allows unauthenticated remote attackers to circumvent biometric/PIN security mechanisms over a network despite high attack complexity. CVSS 8.7 (Critical) with scope change indicates potential lateral movement from compromised Hello authentication into broader Windows security context. Vendor-released patches available for all affected versions (builds 10.0.14393.9060, 10.0.17763.8644, 10.0.20348.5020, 10.0.25398.2274, 10.0.26100.32690). No confirmed active exploitation (CISA KEV) or public exploit code identified at time of analysis, though VulDB tracking suggests security community awareness.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
8.7
EPSS
0.1%
CVE-2026-27925 MEDIUM PATCH Exploit Unlikely This Month

Use-after-free memory corruption in Windows UPnP Device Host enables unauthenticated adjacent network attackers to disclose sensitive information with CVSS 6.5 high severity. The vulnerability affects Windows 10 (versions 1607, 1809, 21H2, 22H2), Windows 11 (versions 22H3, 23H2, 24H2, 25H2, 26H1), and multiple Windows Server editions (2012 through 2025). Microsoft has released patches with specific version thresholds; exploitation requires network adjacency but no authentication or user interaction.

Denial Of Service Use After Free Memory Corruption Microsoft
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-27922 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Ancillary Function Driver for WinSock (AFD.sys) affects all Windows 10, Windows 11, and Windows Server versions from 2012 through 2025 via a use-after-free memory corruption flaw. Authenticated local attackers with low privileges can exploit this CWE-416 vulnerability to achieve full system compromise (SYSTEM-level access), though the high attack complexity (AC:H) suggests exploitation requires precise timing or race condition manipulation. No public exp

Denial Of Service Use After Free Memory Corruption Microsoft
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-27920 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Universal Plug and Play Device Host service affects all supported Windows 10, Windows 11, and Windows Server versions via untrusted pointer dereference (CWE-822). Low-complexity attack requires low-level authenticated access (PR:L) with no user interaction, enabling complete system compromise (C:H/I:H/A:H). Microsoft released patches in May 2025 for 21 affected product versions. No public exploit identified at time of analysis, though the local attack vector

Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27916 HIGH PATCH Exploit Unlikely This Week

Windows Universal Plug and Play (UPnP) Device Host privilege escalation allows authenticated local attackers to gain SYSTEM-level access via use-after-free memory corruption. Affects all supported Windows versions from Server 2012 through Windows 11 26H1 and Windows Server 2025. Vendor-released patches available. Attack requires low complexity with no user interaction (CVSS:3.1 AV:L/AC:L/PR:L/UI:N). No public exploit identified at time of analysis, though the primitive nature of use-after-free v

Denial Of Service Use After Free Memory Corruption Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27914 HIGH PATCH Exploit Likely This Week

Microsoft Management Console privilege escalation affects all supported Windows versions (10, 11, Server 2012-2025) via improper access control, allowing authenticated local users to gain SYSTEM-level privileges. CVSS 7.8 (High) reflects significant impact with low attack complexity requiring only low-level user credentials. Vendor-released patches available across all affected platforms through Microsoft's May 2025 update cycle. No public exploit identified at time of analysis, though the authe

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-27913 HIGH PATCH Exploit Likely This Week

BitLocker encryption bypass in Windows Server 2012 through 2022 enables local attackers with physical access to circumvent disk encryption protections without authentication. The vulnerability affects all Server Core and standard editions across ten years of Windows Server releases. Patch available per Microsoft Security Response Center (MSRC-2026-27913). No public exploit identified at time of analysis, but the local attack vector (AV:L) with no authentication requirement (PR:N) indicates high risk in scenarios where physical device access is possible, such as lost/stolen servers or insider threats.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
7.7
EPSS
0.1%
CVE-2026-27912 HIGH PATCH Exploit Unlikely This Week

Windows Kerberos authorization bypass enables authenticated attackers on adjacent networks to escalate privileges to high integrity levels across Windows Server 2012 through 2025. The flaw affects both desktop experience and Server Core installations. Vendor-released patches are available for all affected versions. No public exploit identified at time of analysis, though the low attack complexity (AC:L) and lack of user interaction (UI:N) suggest straightforward exploitation once adjacent network access is achieved.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
8.0
EPSS
0.2%
CVE-2026-27911 HIGH PATCH This Week

Race condition in Windows User Interface Core (MSRC patch CVE-2026-27911) enables low-privileged authenticated attackers to elevate privileges to SYSTEM level on Windows 10, Windows 11, and Windows Server 2016-2025 systems. The flaw stems from improper synchronization when multiple threads concurrently access shared resources in the UI subsystem, creating a time-of-check-time-of-use (TOCTOU) window exploitable for privilege escalation. Patch available per vendor advisory. No public exploit ident

Information Disclosure Race Condition Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
EPSS 0% CVSS 10.0
CRITICAL PATCH NO ACTION HOSTED Monitor

Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network.

Microsoft Deserialization
NVD
EPSS 0% CVSS 9.3
CRITICAL PATCH NO ACTION HOSTED Monitor

Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network.

Microsoft SSRF
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

@node-oauth/oauth2-server is a module for implementing an OAuth2 server in Node.js. The token exchange path accepts RFC7636-invalid code_verifier values (including one-character strings) for S256 PKCE flows. Because short/weak verifiers are accepted and failed verifier attempts do not consume the authorization code, an attacker who intercepts an authorization code can brute-force code_verifier guesses online until token issuance succeeds.

Node.js Information Disclosure Microsoft
NVD GitHub VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Race in GPU in Google Chrome on Windows prior to 147.0.7727.117 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: Medium)

Race Condition Information Disclosure Microsoft +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Authenticated users can trigger a denial of service in IBM Db2 11.5.0-11.5.9 and 12.1.0-12.1.4 for Linux, UNIX, and Windows through improper neutralization of special elements in database query logic, causing service unavailability without requiring user interaction or special configuration. The vulnerability affects both standalone Db2 instances and Db2 Connect Server deployments, with CVSS 6.5 reflecting network accessibility and authenticated access requirements. No public exploit code or active exploitation has been identified at the time of analysis.

Microsoft IBM Denial Of Service
NVD VulDB
EPSS 0% CVSS 8.4
HIGH This Week

DLL hijacking in LiveOn Meet Client and Canon Network Camera Plugin installers allows local attackers to execute arbitrary code with installer privileges when users run vulnerable installer executables from directories containing malicious DLLs. The flaw affects four installer executables (Downloader5Installer.exe, Downloader5InstallerForAdmin.exe, CanonNWCamPlugin.exe, CanonNWCamPluginForAdmin.exe) version 1.0.0.0. No public exploit identified at time of analysis, though the attack technique is well-documented. CVSS 8.4 (High) reflects significant impact contingent on user interaction and attacker's ability to place malicious files in the installer directory before execution - real-world risk depends heavily on organizational download practices and endpoint controls preventing untrusted DLL placement.

Information Disclosure Microsoft
NVD VulDB
EPSS 0% CVSS 8.5
HIGH This Week

Local privilege escalation in pcvisit Remote Host Modul on Windows allows low-privileged users to gain NT AUTHORITY\SYSTEM by overwriting the service binary with malicious code that executes automatically at boot. All versions after 22.6.22.1329 through 25.12.3.1745 are affected due to weak file permissions (CWE-276). Vendor patched in version 25.12.3.1745 per advisory. EPSS and KEV status unknown, but vulnerability is trivial to exploit (CVSS AV:L/AC:L/PR:L) with maximum local impact (8.5 High).

Microsoft Privilege Escalation
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials.

Information Disclosure Kubernetes Microsoft
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privileges than expected.

Information Disclosure Microsoft
NVD VulDB
EPSS 0% CVSS 5.9
MEDIUM This Month

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Microsoft Active Directory). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows low privileged attacker with network access via LDAP to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Identity Manager Connector accessible data as well as unauthorized read access to a subset of Oracle Identity Manager Connector accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N).

Authentication Bypass Oracle Microsoft
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out-of-bounds buffer write in CPython's asyncio.ProactorEventLoop (Windows only) allows remote attackers to trigger memory corruption via oversized network data. The sock_recvfrom_into() method lacks buffer size validation when the nbytes parameter is used, enabling writes beyond allocated memory boundaries. Patch available via GitHub PR #148809. CVSS 8.8 reflects network-accessible attack surface with no authentication required, though exploitation is platform-specific (Windows only) and requires specific asyncio usage patterns.

Memory Corruption Microsoft Buffer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Path traversal in Apktool 3.0.0-3.0.1 enables malicious APK files to write arbitrary files during decoding operations, potentially achieving remote code execution by overwriting shell configuration files or startup scripts. This security regression, introduced December 12, 2025 when sanitization controls were removed from resource decoder logic, allows attackers to embed directory traversal sequences in APK metadata that escape output directories and target critical system files like ~/.ssh/config or Windows Startup folders. CVSS 7.1 with local attack vector and required user interaction. No active exploitation (CISA KEV) or public POC identified at time of analysis, but exploit development is straightforward given the detailed technical disclosure in GitHub advisory GHSA-m8mh-x359-vm8m.

Path Traversal Microsoft Google
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

KDE Kleopatra before 26.08.0 on Windows allows local users to obtain the privileges of a Kleopatra user, because there is an error in the mechanism (KUniqueService) for ensuring that only one instance is running.

Information Disclosure Microsoft
NVD GitHub
EPSS 0% CVSS 2.3
LOW PATCH Monitor

Out-of-bounds read in wolfSSHd on Windows allows authenticated users to leak adjacent stack memory via malformed terminal resize requests, exposing sensitive data through pseudo-console output. Affects wolfSSH versions prior to 1.5.0. CVSS score of 2.3 reflects low severity due to authentication requirement and limited confidentiality impact; vendor patch available.

Microsoft Buffer Overflow
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

OpenClaw versions 2026.4.7 through 2026.4.14 fail to enforce path containment on tool-result media references, enabling attackers to craft malicious tool-result inputs that trigger arbitrary local file reads or Windows UNC path access without authentication. An attacker can disclose sensitive files or extract credentials by exploiting this path-traversal weakness in the tool-result processing logic, requiring only network access and the ability to provide crafted tool-result media parameters to an exposed endpoint.

Information Disclosure Microsoft
NVD GitHub VulDB
EPSS 0% CVSS 8.0
HIGH PATCH This Week

Stored cross-site scripting (XSS) via malicious SVG file upload in DNN Platform (DotNetNuke) versions before 10.2.2 allows low-privileged authenticated users to execute arbitrary JavaScript in the context of other users' browsers. Attackers can craft SVG files containing embedded scripts that execute when viewed by victims, with elevated impact if targeting administrative users. EPSS data not provided; no CISA KEV listing indicates no confirmed widespread exploitation at time of analysis. CVSS 8.1 (High) reflects the scope change and high confidentiality/integrity impact despite requiring both authentication and user interaction.

Information Disclosure Microsoft
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

DNN (DotNetNuke) 10.0.0 through 10.2.1 installations use an identical Host GUID across all new deployments, enabling attackers to impersonate the host administrator account and gain unauthorized access to sensitive CMS functionality. This affects only fresh installations-upgrades from 9.x retain unique identifiers. The vulnerability requires network access to exploit but no authentication or user interaction, and is patched in version 10.2.2.

Information Disclosure Microsoft
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

DNN (DotNetNuke) Platform versions 6.0.0 through 10.2.1 allow authenticated users to bypass authorization controls in the friends feature and force acceptance of friend requests on behalf of other users, resulting in unauthorized relationship modifications. The vulnerability requires valid user credentials (PR:L) and affects the integrity of user social graphs without exposing sensitive data. No public exploit code or active exploitation has been confirmed; vendors have released patched version 10.2.2.

Authentication Bypass Microsoft
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Claude Code prior to version 2.1.75 on Windows allows low-privileged local users to execute arbitrary code by placing a malicious configuration file in an unprotected shared directory (C:\ProgramData\ClaudeCode\managed-settings.json). The vulnerability exploits the default writability of ProgramData to non-administrative users and the absence of directory ownership validation, enabling privilege escalation or lateral impact when a victim user subsequently launches the application. This requires local system access and user interaction (launching Claude Code), limiting real-world impact to shared multi-user systems.

Information Disclosure Microsoft
NVD GitHub VulDB
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Out-of-bounds read in xrdp RDP server versions ≤0.10.5 allows remote unauthenticated attackers to crash the service or disclose process memory by sending a malformed Confirm Active PDU during RDP capability negotiation. Attack complexity is low but requires user interaction. EPSS data not available; no CISA KEV listing or public POC identified at time of analysis. Vendor-released patch available in version 0.10.6 per GitHub security advisory GHSA-rvh9-9wm3-28c7.

Denial Of Service Information Disclosure Microsoft +2
NVD GitHub VulDB
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

Bypass of Windows Driver Signature Enforcement in Veeam Backup and Replication 12.x and Software Appliance 13.x allows local administrators to load unsigned kernel drivers, potentially enabling persistent kernel-level compromise. The vulnerability requires high-level administrative privileges and is not actively exploited in the wild; however, EPSS scoring (0.01%) suggests this is a low-probability exploitation target despite the high CVSS score, indicating the attack scenario is constrained by strict privilege and configuration requirements.

Command Injection Microsoft Backup And Replication +1
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

GREENmod before 2.8.33 allows remote code execution and server-side request forgery via incorrectly configured named pipes that accept unauthenticated XML or JSON file uploads, processing them with service-level privileges on Windows systems. An attacker on the network can abuse this to trigger SSRF attacks against SMB or WebDAV targets accessible to the service account, potentially compromising internal Windows infrastructure without authentication.

SSRF Microsoft
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

Sparx Enterprise Architect client stores and transmits OAuth2 client secrets in plaintext, allowing local attackers to extract credentials and impersonate the application to obtain unauthorized access tokens. The vulnerability affects at least version 16.1.1627 and potentially earlier versions; local file system access is required to retrieve the exposed secrets, but once obtained, an attacker can perform remote authentication without additional privileges. NCSC-FI reported this vulnerability and it is tracked as EUVD-2025-209512; exploitation likelihood is elevated due to the ease of credential extraction from local storage.

Information Disclosure Microsoft
NVD VulDB
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Local privilege escalation in Rapid7 Insight Agent (versions > 4.1.0.2) on Windows allows unprivileged users to execute arbitrary code as SYSTEM via OpenSSL configuration file planting. The agent service loads openssl.cnf from a non-existent directory writable by standard users, enabling full host compromise without authentication. CVSS 8.5 with proof-of-concept exploit code available (E:P). EPSS data not provided; not currently listed in CISA KEV.

Privilege Escalation Microsoft OpenSSL
NVD
EPSS 0% CVSS 9.0
CRITICAL Act Now

SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, Mermaid diagrams are rendered with securityLevel set to "loose", and the resulting SVG is injected into the DOM via innerHTML. This allows attacker-controlled javascript: URLs in Mermaid code blocks to survive into the rendered output. On desktop builds using Electron, windows are created with nodeIntegration enabled and contextIsolation disabled, escalating the stored XSS to arbitrary code execution when a victim opens a note containing a malicious Mermaid block and clicks the rendered diagram node. This issue has been fixed in version 3.6.4.

XSS Microsoft RCE
NVD GitHub VulDB
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Cryptomator is an open-source client-side encryption application for cloud storage. Version 1.19.1 contains a logic flaw in CheckHostTrustController.getAuthority() that allows an attacker to bypass the security fix for CVE-2026-32303. The method hardcodes the URI scheme based on port number, causing HTTPS URLs with port 80 to produce the same authority string as HTTP URLs, which defeats both the consistency check and the HTTP block validation. An attacker with write access to a cloud-synced vault.cryptomator file can craft a Hub configuration where apiBaseUrl and authEndpoint use HTTPS with port 80 to pass auto-trust validation, while tokenEndpoint uses plaintext HTTP. The vault is auto-trusted without user prompt, and a network-positioned attacker can intercept the OAuth token exchange to access the Cryptomator Hub API as the victim. This issue has been fixed in version 1.19.2.

Authentication Bypass Microsoft Hashicorp
NVD GitHub
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Local privilege escalation in Dell Storage Manager - Replay Manager for Microsoft Servers 8.0 allows low-privileged authenticated users to gain elevated privileges with high integrity and availability impact. Dell has released security advisory DSA-2026-058 with patches. The CVSS 7.3 (High) score reflects significant post-exploitation impact, though local access and existing authentication requirements limit initial attack surface. No active exploitation (CISA KEV) or public proof-of-concept code identified at time of analysis.

Privilege Escalation Dell Microsoft
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Integer underflow in Microsoft QUIC's ACK frame parser enables remote unauthenticated privilege escalation. The vulnerability (CWE-191: integer wrap-around) affects Microsoft's native QUIC library implementations (both OpenSSL and SChannel variants) distributed via NuGet packages. With CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) and vendor-confirmed patch available (commit 1e6e999b), this represents a critical network-exposed flaw in QUIC protocol implementations. No active exploitation confirmed (not in CISA KEV) and public exploit code status unknown at time of analysis, but the straightforward attack vector (network-accessible protocol parsing) and authentication bypass capability warrant immediate patching priority for systems using Microsoft QUIC libraries.

Authentication Bypass Integer Overflow Microsoft
NVD GitHub
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Local privilege escalation in Barracuda RMM (all versions prior to 2025.2.2) enables authenticated Windows users to execute arbitrary code as NT AUTHORITY\SYSTEM by writing malicious files to the insecurely-permissioned C:\Windows\Automation directory. Vendor-released patch version 2025.2.2 addresses the filesystem ACL misconfiguration. EPSS data unavailable; no confirmed active exploitation (not in CISA KEV), though VulnCheck public advisory increases likelihood of POC development. CVSS 8.5 reflects high local impact requiring only low-privileged authentication.

Privilege Escalation Microsoft
NVD
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

## Summary NocoBase's workflow HTTP request plugin and custom request action plugin make server-side HTTP requests to user-provided URLs without any SSRF protection. An authenticated user can access internal network services, cloud metadata endpoints, and localhost. ## Vulnerable Code ### 1. Workflow HTTP Request Plugin **`packages/plugins/@nocobase/plugin-workflow-request/src/server/RequestInstruction.ts` lines 117-128:** ```typescript return axios.request({ url: trim(url), // User-controlled, no validation method, headers, params, timeout, ...(method.toLowerCase() !== 'get' && data != null ? { data: transformer ? await transformer(data) : data } : {}), }); ``` The `url` at line 98 comes directly from user workflow configuration with only whitespace trimming. ### 2. Custom Request Action Plugin **`packages/plugins/@nocobase/plugin-action-custom-request/src/server/actions/send.ts` lines 172-198:** ```typescript const axiosRequestConfig = { baseURL: ctx.origin, ...options, url: getParsedValue(url, variables), // User-controlled via template headers: { ... }, params: getParsedValue(arrayToObject(params), variables), data: getParsedValue(toJSON(data), variables), }; const res = await axios(axiosRequestConfig); // No IP validation ``` ## Missing Protections - No `request-filtering-agent` or SSRF library (confirmed via grep across entire codebase) - No private IP range filtering - No cloud metadata endpoint blocking - No URL scheme validation - No DNS rebinding protection ## Attack Scenario 1. Authenticated user creates a workflow with HTTP Request node 2. Sets URL to `http://169.254.169.254/latest/meta-data/iam/security-credentials/` 3. Triggers the workflow 4. Server fetches AWS metadata and returns IAM credentials in workflow execution logs Alternatively via Custom Request action: 1. Create custom request with URL `http://127.0.0.1:5432` or `http://10.0.0.1:8080/admin` 2. Execute the action 3. Server makes request to internal service ## Impact - **Cloud metadata theft**: AWS/GCP/Azure credentials via metadata endpoints - **Internal network access**: Scan and interact with services on private IP ranges - **Database access**: Connect to localhost databases (PostgreSQL, Redis, etc.) - **Authentication required**: Yes (authenticated user), but any workspace member can create workflows

PostgreSQL SSRF Microsoft +1
NVD GitHub VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)

Microsoft Google Heap Overflow +3
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Uninitialized Use in Accessibility in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Information Disclosure Microsoft Google +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Video in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Use After Free Microsoft Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Git for Windows is the Windows port of Git. Versions prior to 2.53.0.windows.3 do not have protections that prevent attackers from obtaining a user's NTLM hash. The NTLM hash can be obtained by tricking users into cloning a malicious repository, or checking out a malicious branch, that accesses an attacker-controlled server. By default, NTLM authentication does not need any user interaction. By brute-forcing the NTLMv2 hash (which is expensive, but possible), credentials can be extracted. This issue has been fixed in version 2.53.0.windows.3.

Information Disclosure Microsoft
NVD GitHub VulDB
EPSS 0% CVSS 9.3
CRITICAL Act Now

Deserialization of untrusted data vulnerability in OpenText, Inc RightFax on Windows, 64 bit, 32 bit allows Object Injection.This issue affects RightFax: through 25.4.

Deserialization Microsoft
NVD VulDB
EPSS 0% CVSS 8.7
HIGH This Week

Certain HP DeskJet All in One devices may be vulnerable to remote code execution caused by a buffer overflow when specially crafted Web Services for Devices (WSD) scan requests are improperly validated and handled by the MFP. WSD Scan is a Microsoft Windows-based network scanning protocol that allows a PC to discover scanners (and MFPs) on a network and send scan jobs to them without requiring vendor specific drivers or utilities.

HP RCE Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

The `access_key` and `connection_string` connection properties were not marked as sensitive names in secrets masker. This means that user with read permission could see the values in Connection UI, as well as when Connection was accidentaly logged to logs, those values could be seen in the logs. Azure Service Bus used those properties to store sensitive values. Possibly other providers could be also affected if they used the same fields to store sensitive data. If you used Azure Service Bus connection with those values set or if you have other connections with those values storing sensitve values, you should upgrade Airflow to 3.2.0.

Information Disclosure Microsoft
NVD GitHub VulDB
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Remote code execution as root in OpenRemote IoT platform's rules engine (versions prior to 1.20.3) allows authenticated non-superuser attackers with write:rules role to execute arbitrary Java code via unsandboxed JavaScript rulesets. The vulnerability stems from Nashorn ScriptEngine.eval() executing user-supplied JavaScript without ClassFilter restrictions, enabling Java.type() access to any JVM class including java.lang.Runtime. Attackers can compromise the entire multi-tenant platform, steal c

Information Disclosure RCE Apple +7
NVD GitHub
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Command injection in Podman's HyperV machine backend allows local administrators with high privileges to execute arbitrary PowerShell commands at SYSTEM level on Windows hosts by crafting a malicious VM image path containing PowerShell subexpression syntax. The vulnerability affects Podman v4 and v5 on Windows only; a vendor patch is available via commit 571c842.

Command Injection RCE Microsoft
NVD GitHub VulDB
EPSS 0% CVSS 7.0
HIGH This Week

NTLMv2 credential leakage in Unisys WebPerfect Image Suite 3.0.3960.22810 and 3.0.3960.22604 enables remote unauthenticated attackers to extract machine-account hashes via deprecated .NET Remoting TCP channels, facilitating network-wide lateral movement and privilege escalation through hash relay attacks. Disclosed by VulnCheck, this flaw exploits insecure object deserialization to coerce NTLM authentication to attacker-controlled UNC paths. EPSS data not available; no KEV listing or public exploit code identified at time of analysis, though the disclosed technical details provide sufficient information for weaponization.

Privilege Escalation Microsoft
NVD VulDB GitHub
EPSS 0% CVSS 8.6
HIGH PATCH This Week

Unauthenticated Server-Side Request Forgery (SSRF) in Chamilo LMS versions prior to 2.0.0-RC.3 allows remote attackers to access internal network services and cloud metadata endpoints via unfiltered package-url parameter in the PENS plugin. Attackers can steal AWS IAM credentials from 169.254.169.254, probe internal infrastructure, and trigger state-changing operations on internal services without requiring authentication. CVSS 8.6 (High) with Changed Scope reflects the ability to pivot from the LMS to other internal systems. No public exploit identified at time of analysis, though the attack vector is straightforward requiring only HTTP requests to the exposed endpoint.

Authentication Bypass PHP SSRF +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Unauthenticated Configuration File Modification Vulnerability in DRC Central Office Services (COS) allows an attacker to modify the server's configuration file, potentially leading to mass data exfiltration, malicious traffic interception, or disruption of testing services.

Information Disclosure Microsoft
NVD
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

Windows Snipping Tool leaks sensitive information to unauthenticated network attackers via user interaction, enabling spoofing attacks. The vulnerability affects Windows 10 (versions 1607, 1809, 21H2, 22H2) and Windows 11 (versions 22H3, 23H2, 24H2, 25H2, 26H1), as well as Windows Server 2012 through 2025. Microsoft has released patches for all affected versions; exploitation requires user interaction but no specialized technical knowledge.

Information Disclosure Microsoft
NVD VulDB GitHub Exploit-DB
EPSS 0% CVSS 9.8
CRITICAL PATCH Exploit Unlikely Act Now

Remote code execution in Windows IKE Extension (Internet Key Exchange) via double free memory corruption allows unauthenticated network attackers to execute arbitrary code on Windows 10 (1607-22H2), Windows 11 (22H3-26H1), and Windows Server (2016-2025). CVSS 9.8 critical severity with network vector requiring no authentication or user interaction. Vendor patch released by Microsoft addresses CWE-415 double free weakness. EPSS score of 0.07% (21st percentile) suggests low observed exploitation probability despite critical severity rating, indicating this may be a targeted or difficult-to-exploit vulnerability in production environments. No CISA KEV listing or public POC identified at time of analysis.

Authentication Bypass Microsoft
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH Exploit Unlikely This Week

Remote code execution in Windows TCP/IP networking stack across Windows 10, 11, and Server versions allows unauthenticated network attackers to execute arbitrary code by exploiting a race condition in shared resource synchronization. The vulnerability affects all supported Windows versions from Server 2012 through Windows 11 26H1 and Server 2025. Microsoft has released patches addressing this high-severity flaw (CVSS 8.1). No public exploit identified at time of analysis, though SSVC assessment

Authentication Bypass Race Condition Microsoft
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH Exploit Unlikely This Week

Memory corruption in Microsoft Office Word enables local code execution through a use-after-free flaw affecting Microsoft 365 Apps for Enterprise and Office LTSC 2021/2024 for Windows and Mac. Despite the local attack vector (AV:L), the vulnerability requires no privileges (PR:N) or user interaction (UI:N), allowing unauthorized attackers to execute arbitrary code with high impact to confidentiality, integrity, and availability (CVSS 8.4). Vendor-released patch available via Microsoft Security Response Center as of April 2026. No public exploit identified at time of analysis, though the technical simplicity (AC:L) and memory corruption primitive increase weaponization risk.

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH Exploit Unlikely This Week

Microsoft Office Word untrusted pointer dereference (CWE-822) enables local code execution with high impact across Microsoft 365 Apps for Enterprise and Office LTSC 2021/2024 editions (Windows and macOS). The vulnerability requires local access but no privileges or user interaction (CVSS:3.1/AV:L/AC:L/PR:N/UI:N), allowing unauthenticated local attackers to achieve full system compromise. Vendor-released patch available per Microsoft Security Response Center advisory. No public exploit identified at time of analysis. SSVC assessment indicates no confirmed exploitation, non-automatable attack, but total technical impact (full control).

Authentication Bypass Microsoft
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Win32K graphics subsystem (Win32K-GRFX) allows authenticated attackers with low privileges to gain SYSTEM-level access by exploiting a race condition during concurrent resource access. Affects all supported Windows 10, Windows 11, and Windows Server versions from 2012 through 2025. Microsoft has released patches addressing this CWE-362 synchronization flaw. No public exploit identified at time of analysis, though the local attack vector and high complexity (

Information Disclosure Race Condition Microsoft
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Improper access control in Microsoft Dynamics 365 (on-premises) version 9.0 allows authenticated local attackers to disclose sensitive information without user interaction. The vulnerability stems from insufficient authorization checks that permit users with low-level privileges to access confidential data through local access vectors. This affects Dynamics 365 on-premises deployments up to version 9.0.0043.x, with vendor-released patches available from Microsoft.

Authentication Bypass Microsoft
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in Windows Print Spooler Components allows authenticated attackers with low privileges to achieve complete system compromise (high confidentiality, integrity, and availability impact) by exploiting a use-after-free memory corruption vulnerability. Affects Windows 11 versions 24H2, 25H2, 26H1, Windows Server 2022 23H2 Edition, and Windows Server 2025. CVSS score 7.8 reflects local attack vector with low complexity and no user interaction required. No public exploit or CISA KEV status identified at time of analysis, though use-after-free vulnerabilities in Print Spooler have historically been attractive exploitation targets.

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Ancillary Function Driver for WinSock (AFD.sys) affects all supported Windows 10, Windows 11, and Windows Server versions from 2012 through 2025. The CWE-416 use-after-free memory corruption flaw allows low-privileged authenticated attackers with local access to elevate to SYSTEM privileges, achieving complete control over confidentiality, integrity, and availability. SSVC framework rates this as non-automatable with total technical impact. No public exploit

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation via use-after-free in Windows Ancillary Function Driver for WinSock (AFD.sys) allows authenticated low-privileged attackers to execute arbitrary code with SYSTEM privileges across all supported Windows versions. Microsoft has released patches for Windows 10 (versions 1607-22H2), Windows 11 (versions 22H3-25H2), and Windows Server (2012-2022 23H2). The vulnerability requires local access and low privileges (PR:L) with high attack complexity (AC:H), but no public exploit

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH Exploit Likely This Week

Windows Shell security feature bypass enables unauthenticated remote attackers to defeat protection mechanisms across all supported Windows client and server versions (Windows 10 1607 through Windows 11 26H1, Server 2012 through Server 2025) via network-based attack requiring user interaction. The CVSS 8.8 rating reflects complete compromise potential (high confidentiality, integrity, and availability impact) despite low attack complexity. Microsoft has released patches addressing this authentic

Authentication Bypass Microsoft
NVD VulDB
EPSS 1% 4.3 CVSS 6.5
MEDIUM POC KEV PATCH THREAT Exploited Act Now

Improper input validation in Microsoft SharePoint Server enables network-based spoofing attacks without authentication, allowing attackers to forge communications and deceive users. Affects SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition. This vulnerability is confirmed actively exploited (CISA KEV) with publicly available exploit code, making it a critical operational priority despite the moderate CVSS score of 6.5.

Authentication Bypass Microsoft
NVD VulDB GitHub
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Use-after-free memory corruption in Microsoft PowerPoint (versions 2016, 2019, LTSC 2021, LTSC 2024, and Microsoft 365 Apps for Enterprise) enables local code execution when users open malicious files. An attacker with no privileges can achieve full system compromise (high confidentiality, integrity, and availability impact) by convincing a user to open a crafted PowerPoint document. Vendor patch available via Microsoft Security Response Center. No public exploit code or confirmed active exploitation (CISA KEV) identified at time of analysis, though CVSS 7.8 rating reflects high severity for local attack scenarios.

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Microsoft Excel use-after-free vulnerability (CWE-416) enables arbitrary code execution when a user opens a specially crafted Excel file. Affects Microsoft 365 Apps for Enterprise, Excel 2016, Office 2019, Office LTSC 2021/2024 (Windows and Mac), and Office Online Server. CVSS 7.8 (High) requires local access and user interaction but no authentication. No public exploit identified at time of analysis. Microsoft released patches addressing all affected product lines per MSRC update guide.

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Use-after-free vulnerability in Microsoft Office Excel enables local code execution when users open maliciously crafted Excel files. Affects all major Office versions including Microsoft 365 Apps for Enterprise, Excel 2016, Office 2019, Office LTSC 2021/2024 (Windows and Mac), and Office Online Server. Attack requires no authentication (PR:N) but demands user interaction (opening a weaponized document). CVSS 7.8 (High) reflects significant impact potential (code execution with high confidentiali

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Use-after-free memory corruption in Microsoft Excel across Office 2016-2024 and Microsoft 365 enables local code execution when a user opens a malicious spreadsheet. Attackers must craft a weaponized Excel file and trick users into opening it, after which arbitrary code runs with the victim's privileges. No authentication is required, though user interaction is necessary. Exploitation probability remains moderate (CVSS 7.8) with no confirmed active exploitation (no CISA KEV listing) and no publi

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH Exploit Unlikely This Month

Stored cross-site scripting (XSS) in Windows Admin Center before version 2.6.5.16 allows unauthenticated remote attackers to inject malicious scripts that execute in the browsers of other users, enabling account spoofing and data theft. The vulnerability requires user interaction (clicking a malicious link) but has network-wide scope, affecting all users of the Admin Center instance. Microsoft has released a patched version; exploitation is currently limited to scenarios where attackers can socially engineer clicks on crafted URLs.

XSS Microsoft
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH Exploit Unlikely This Week

Use-after-free memory corruption in Microsoft Office (versions 2016 through LTSC 2024, including Microsoft 365 Apps for Enterprise) enables local code execution with no authentication or user interaction required. Attackers with local system access can execute arbitrary code with high impact to confidentiality, integrity, and availability (CVSS 8.4). No public exploit identified at time of analysis. Vendor-released patch available via Microsoft Security Response Center for all affected versions.

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Azure Logic Apps fails to adequately protect stored credentials, enabling authenticated attackers with network access to escalate privileges and gain unauthorized access to sensitive data. With a CVSS score of 8.8 and low attack complexity (AC:L), this vulnerability poses significant risk to cloud environments where Logic Apps handle integration credentials. Microsoft has released a patch addressing the credential protection weakness. No public exploit identified at time of analysis, though the low complexity suggests straightforward exploitation once authentication is obtained.

Information Disclosure Microsoft
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows User Interface Core across Windows 10, 11, and Server 2016-2025 allows low-privileged authenticated users to gain elevated system access via a race condition vulnerability. Attack complexity is high (AC:H), requiring precise timing exploitation of shared resource synchronization flaws. Vendor-released patches are available for all affected versions. No public exploit identified at time of analysis, though the local attack vector and authenticated requirement

Information Disclosure Race Condition Microsoft
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Privilege escalation in Windows User Interface Core across Windows 10 (1809-22H2), Windows 11 (22H3-26H1), and Windows Server (2019-2025) allows authenticated local attackers to gain elevated privileges via race condition exploitation. Vendor-released patches available for all affected versions. No public exploit identified at time of analysis. CVSS 7.8 (high) with local attack vector and high complexity (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C) indicates significant real-world risk in multi-user environments where low-privilege users can access affected systems.

Information Disclosure Race Condition Microsoft
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH Exploit Likely This Week

Local privilege escalation in Windows COM across Windows 10 (1809, 21H2, 22H2), Windows 11 (22H3-26H1), and Windows Server (2019-2025) allows unauthenticated attackers with local access to achieve full system compromise (high confidentiality, integrity, and availability impact) by exploiting acceptance of untrusted data alongside trusted data. CVSS 8.4 reflects the severe impact of complete privilege escalation despite requiring local access. Vendor-released patch available with specific build n

Authentication Bypass Microsoft
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Use-after-free in Microsoft Windows Speech component enables local privilege escalation to SYSTEM on Windows 10 (versions 1809, 21H2, 22H2) and Windows 11 (versions 22H3 through 26H1). Authenticated local attackers with low privileges can exploit memory corruption to gain full system control with low attack complexity and no user interaction required. CVSS 7.8 (High). Vendor-released patches available for all affected versions. No public exploit identified at time of analysis, though the straigh

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH Exploit Unlikely This Month

Windows Shell information disclosure vulnerability (CVE-2026-32151) allows authenticated network attackers to read sensitive data without authorization. The vulnerability affects Windows 10 versions 1607-22H2, Windows 11 versions 22H3-26H1, Windows Server 2012-2025, and associated Server Core installations. Microsoft has released vendor patches for all affected versions; exploitation requires valid credentials and network access but no user interaction.

Information Disclosure Microsoft
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH Exploit Unlikely This Week

Windows Hyper-V local privilege escalation via improper input validation (CWE-20) enables authenticated low-privilege attackers with user interaction to execute arbitrary code with high confidentiality, integrity, and availability impact across Windows 10 (versions 1607-22H2), Windows 11 (versions 22H3-26H1), and Windows Server (2016-2025). Microsoft released patches addressing the vulnerability with EPSS exploitation probability data not available; no public exploit identified at time of analys

Information Disclosure Microsoft
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows Brokering File System allows unprivileged attackers with physical or local access to gain SYSTEM-level privileges through a race condition vulnerability. The flaw affects all supported Windows 10, Windows 11, and Windows Server versions from 2016 through 2025. Despite an 8.4 CVSS score indicating high severity, real-world risk is moderate: EPSS score of 0.04% (12th percentile) suggests low exploitation likelihood, SSVC framework confirms no active exploitation, and the local attack vector limits exposure to scenarios where attackers already have local access. Vendor-released patches are available for all affected versions.

Authentication Bypass Race Condition Microsoft
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH Exploit Unlikely This Month

Windows Biometric Service contains a race condition in concurrent resource access that allows unauthorized attackers to bypass biometric authentication controls via physical attack, affecting Windows 10 (versions 1809, 21H2, 22H2), Windows 11 (versions 22H3, 23H2, 24H2, 25H2, 26H1), and Windows Server 2019, 2022, and 2025. The vulnerability requires physical access to the device and carries a moderate CVSS score of 6.1 (physical attack vector); Microsoft has released patches for all affected versions.

Authentication Bypass Race Condition Microsoft
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Windows File Explorer exposes sensitive information to authenticated local users with low privileges, allowing them to read confidential data without modification or service disruption. This affects multiple Windows 10 and Windows 11 versions, as well as Windows Server 2012 through 2025. Microsoft has released patches addressing the information disclosure vector; exploitation requires local system access and valid user credentials.

Information Disclosure Microsoft
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows WalletService across Server 2016 through Server 2025 allows low-privileged authenticated attackers to gain SYSTEM-level access by exploiting a use-after-free memory corruption flaw. Attack complexity is high (CVSS AC:H), requiring precise timing or race condition exploitation. Patch available per vendor advisory (MSRC). No public exploit identified at time of analysis, EPSS data not provided.

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Windows File Explorer information disclosure vulnerability in Windows 10 and Windows 11 allows authenticated local attackers to read sensitive files through a flaw in access control validation. CVSS 5.5 indicates moderate risk with confidentiality impact but no integrity or availability compromise. Patch available from Microsoft; no public exploit code or active exploitation confirmed at time of analysis.

Information Disclosure Microsoft
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Projected File System (ProjFS) across Windows 10, Windows 11, and Windows Server 2019-2025 allows authenticated low-privileged users to gain SYSTEM-level control via use-after-free memory corruption. Attack requires local access and low-privileged credentials (CVSS PR:L) but no user interaction, enabling complete compromise of confidentiality, integrity, and availability. Vendor-released patches are available for all affected versions. No public exploit identified at time of analysis, though the vulnerability class (use-after-free) is well-understood and commonly targeted once details emerge.

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host enables authenticated local attackers to elevate privileges to SYSTEM level across all supported Windows 10, Windows 11, and Windows Server versions from 2012 through 2025. The vulnerability (CWE-822) requires low-privilege authenticated access and minimal attack complexity (CVSS 7.8, AV:L/AC:L/PR:L). No public exploit identified at time of analysis. Microsoft released patches for all affected versions including

Information Disclosure Microsoft
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Storage Spaces Controller (Windows 11 22H2-26H1, Server 2022-2025) enables low-privileged authenticated users to gain SYSTEM-level access via out-of-bounds read exploitation. CVSS 7.8 (High). No public exploit identified at time of analysis, but ENISA EUVD tracking indicates European regulatory attention. Vendor-released patches available for all affected versions.

Buffer Overflow Information Disclosure Microsoft
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation via double free vulnerability in Windows Projected File System (ProjFS) enables low-privileged authenticated users to achieve SYSTEM-level access across Windows 10, Windows 11, and Windows Server environments. The CWE-415 memory corruption flaw requires low attack complexity and no user interaction, affecting all actively supported Windows versions from legacy 1809 builds through current 26H1 releases. Vendor-released patches are available with build numbers confirmed

Information Disclosure Microsoft
NVD VulDB
EPSS 0% CVSS 6.2
MEDIUM PATCH Exploit Unlikely This Month

Improper authentication in Windows Active Directory enables local spoofing attacks on unauthenticated users, allowing attackers with local access to bypass authentication mechanisms and gain unauthorized access to sensitive information. This vulnerability affects multiple Windows 10 and Windows 11 versions as well as Windows Server 2016 through 2025. A vendor-released patch is available from Microsoft, and the moderate CVSS score (6.2) reflects the local attack vector requirement combined with high confidentiality impact.

Authentication Bypass Microsoft
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Likely This Week

Local privilege escalation in Windows Common Log File System (CLFS) Driver affects Windows 10, 11, and Server 2012-2025 through a use-after-free memory corruption flaw. Authenticated local attackers with low privileges can exploit this vulnerability to gain SYSTEM-level access, achieving full control over confidentiality, integrity, and availability. While no public exploit identified at time of analysis, the Windows CLFS driver has been a frequent target for privilege escalation exploits histor

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Privilege escalation in Windows Projected File System (ProjFS) enables low-privileged local users to gain SYSTEM-level control through a double-free memory corruption vulnerability across Windows 10, 11, and Server 2019-2025. Vendor-released patch available for all affected versions (build numbers 10.0.17763.8644+, 10.0.19044.7184+, 10.0.22631.6936+, 10.0.26100.32690+, and newer). No public exploit identified at time of analysis, though the local attack vector with low complexity (CVSS AV:L/AC:L

Information Disclosure Microsoft
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege escalation in Windows SSDP Service affects all supported Windows 10, Windows 11, and Windows Server versions from 2012 through 2025 via a race condition vulnerability. Authenticated local users with low privileges can exploit improper synchronization in shared resource access to gain SYSTEM-level privileges, achieving full system compromise. Vendor-released patches are available across all affected versions. No public exploit identified at time of analysis, though the local attack vector and high impact warrant priority patching on multi-user or sensitive systems.

Information Disclosure Race Condition Microsoft
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows GDI allows local unauthenticated attackers to disclose sensitive information with user interaction. The vulnerability affects Windows 10 versions 1607, 1809, 21H2, and 22H2, all Windows 11 versions from 22H3 through 26H1, and Windows Server 2012 through 2025. No public exploit code or active exploitation has been confirmed; a vendor patch is available.

Buffer Overflow Information Disclosure Microsoft
NVD VulDB
EPSS 0% CVSS 8.7
HIGH PATCH Exploit Unlikely This Week

Windows Hello authentication bypass on Server 2016-2025 allows unauthenticated remote attackers to circumvent biometric/PIN security mechanisms over a network despite high attack complexity. CVSS 8.7 (Critical) with scope change indicates potential lateral movement from compromised Hello authentication into broader Windows security context. Vendor-released patches available for all affected versions (builds 10.0.14393.9060, 10.0.17763.8644, 10.0.20348.5020, 10.0.25398.2274, 10.0.26100.32690). No confirmed active exploitation (CISA KEV) or public exploit code identified at time of analysis, though VulDB tracking suggests security community awareness.

Authentication Bypass Microsoft
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH Exploit Unlikely This Month

Use-after-free memory corruption in Windows UPnP Device Host enables unauthenticated adjacent network attackers to disclose sensitive information with CVSS 6.5 high severity. The vulnerability affects Windows 10 (versions 1607, 1809, 21H2, 22H2), Windows 11 (versions 22H3, 23H2, 24H2, 25H2, 26H1), and multiple Windows Server editions (2012 through 2025). Microsoft has released patches with specific version thresholds; exploitation requires network adjacency but no authentication or user interaction.

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Ancillary Function Driver for WinSock (AFD.sys) affects all Windows 10, Windows 11, and Windows Server versions from 2012 through 2025 via a use-after-free memory corruption flaw. Authenticated local attackers with low privileges can exploit this CWE-416 vulnerability to achieve full system compromise (SYSTEM-level access), though the high attack complexity (AC:H) suggests exploitation requires precise timing or race condition manipulation. No public exp

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Universal Plug and Play Device Host service affects all supported Windows 10, Windows 11, and Windows Server versions via untrusted pointer dereference (CWE-822). Low-complexity attack requires low-level authenticated access (PR:L) with no user interaction, enabling complete system compromise (C:H/I:H/A:H). Microsoft released patches in May 2025 for 21 affected product versions. No public exploit identified at time of analysis, though the local attack vector

Information Disclosure Microsoft
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Windows Universal Plug and Play (UPnP) Device Host privilege escalation allows authenticated local attackers to gain SYSTEM-level access via use-after-free memory corruption. Affects all supported Windows versions from Server 2012 through Windows 11 26H1 and Windows Server 2025. Vendor-released patches available. Attack requires low complexity with no user interaction (CVSS:3.1 AV:L/AC:L/PR:L/UI:N). No public exploit identified at time of analysis, though the primitive nature of use-after-free v

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Microsoft Management Console privilege escalation affects all supported Windows versions (10, 11, Server 2012-2025) via improper access control, allowing authenticated local users to gain SYSTEM-level privileges. CVSS 7.8 (High) reflects significant impact with low attack complexity requiring only low-level user credentials. Vendor-released patches available across all affected platforms through Microsoft's May 2025 update cycle. No public exploit identified at time of analysis, though the authe

Authentication Bypass Microsoft
NVD VulDB
EPSS 0% CVSS 7.7
HIGH PATCH Exploit Likely This Week

BitLocker encryption bypass in Windows Server 2012 through 2022 enables local attackers with physical access to circumvent disk encryption protections without authentication. The vulnerability affects all Server Core and standard editions across ten years of Windows Server releases. Patch available per Microsoft Security Response Center (MSRC-2026-27913). No public exploit identified at time of analysis, but the local attack vector (AV:L) with no authentication requirement (PR:N) indicates high risk in scenarios where physical device access is possible, such as lost/stolen servers or insider threats.

Authentication Bypass Microsoft
NVD VulDB
EPSS 0% CVSS 8.0
HIGH PATCH Exploit Unlikely This Week

Windows Kerberos authorization bypass enables authenticated attackers on adjacent networks to escalate privileges to high integrity levels across Windows Server 2012 through 2025. The flaw affects both desktop experience and Server Core installations. Vendor-released patches are available for all affected versions. No public exploit identified at time of analysis, though the low attack complexity (AC:L) and lack of user interaction (UI:N) suggest straightforward exploitation once adjacent network access is achieved.

Authentication Bypass Microsoft
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Race condition in Windows User Interface Core (MSRC patch CVE-2026-27911) enables low-privileged authenticated attackers to elevate privileges to SYSTEM level on Windows 10, Windows 11, and Windows Server 2016-2025 systems. The flaw stems from improper synchronization when multiple threads concurrently access shared resources in the UI subsystem, creating a time-of-check-time-of-use (TOCTOU) window exploitable for privilege escalation. Patch available per vendor advisory. No public exploit ident

Information Disclosure Race Condition Microsoft
NVD VulDB
Prev Page 18 of 193 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy