Export limit exceeded: 344698 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344698 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-26169 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-04-14 | 6.1 Medium |
| Buffer over-read in Windows Kernel Memory allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-27930 | 1 Microsoft | 15 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 12 more | 2026-04-14 | 5.5 Medium |
| Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2026-26179 | 1 Microsoft | 6 Windows 11 23h2, Windows 11 24h2, Windows 11 25h2 and 3 more | 2026-04-14 | 7.8 High |
| Double free in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-26183 | 1 Microsoft | 7 Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 and 4 more | 2026-04-14 | 7.8 High |
| Improper access control in Windows RPC API allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-27908 | 1 Microsoft | 15 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 12 more | 2026-04-14 | 7 High |
| Use after free in Windows TDI Translation Driver (tdx.sys) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-27924 | 1 Microsoft | 5 Windows 10 21h2, Windows 10 22h2, Windows 11 23h2 and 2 more | 2026-04-14 | 7.8 High |
| Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-26175 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-04-14 | 4.6 Medium |
| Use of uninitialized resource in Windows Boot Manager allows an unauthorized attacker to bypass a security feature with a physical attack. | ||||
| CVE-2026-32152 | 1 Microsoft | 7 Windows 11 23h2, Windows 11 24h2, Windows 11 25h2 and 4 more | 2026-04-14 | 7.8 High |
| Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-32156 | 1 Microsoft | 15 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 12 more | 2026-04-14 | 7.4 High |
| Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-32160 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 8 more | 2026-04-14 | 7.8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-32165 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 8 more | 2026-04-14 | 7.8 High |
| Use after free in Windows User Interface Core allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-32093 | 1 Microsoft | 15 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 12 more | 2026-04-14 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-32192 | 1 Microsoft | 1 Azure Monitor Agent | 2026-04-14 | 7.8 High |
| Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-32219 | 1 Microsoft | 4 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 and 1 more | 2026-04-14 | 7 High |
| Double free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-32184 | 1 Microsoft | 1 Microsoft Hpc Pack 2019 | 2026-04-14 | 7.8 High |
| Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-26152 | 1 Microsoft | 15 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 12 more | 2026-04-14 | 7 High |
| Insecure storage of sensitive information in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-24907 | 2026-04-14 | N/A | ||
| October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a stored cross-site scripting (XSS) vulnerability in the Event Log mail preview feature. When viewing logged mail messages, HTML content was rendered in an iframe without proper sandboxing, allowing JavaScript execution in the viewer's browser context. This issue has been fixed in versions 3.7.14 and 4.1.10. If users are unable to update immediately, workarounds include restricting mail template editing permissions to fully trusted administrators only and restricting Event Log viewing permissions to minimize exposure. | ||||
| CVE-2026-33095 | 1 Microsoft | 5 365 Apps, Office 2021, Office 2024 and 2 more | 2026-04-14 | 7.8 High |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-32223 | 1 Microsoft | 4 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 and 1 more | 2026-04-14 | 6.8 Medium |
| Heap-based buffer overflow in Windows USB Print Driver allows an unauthorized attacker to elevate privileges with a physical attack. | ||||
| CVE-2026-27912 | 1 Microsoft | 7 Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 and 4 more | 2026-04-14 | 8 High |
| Improper authorization in Windows Kerberos allows an authorized attacker to elevate privileges over an adjacent network. | ||||