| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-34627 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a… | ||
| CVE-2026-34617 | Hig | 0.57 | 8.7 | 0.00 | Apr 14, 2026 | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could result in privilege escalation. A low-privileged attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining… | ||
| CVE-2026-33827 | Hig | 0.53 | 8.1 | 0.01 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-33826 | Hig | 0.52 | 8.0 | 0.01 | Apr 14, 2026 | Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network. | ||
| CVE-2026-33825 | Hig | 0.63 | 7.8 | 0.07 | KEV | Apr 14, 2026 | Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally. | |
| CVE-2026-33120 | Hig | 0.57 | 8.8 | 0.01 | Apr 14, 2026 | Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network. | ||
| CVE-2026-33116 | Hig | 0.42 | 7.5 | 0.02 | Apr 14, 2026 | Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network. | ||
| CVE-2026-33115 | Hig | 0.55 | 8.4 | 0.00 | Apr 14, 2026 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-33114 | Hig | 0.55 | 8.4 | 0.00 | Apr 14, 2026 | Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-33104 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-33101 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Use after free in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-33100 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-33099 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-33098 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Use after free in Windows Container Isolation FS Filter Driver allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-33096 | Hig | 0.49 | 7.5 | 0.01 | Apr 14, 2026 | Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to deny service over a network. | ||
| CVE-2026-33095 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-32225 | Hig | 0.57 | 8.8 | 0.01 | Apr 14, 2026 | Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network. | ||
| CVE-2026-32224 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Use after free in Windows Server Update Service allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-32222 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Untrusted pointer dereference in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-32221 | Hig | 0.55 | 8.4 | 0.00 | Apr 14, 2026 | Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-32219 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Double free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-32203 | Hig | 0.42 | 7.5 | 0.02 | Apr 14, 2026 | Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network. | ||
| CVE-2026-32200 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-32199 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-32198 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-32197 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-32195 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Stack-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-32192 | Hig | 0.51 | 7.8 | 0.02 | Apr 14, 2026 | Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-32190 | Hig | 0.55 | 8.4 | 0.00 | Apr 14, 2026 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-32189 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-32188 | Hig | 0.46 | 7.1 | 0.00 | Apr 14, 2026 | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | ||
| CVE-2026-32184 | Hig | 0.51 | 7.8 | 0.02 | Apr 14, 2026 | Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-32183 | Hig | 0.51 | 7.8 | 0.01 | Apr 14, 2026 | Improper neutralization of special elements used in a command ('command injection') in Windows Snipping Tool allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-32178 | Hig | 0.42 | 7.5 | 0.02 | Apr 14, 2026 | Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network. | ||
| CVE-2026-32171 | Hig | 0.57 | 8.8 | 0.00 | Apr 14, 2026 | Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2026-32168 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Improper input validation in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-32165 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Use after free in Windows User Interface Core allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-32164 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-32163 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-32162 | Hig | 0.55 | 8.4 | 0.02 | Apr 14, 2026 | Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate privileges locally. | ||
| CVE-2026-32160 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-32159 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-32158 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-32157 | Hig | 0.57 | 8.8 | 0.01 | Apr 14, 2026 | Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-32156 | Hig | 0.48 | 7.4 | 0.00 | Apr 14, 2026 | Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-32155 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-32154 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-32153 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-32152 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-32150 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally. |
- risk 0.51cvss 7.8epss 0.00
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…
- risk 0.57cvss 8.7epss 0.00
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could result in privilege escalation. A low-privileged attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining…
- risk 0.53cvss 8.1epss 0.01
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network.
- risk 0.52cvss 8.0epss 0.01
Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network.
- risk 0.63cvss 7.8epss 0.07
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.
- risk 0.57cvss 8.8epss 0.01
Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.
- risk 0.42cvss 7.5epss 0.02
Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network.
- risk 0.55cvss 8.4epss 0.00
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.4epss 0.00
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Windows Container Isolation FS Filter Driver allows an authorized attacker to elevate privileges locally.
- risk 0.49cvss 7.5epss 0.01
Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to deny service over a network.
- risk 0.51cvss 7.8epss 0.00
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- risk 0.57cvss 8.8epss 0.01
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Server Update Service allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Untrusted pointer dereference in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
- risk 0.55cvss 8.4epss 0.00
Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code locally.
- risk 0.46cvss 7.0epss 0.00
Double free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
- risk 0.42cvss 7.5epss 0.02
Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.
- risk 0.51cvss 7.8epss 0.00
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- risk 0.46cvss 7.0epss 0.00
Stack-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.02
Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
- risk 0.55cvss 8.4epss 0.00
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- risk 0.46cvss 7.1epss 0.00
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
- risk 0.51cvss 7.8epss 0.02
Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.01
Improper neutralization of special elements used in a command ('command injection') in Windows Snipping Tool allows an unauthorized attacker to execute code locally.
- risk 0.42cvss 7.5epss 0.02
Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.
- risk 0.57cvss 8.8epss 0.00
Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.
- risk 0.51cvss 7.8epss 0.00
Improper input validation in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Windows User Interface Core allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.
- risk 0.55cvss 8.4epss 0.02
Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
- risk 0.57cvss 8.8epss 0.01
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
- risk 0.48cvss 7.4epss 0.00
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.