| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-32149 | Hig | 0.47 | 7.3 | 0.00 | Apr 14, 2026 | Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally. | ||
| CVE-2026-32093 | Hig | 0.46 | 7.0 | 0.01 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-32091 | Hig | 0.55 | 8.4 | 0.00 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally. | ||
| CVE-2026-32090 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-32089 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Use after free in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-32087 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Heap-based buffer overflow in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-32086 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-32083 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-32082 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-32080 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Use after free in Windows WalletService allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-32078 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-32077 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-32076 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Out-of-bounds read in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-32075 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-32074 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-32073 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-32071 | Hig | 0.49 | 7.5 | 0.01 | Apr 14, 2026 | Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network. | ||
| CVE-2026-32070 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-32069 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-32068 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-27929 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Time-of-check time-of-use (toctou) race condition in Windows LUAFV allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-27928 | Hig | 0.57 | 8.7 | 0.00 | Apr 14, 2026 | Improper input validation in Windows Hello allows an unauthorized attacker to bypass a security feature over a network. | ||
| CVE-2026-27927 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Projected File System allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-27926 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-27924 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-27923 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-27922 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-27921 | Hig | 0.46 | 7.0 | 0.01 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-27920 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-27919 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-27918 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-27917 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Use after free in Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-27916 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-27915 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-27914 | Hig | 0.51 | 7.8 | 0.03 | Apr 14, 2026 | Improper access control in Microsoft Management Console allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-27913 | Hig | 0.50 | 7.7 | 0.00 | Apr 14, 2026 | Improper input validation in Windows BitLocker allows an unauthorized attacker to bypass a security feature locally. | ||
| CVE-2026-27912 | Hig | 0.52 | 8.0 | 0.00 | Apr 14, 2026 | Improper authorization in Windows Kerberos allows an authorized attacker to elevate privileges over an adjacent network. | ||
| CVE-2026-27911 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-27910 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Improper handling of insufficient permissions or privileges in Windows Installer allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-27909 | Hig | 0.51 | 7.8 | 0.02 | Apr 14, 2026 | Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-27908 | Hig | 0.46 | 7.0 | 0.02 | Apr 14, 2026 | Use after free in Windows TDI Translation Driver (tdx.sys) allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-27907 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Integer underflow (wrap or wraparound) in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-26184 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-26183 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Improper access control in Windows RPC API allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-26182 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-26181 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-26180 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-26179 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Double free in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-26178 | Hig | 0.57 | 8.8 | 0.00 | Apr 14, 2026 | Integer size truncation in Windows Advanced Rasterization Platform (WARP) allows an unauthorized attacker to elevate privileges locally. | ||
| CVE-2026-26177 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. |
- risk 0.47cvss 7.3epss 0.00
Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.
- risk 0.46cvss 7.0epss 0.01
Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
- risk 0.55cvss 8.4epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Heap-based buffer overflow in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows WalletService allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Out-of-bounds read in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.49cvss 7.5epss 0.01
Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Time-of-check time-of-use (toctou) race condition in Windows LUAFV allows an authorized attacker to elevate privileges locally.
- risk 0.57cvss 8.7epss 0.00
Improper input validation in Windows Hello allows an unauthorized attacker to bypass a security feature over a network.
- risk 0.51cvss 7.8epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Projected File System allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.01
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.03
Improper access control in Microsoft Management Console allows an authorized attacker to elevate privileges locally.
- risk 0.50cvss 7.7epss 0.00
Improper input validation in Windows BitLocker allows an unauthorized attacker to bypass a security feature locally.
- risk 0.52cvss 8.0epss 0.00
Improper authorization in Windows Kerberos allows an authorized attacker to elevate privileges over an adjacent network.
- risk 0.51cvss 7.8epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Improper handling of insufficient permissions or privileges in Windows Installer allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.02
Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.02
Use after free in Windows TDI Translation Driver (tdx.sys) allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Integer underflow (wrap or wraparound) in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Improper access control in Windows RPC API allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Double free in Windows Kernel allows an authorized attacker to elevate privileges locally.
- risk 0.57cvss 8.8epss 0.00
Integer size truncation in Windows Advanced Rasterization Platform (WARP) allows an unauthorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.