CVEs

28,530 total · page 60 of 571

CVE	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2026-32160	Hig	0.51	7.8	0.00	Apr 14, 2026	Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-32159	Hig	0.51	7.8	0.00	Apr 14, 2026	Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-32158	Hig	0.51	7.8	0.00	Apr 14, 2026	Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-32157	Hig	0.57	8.8	0.00	Apr 14, 2026	Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-32156	Hig	0.48	7.4	0.00	Apr 14, 2026	Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to execute code locally.
CVE-2026-32155	Hig	0.51	7.8	0.00	Apr 14, 2026	Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-32154	Hig	0.51	7.8	0.00	Apr 14, 2026	Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-32153	Hig	0.51	7.8	0.00	Apr 14, 2026	Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.
CVE-2026-32152	Hig	0.51	7.8	0.00	Apr 14, 2026	Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-32150	Hig	0.46	7.0	0.00	Apr 14, 2026	Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
CVE-2026-32149	Hig	0.47	7.3	0.00	Apr 14, 2026	Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.
CVE-2026-32093	Hig	0.46	7.0	0.00	Apr 14, 2026	Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
CVE-2026-32091	Hig	0.55	8.4	0.00	Apr 14, 2026	Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.
CVE-2026-32090	Hig	0.51	7.8	0.00	Apr 14, 2026	Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally.
CVE-2026-32089	Hig	0.51	7.8	0.00	Apr 14, 2026	Use after free in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally.
CVE-2026-32087	Hig	0.46	7.0	0.00	Apr 14, 2026	Heap-based buffer overflow in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
CVE-2026-32086	Hig	0.46	7.0	0.00	Apr 14, 2026	Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
CVE-2026-32083	Hig	0.46	7.0	0.00	Apr 14, 2026	Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
CVE-2026-32082	Hig	0.46	7.0	0.00	Apr 14, 2026	Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
CVE-2026-32080	Hig	0.46	7.0	0.00	Apr 14, 2026	Use after free in Windows WalletService allows an authorized attacker to elevate privileges locally.
CVE-2026-32078	Hig	0.51	7.8	0.00	Apr 14, 2026	Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2026-32077	Hig	0.51	7.8	0.00	Apr 14, 2026	Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
CVE-2026-32076	Hig	0.51	7.8	0.00	Apr 14, 2026	Out-of-bounds read in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.
CVE-2026-32075	Hig	0.46	7.0	0.00	Apr 14, 2026	Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
CVE-2026-32074	Hig	0.51	7.8	0.00	Apr 14, 2026	Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2026-32073	Hig	0.46	7.0	0.00	Apr 14, 2026	Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-32071	Hig	0.49	7.5	0.00	Apr 14, 2026	Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.
CVE-2026-32070	Hig	0.46	7.0	0.00	Apr 14, 2026	Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-32069	Hig	0.51	7.8	0.00	Apr 14, 2026	Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2026-32068	Hig	0.46	7.0	0.00	Apr 14, 2026	Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
CVE-2026-27929	Hig	0.46	7.0	0.00	Apr 14, 2026	Time-of-check time-of-use (toctou) race condition in Windows LUAFV allows an authorized attacker to elevate privileges locally.
CVE-2026-27928	Hig	0.57	8.7	0.00	Apr 14, 2026	Improper input validation in Windows Hello allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-27927	Hig	0.51	7.8	0.00	Apr 14, 2026	Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2026-27926	Hig	0.46	7.0	0.00	Apr 14, 2026	Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-27924	Hig	0.51	7.8	0.00	Apr 14, 2026	Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-27923	Hig	0.51	7.8	0.00	Apr 14, 2026	Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-27922	Hig	0.46	7.0	0.00	Apr 14, 2026	Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-27921	Hig	0.46	7.0	0.00	Apr 14, 2026	Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CVE-2026-27920	Hig	0.51	7.8	0.00	Apr 14, 2026	Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
CVE-2026-27919	Hig	0.51	7.8	0.00	Apr 14, 2026	Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
CVE-2026-27918	Hig	0.51	7.8	0.00	Apr 14, 2026	Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally.
CVE-2026-27917	Hig	0.46	7.0	0.00	Apr 14, 2026	Use after free in Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) allows an authorized attacker to elevate privileges locally.
CVE-2026-27916	Hig	0.51	7.8	0.00	Apr 14, 2026	Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
CVE-2026-27915	Hig	0.51	7.8	0.00	Apr 14, 2026	Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
CVE-2026-27914	Hig	0.51	7.8	0.00	Apr 14, 2026	Improper access control in Microsoft Management Console allows an authorized attacker to elevate privileges locally.
CVE-2026-27913	Hig	0.50	7.7	0.00	Apr 14, 2026	Improper input validation in Windows BitLocker allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-27912	Hig	0.52	8.0	0.01	Apr 14, 2026	Improper authorization in Windows Kerberos allows an authorized attacker to elevate privileges over an adjacent network.
CVE-2026-27911	Hig	0.51	7.8	0.00	Apr 14, 2026	Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.
CVE-2026-27910	Hig	0.51	7.8	0.00	Apr 14, 2026	Improper handling of insufficient permissions or privileges in Windows Installer allows an authorized attacker to elevate privileges locally.
CVE-2026-27909	Hig	0.51	7.8	0.00	Apr 14, 2026	Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally.

CVE-2026-32160HigApr 14, 2026
risk 0.51cvss 7.8epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-32159HigApr 14, 2026
risk 0.51cvss 7.8epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-32158HigApr 14, 2026
risk 0.51cvss 7.8epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-32157HigApr 14, 2026
risk 0.57cvss 8.8epss 0.00
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-32156HigApr 14, 2026
risk 0.48cvss 7.4epss 0.00
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to execute code locally.
CVE-2026-32155HigApr 14, 2026
risk 0.51cvss 7.8epss 0.00
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-32154HigApr 14, 2026
risk 0.51cvss 7.8epss 0.00
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-32153HigApr 14, 2026
risk 0.51cvss 7.8epss 0.00
Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.
CVE-2026-32152HigApr 14, 2026
risk 0.51cvss 7.8epss 0.00
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-32150HigApr 14, 2026
risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
CVE-2026-32149HigApr 14, 2026
risk 0.47cvss 7.3epss 0.00
Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.
CVE-2026-32093HigApr 14, 2026
risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
CVE-2026-32091HigApr 14, 2026
risk 0.55cvss 8.4epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.
CVE-2026-32090HigApr 14, 2026
risk 0.51cvss 7.8epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally.
CVE-2026-32089HigApr 14, 2026
risk 0.51cvss 7.8epss 0.00
Use after free in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally.
CVE-2026-32087HigApr 14, 2026
risk 0.46cvss 7.0epss 0.00
Heap-based buffer overflow in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
CVE-2026-32086HigApr 14, 2026
risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
CVE-2026-32083HigApr 14, 2026
risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
CVE-2026-32082HigApr 14, 2026
risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
CVE-2026-32080HigApr 14, 2026
risk 0.46cvss 7.0epss 0.00
Use after free in Windows WalletService allows an authorized attacker to elevate privileges locally.
CVE-2026-32078HigApr 14, 2026
risk 0.51cvss 7.8epss 0.00
Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2026-32077HigApr 14, 2026
risk 0.51cvss 7.8epss 0.00
Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
CVE-2026-32076HigApr 14, 2026
risk 0.51cvss 7.8epss 0.00
Out-of-bounds read in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.
CVE-2026-32075HigApr 14, 2026
risk 0.46cvss 7.0epss 0.00
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
CVE-2026-32074HigApr 14, 2026
risk 0.51cvss 7.8epss 0.00
Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2026-32073HigApr 14, 2026
risk 0.46cvss 7.0epss 0.00
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-32071HigApr 14, 2026
risk 0.49cvss 7.5epss 0.00
Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.
CVE-2026-32070HigApr 14, 2026
risk 0.46cvss 7.0epss 0.00
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-32069HigApr 14, 2026
risk 0.51cvss 7.8epss 0.00
Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2026-32068HigApr 14, 2026
risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
CVE-2026-27929HigApr 14, 2026
risk 0.46cvss 7.0epss 0.00
Time-of-check time-of-use (toctou) race condition in Windows LUAFV allows an authorized attacker to elevate privileges locally.
CVE-2026-27928HigApr 14, 2026
risk 0.57cvss 8.7epss 0.00
Improper input validation in Windows Hello allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-27927HigApr 14, 2026
risk 0.51cvss 7.8epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2026-27926HigApr 14, 2026
risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-27924HigApr 14, 2026
risk 0.51cvss 7.8epss 0.00
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-27923HigApr 14, 2026
risk 0.51cvss 7.8epss 0.00
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-27922HigApr 14, 2026
risk 0.46cvss 7.0epss 0.00
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-27921HigApr 14, 2026
risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CVE-2026-27920HigApr 14, 2026
risk 0.51cvss 7.8epss 0.00
Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
CVE-2026-27919HigApr 14, 2026
risk 0.51cvss 7.8epss 0.00
Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
CVE-2026-27918HigApr 14, 2026
risk 0.51cvss 7.8epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally.
CVE-2026-27917HigApr 14, 2026
risk 0.46cvss 7.0epss 0.00
Use after free in Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) allows an authorized attacker to elevate privileges locally.
CVE-2026-27916HigApr 14, 2026
risk 0.51cvss 7.8epss 0.00
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
CVE-2026-27915HigApr 14, 2026
risk 0.51cvss 7.8epss 0.00
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
CVE-2026-27914HigApr 14, 2026
risk 0.51cvss 7.8epss 0.00
Improper access control in Microsoft Management Console allows an authorized attacker to elevate privileges locally.
CVE-2026-27913HigApr 14, 2026
risk 0.50cvss 7.7epss 0.00
Improper input validation in Windows BitLocker allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-27912HigApr 14, 2026
risk 0.52cvss 8.0epss 0.01
Improper authorization in Windows Kerberos allows an authorized attacker to elevate privileges over an adjacent network.
CVE-2026-27911HigApr 14, 2026
risk 0.51cvss 7.8epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.
CVE-2026-27910HigApr 14, 2026
risk 0.51cvss 7.8epss 0.00
Improper handling of insufficient permissions or privileges in Windows Installer allows an authorized attacker to elevate privileges locally.
CVE-2026-27909HigApr 14, 2026
risk 0.51cvss 7.8epss 0.00
Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally.