Windows 10 22h2

CVEs (107)

CVE	Sev	Risk	CVSS	Published	Description
CVE-2026-26176	Hig	0.51	7.8	Apr 14, 2026	Heap-based buffer overflow in Windows Client Side Caching driver (csc.sys) allows an authorized attacker to elevate privileges locally.
CVE-2026-26172	Hig	0.51	7.8	Apr 14, 2026	Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-26170	Hig	0.51	7.8	Apr 14, 2026	Improper input validation in Microsoft PowerShell allows an authorized attacker to elevate privileges locally.
CVE-2026-26168	Hig	0.51	7.8	Apr 14, 2026	Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-26163	Hig	0.51	7.8	Apr 14, 2026	Double free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-26162	Hig	0.51	7.8	Apr 14, 2026	Access of resource using incompatible type ('type confusion') in Windows OLE allows an authorized attacker to elevate privileges locally.
CVE-2026-26161	Hig	0.51	7.8	Apr 14, 2026	Untrusted pointer dereference in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally.
CVE-2026-26160	Hig	0.51	7.8	Apr 14, 2026	Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally.
CVE-2026-26159	Hig	0.51	7.8	Apr 14, 2026	Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally.
CVE-2026-26156	Hig	0.51	7.8	Apr 14, 2026	Heap-based buffer overflow in Windows Hyper-V allows an unauthorized attacker to execute code locally.
CVE-2026-26153	Hig	0.51	7.8	Apr 14, 2026	Out-of-bounds read in Windows Encrypting File System (EFS) allows an authorized attacker to elevate privileges locally.
CVE-2026-20930	Hig	0.51	7.8	Apr 14, 2026	Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-32071	Hig	0.49	7.5	Apr 14, 2026	Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.
CVE-2026-32156	Hig	0.48	7.4	Apr 14, 2026	Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to execute code locally.
CVE-2026-32149	Hig	0.47	7.3	Apr 14, 2026	Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.
CVE-2026-33104	Hig	0.46	7.0	Apr 14, 2026	Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2026-33100	Hig	0.46	7.0	Apr 14, 2026	Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-33099	Hig	0.46	7.0	Apr 14, 2026	Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-32150	Hig	0.46	7.0	Apr 14, 2026	Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
CVE-2026-32093	Hig	0.46	7.0	Apr 14, 2026	Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.

Page 3 of 6