Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-27911 | HIGH | 7.8 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-27910 | HIGH | 7.8 | Improper handling of insufficient permissions or privileges in Windows Installer allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-27909 | HIGH | 7.8 | Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-27908 | HIGH | 7.0 | Use after free in Windows TDI Translation Driver (tdx.sys) allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-27907 | HIGH | 7.8 | Integer underflow (wrap or wraparound) in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-27906 | MEDIUM | 4.4 | Improper input validation in Windows Hello allows an authorized attacker to bypass a security feature locally. | Apr 14, 2026 |
| CVE-2026-27303 | CRITICAL | 9.6 | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the … | Apr 14, 2026 |
| CVE-2026-27288 | MEDIUM | 5.4 | Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating … | Apr 14, 2026 |
| CVE-2026-27258 | MEDIUM | 5.5 | DNG SDK versions 1.7.1 2502 and earlier are affected by an out-of-bounds write vulnerability that could lead to application denial-of-service. An attacker could leverage this … | Apr 14, 2026 |
| CVE-2026-27246 | CRITICAL | 9.3 | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the … | Apr 14, 2026 |
| CVE-2026-27245 | CRITICAL | 9.3 | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim … | Apr 14, 2026 |
| CVE-2026-27243 | CRITICAL | 9.3 | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim … | Apr 14, 2026 |
| CVE-2026-26184 | HIGH | 7.8 | Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-26183 | HIGH | 7.8 | Improper access control in Windows RPC API allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-26182 | HIGH | 7.0 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-26181 | HIGH | 7.8 | Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-26180 | HIGH | 7.8 | Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-26179 | HIGH | 7.8 | Double free in Windows Kernel allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-26178 | HIGH | 8.8 | Integer size truncation in Windows Advanced Rasterization Platform (WARP) allows an unauthorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-26177 | HIGH | 7.0 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-26176 | HIGH | 7.8 | Heap-based buffer overflow in Windows Client Side Caching driver (csc.sys) allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-26175 | MEDIUM | 4.6 | Use of uninitialized resource in Windows Boot Manager allows an unauthorized attacker to bypass a security feature with a physical attack. | Apr 14, 2026 |
| CVE-2026-26174 | HIGH | 7.0 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Server Update Service allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-26173 | HIGH | 7.0 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-26172 | HIGH | 7.8 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |