Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-26171 | HIGH | 7.5 | Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network. | Apr 14, 2026 |
| CVE-2026-26170 | HIGH | 7.8 | Improper input validation in Microsoft PowerShell allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-26169 | MEDIUM | 6.1 | Buffer over-read in Windows Kernel Memory allows an authorized attacker to disclose information locally. | Apr 14, 2026 |
| CVE-2026-26168 | HIGH | 7.8 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-26167 | HIGH | 8.8 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-26166 | HIGH | 7.0 | Double free in Windows Shell allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-26165 | HIGH | 7.0 | Use after free in Windows Shell allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-26163 | HIGH | 7.8 | Double free in Windows Kernel allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-26162 | HIGH | 7.8 | Access of resource using incompatible type ('type confusion') in Windows OLE allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-26161 | HIGH | 7.8 | Untrusted pointer dereference in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-26160 | HIGH | 7.8 | Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-26159 | HIGH | 7.8 | Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-26156 | HIGH | 7.8 | Heap-based buffer overflow in Windows Hyper-V allows an unauthorized attacker to execute code locally. | Apr 14, 2026 |
| CVE-2026-26155 | MEDIUM | 6.5 | Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | Apr 14, 2026 |
| CVE-2026-26154 | HIGH | 7.5 | Improper input validation in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network. | Apr 14, 2026 |
| CVE-2026-26153 | HIGH | 7.8 | Out-of-bounds read in Windows Encrypting File System (EFS) allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-26152 | HIGH | 7.0 | Insecure storage of sensitive information in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-26151 | HIGH | 7.1 | Insufficient ui warning of dangerous operations in Windows Remote Desktop allows an unauthorized attacker to perform spoofing over a network. | Apr 14, 2026 |
| CVE-2026-26149 | CRITICAL | 9.0 | Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to bypass a security feature over a network. | Apr 14, 2026 |
| CVE-2026-26143 | HIGH | 7.8 | Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally. | Apr 14, 2026 |
| CVE-2026-25184 | HIGH | 7.0 | Concurrent execution using shared resource with improper synchronization ('race condition') in Applocker Filter Driver (applockerfltr.sys) allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-24907 | UNKNOWN | — | October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a stored cross-site scripting (XSS) vulnerability in the … | Apr 14, 2026 |
| CVE-2026-24906 | UNKNOWN | — | October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a Stored Cross-Site Scripting (XSS) vulnerability in the … | Apr 14, 2026 |
| CVE-2026-23670 | MEDIUM | 5.7 | Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally. | Apr 14, 2026 |
| CVE-2026-23666 | HIGH | 7.5 | Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network. | Apr 14, 2026 |