Month: March 2026

Improper neutralization of special elements used in an sql command (‘sql injection’) in SQL Server allows an authorized attacker to elevate privileges over a network. Continue reading CVE-2026-26116 SQL Server Elevation of Privilege Vulnerability→

Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network. Continue reading CVE-2026-26115 SQL Server Elevation of Privilege Vulnerability→

Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network. Continue reading CVE-2026-21262 SQL Server Elevation of Privilege Vulnerability→

Exposure of sensitive information to an unauthorized actor in Windows Accessibility Infrastructure (ATBroker.exe) allows an authorized attacker to disclose information locally. Continue reading CVE-2026-25186 Windows Accessibility Infrastructure (ATBroker.exe) Information Disclosure Vulnerability→

Out-of-bounds read in Windows GDI+ allows an unauthorized attacker to disclose information over a network. Continue reading CVE-2026-25181 GDI+ Information Disclosure Vulnerability→

Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Device Association Service allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-24295 Windows Device Association Service Elevation of Privilege Vulnerability→

Improper validation of specified type of input in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-25179 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability→

Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-24294 Windows SMB Server Elevation of Privilege Vulnerability→