Month: April 2026

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-33099 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability→

Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network. Continue reading CVE-2026-32203 .NET and Visual Studio Denial of Service Vulnerability→

Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. Continue reading CVE-2026-32200 Microsoft PowerPoint Remote Code Execution Vulnerability→

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Continue reading CVE-2026-32198 Microsoft Excel Remote Code Execution Vulnerability→

Improper neutralization of input during web page generation (‘cross-site scripting’) in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network. Continue reading CVE-2026-32196 Windows Admin Center Spoofing Vulnerability→

Improper neutralization of special elements used in an sql command (‘sql injection’) in SQL Server allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-32176 SQL Server Elevation of Privilege Vulnerability→

Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows User Interface Core allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-32164 Windows User Interface Core Elevation of Privilege Vulnerability→

Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate privileges locally. Continue reading CVE-2026-32162 Windows COM Elevation of Privilege Vulnerability→