Month: April 2026

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Continue reading CVE-2026-32199 Microsoft Excel Remote Code Execution Vulnerability→

Improper handling of insufficient permissions or privileges in Windows Installer allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-27910 Windows Installer Elevation of Privilege Vulnerability→

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Continue reading CVE-2026-32190 Microsoft Office Remote Code Execution Vulnerability→

Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-26184 Windows Projected File System Elevation of Privilege Vulnerability→

Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows User Interface Core allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-32163 Windows User Interface Core Elevation of Privilege Vulnerability→

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information over a network. Continue reading CVE-2026-32151 Windows Shell Information Disclosure Vulnerability→

Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network. Continue reading CVE-2026-32171 Azure Logic Apps Elevation of Privilege Vulnerability→

Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Biometric Service allows an unauthorized attacker to bypass a security feature with a physical attack. Continue reading CVE-2026-32088 Windows Biometric Service Security Feature Bypass Vulnerability→