Month: April 2026

Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-32077 Windows UPnP Device Host Elevation of Privilege Vulnerability→

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally. Continue reading CVE-2026-32084 Windows Print Spooler Information Disclosure Vulnerability→

Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally. Continue reading CVE-2026-32149 Windows Hyper-V Remote Code Execution Vulnerability→

Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-27923 Desktop Window Manager Elevation of Privilege Vulnerability→

Heap-based buffer overflow in Windows Client Side Caching driver (csc.sys) allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-26176 Windows Client Side Caching driver (csc.sys) Elevation of Privilege Vulnerability→

Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-27920 Windows UPnP Device Host Elevation of Privilege Vulnerability→

Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-26173 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability→