Month: April 2026

Improper access control in Microsoft Management Console allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-27914 Microsoft Management Console Elevation of Privilege Vulnerability→

Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Push Notifications allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-26172 Windows Push Notifications Elevation of Privilege Vulnerability→

Improper authorization in Windows Kerberos allows an authorized attacker to elevate privileges over an adjacent network. Continue reading CVE-2026-27912 Windows Kerberos Elevation of Privilege Vulnerability→

Improper input validation in Microsoft PowerShell allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-26170 PowerShell Elevation of Privilege Vulnerability→

Use after free in Windows WalletService allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-32080 Windows WalletService Elevation of Privilege Vulnerability→

Buffer over-read in Windows Kernel Memory allows an authorized attacker to disclose information locally. Continue reading CVE-2026-26169 Windows Kernel Memory Information Disclosure Vulnerability→

Out-of-bounds read in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-32076 Windows Storage Spaces Controller Elevation of Privilege Vulnerability→

Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-26168 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability→