Month: April 2026

Improper authentication in Windows Active Directory allows an unauthorized attacker to perform spoofing locally. Continue reading CVE-2026-32072 Active Directory Spoofing Vulnerability→

Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-26159 Remote Desktop Licensing Service Elevation of Privilege Vulnerability→

Concurrent execution using shared resource with improper synchronization (‘race condition’) in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-32086 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability→

Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-32078 Windows Projected File System Elevation of Privilege Vulnerability→

Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-27916 Windows UPnP Device Host Elevation of Privilege Vulnerability→

Improper input validation in Windows BitLocker allows an unauthorized attacker to bypass a security feature locally. Continue reading CVE-2026-27913 Windows BitLocker Security Feature Bypass Vulnerability→

Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to disclose information over an adjacent network. Continue reading CVE-2026-27925 Windows UPnP Device Host Information Disclosure Vulnerability→

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-27922 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability→