Month: April 2026

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally. Continue reading CVE-2026-32081 Package Catalog Information Disclosure Vulnerability→

Untrusted pointer dereference in Windows Win32K – ICOMP allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-32222 Windows Win32k Elevation of Privilege Vulnerability→

Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-32075 Windows UPnP Device Host Elevation of Privilege Vulnerability→

Improper access control in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally. Continue reading CVE-2026-32220 UEFI Secure Boot Security Feature Bypass Vulnerability→

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-32073 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability→

The vulnerability assigned to this CVE could lead to corruption of guest encrypted memory. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of … Continue reading CVE-2023-20585 AMD: CVE-2023-20585 IOMMU Write Buffer Vulnerability→

Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network. Continue reading CVE-2026-32071 Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability→

Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally. Continue reading CVE-2026-32217 Windows Kernel Information Disclosure Vulnerability→