Month: April 2026

Double free in Windows Shell allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-26166 Windows Shell Elevation of Privilege Vulnerability→

Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a security feature locally. Continue reading CVE-2026-0390 UEFI Secure Boot Security Feature Bypass Vulnerability→

Use after free in Windows Shell allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-26165 Windows Shell Elevation of Privilege Vulnerability→

Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network. Continue reading CVE-2026-32157 Remote Desktop Client Remote Code Execution Vulnerability→

Access of resource using incompatible type (‘type confusion’) in Windows OLE allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-26162 Windows OLE Elevation of Privilege Vulnerability→

Improper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an unauthorized attacker to bypass a security feature with a physical attack. Continue reading CVE-2026-20928 Windows Recovery Environment Security Feature Bypass Vulnerability→

Untrusted pointer dereference in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-26161 Windows Sensor Data Service Elevation of Privilege Vulnerability→

Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally. Continue reading CVE-2026-33822 Microsoft Word Information Disclosure Vulnerability→