Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
77,897 matching · page 109/1558Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2026-27914(opens NVD record) | High | 7.8 | Improper access control in Microsoft Management Console allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-27913(opens NVD record) | High | 7.7 | Improper input validation in Windows BitLocker allows an unauthorized attacker to bypass a security feature locally. | Apr 14, 2026 |
| CVE-2026-27912(opens NVD record) | High | 8.0 | Improper authorization in Windows Kerberos allows an authorized attacker to elevate privileges over an adjacent network. | Apr 14, 2026 |
| CVE-2026-27911(opens NVD record) | High | 7.8 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-27910(opens NVD record) | High | 7.8 | Improper handling of insufficient permissions or privileges in Windows Installer allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-27909(opens NVD record) | High | 7.8 | Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-27908(opens NVD record) | High | 7.0 | Use after free in Windows TDI Translation Driver (tdx.sys) allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-27907(opens NVD record) | High | 7.8 | Integer underflow (wrap or wraparound) in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-27906(opens NVD record) | Medium | 4.4 | Improper input validation in Windows Hello allows an authorized attacker to bypass a security feature locally. | Apr 14, 2026 |
| CVE-2026-27303(opens NVD record) | Critical | 9.6 | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed. | Apr 14, 2026 |
| CVE-2026-27246(opens NVD record) | Critical | 9.3 | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed. | Apr 14, 2026 |
| CVE-2026-27245(opens NVD record) | Critical | 9.3 | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed. | Apr 14, 2026 |
| CVE-2026-27243(opens NVD record) | Critical | 9.3 | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed. | Apr 14, 2026 |
| CVE-2026-26184(opens NVD record) | High | 7.8 | Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-26183(opens NVD record) | High | 7.8 | Improper access control in Windows RPC API allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-26182(opens NVD record) | High | 7.0 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-26181(opens NVD record) | High | 7.8 | Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-26180(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-26179(opens NVD record) | High | 7.8 | Double free in Windows Kernel allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-26178(opens NVD record) | High | 8.8 | Integer size truncation in Windows Advanced Rasterization Platform (WARP) allows an unauthorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-26177(opens NVD record) | High | 7.0 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-26176(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Windows Client Side Caching driver (csc.sys) allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-26175(opens NVD record) | Medium | 4.6 | Use of uninitialized resource in Windows Boot Manager allows an unauthorized attacker to bypass a security feature with a physical attack. | Apr 14, 2026 |
| CVE-2026-26174(opens NVD record) | High | 7.0 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Server Update Service allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-26173(opens NVD record) | High | 7.0 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-26172(opens NVD record) | High | 7.8 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-26171(opens NVD record) | High | 7.5 | Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network. | Apr 14, 2026 |
| CVE-2026-26170(opens NVD record) | High | 7.8 | Improper input validation in Microsoft PowerShell allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-26169(opens NVD record) | Medium | 6.1 | Buffer over-read in Windows Kernel Memory allows an authorized attacker to disclose information locally. | Apr 14, 2026 |
| CVE-2026-26168(opens NVD record) | High | 7.8 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-26167(opens NVD record) | High | 8.8 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-26166(opens NVD record) | High | 7.0 | Double free in Windows Shell allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-26165(opens NVD record) | High | 7.0 | Use after free in Windows Shell allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-26163(opens NVD record) | High | 7.8 | Double free in Windows Kernel allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-26162(opens NVD record) | High | 7.8 | Access of resource using incompatible type ('type confusion') in Windows OLE allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-26161(opens NVD record) | High | 7.8 | Untrusted pointer dereference in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-26160(opens NVD record) | High | 7.8 | Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-26159(opens NVD record) | High | 7.8 | Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-26156(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Windows Hyper-V allows an unauthorized attacker to execute code locally. | Apr 14, 2026 |
| CVE-2026-26155(opens NVD record) | Medium | 6.5 | Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | Apr 14, 2026 |
| CVE-2026-26154(opens NVD record) | High | 7.5 | Improper input validation in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network. | Apr 14, 2026 |
| CVE-2026-26153(opens NVD record) | High | 7.8 | Out-of-bounds read in Windows Encrypting File System (EFS) allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-26152(opens NVD record) | High | 7.0 | Insecure storage of sensitive information in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-26151(opens NVD record) | High | 7.1 | Insufficient ui warning of dangerous operations in Windows Remote Desktop allows an unauthorized attacker to perform spoofing over a network. | Apr 14, 2026 |
| CVE-2026-26149(opens NVD record) | Critical | 9.0 | Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to perform spoofing over a network. | Apr 14, 2026 |
| CVE-2026-26143(opens NVD record) | High | 7.8 | Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally. | Apr 14, 2026 |
| CVE-2026-25184(opens NVD record) | High | 7.0 | Concurrent execution using shared resource with improper synchronization ('race condition') in Applocker Filter Driver (applockerfltr.sys) allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-23670(opens NVD record) | Medium | 5.7 | Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally. | Apr 14, 2026 |
| CVE-2026-23666(opens NVD record) | High | 7.5 | Improper input validation in .NET Framework allows an unauthorized attacker to deny service over a network. | Apr 14, 2026 |
| CVE-2026-23657(opens NVD record) | High | 7.8 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | Apr 14, 2026 |