Common Vulnerabilities and Exposures (CVE)

CVE-2026-26128

Apr 9, 2026 23:25:48 UTC

Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally.

CVE-2026-26116

Apr 9, 2026 23:25:47 UTC

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

CVE-2026-26115

Apr 9, 2026 23:25:46 UTC

Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network.

CVE-2026-26121

Apr 9, 2026 23:25:46 UTC

Server-side request forgery (ssrf) in Azure IoT Explorer allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-20967

Apr 9, 2026 23:25:45 UTC

Improper input validation in System Center Operations Manager allows an authorized attacker to elevate privileges over a network.

CVE-2026-23656

Apr 9, 2026 23:25:44 UTC

Insufficient verification of data authenticity in Windows App Installer allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-26114

Apr 9, 2026 23:25:43 UTC

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVE-2026-26113

Apr 9, 2026 23:25:43 UTC

Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-26112

Apr 9, 2026 23:25:42 UTC

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-26111

Apr 9, 2026 23:25:41 UTC

Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.

CVE-2026-26105

Apr 9, 2026 23:25:41 UTC

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-25190

Apr 9, 2026 23:25:40 UTC

Untrusted search path in Windows GDI allows an unauthorized attacker to execute code locally.

CVE-2026-25189

Apr 9, 2026 23:25:40 UTC

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

CVE-2026-25188

Apr 9, 2026 23:25:39 UTC

Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to elevate privileges over an adjacent network.

CVE-2026-25187

Apr 9, 2026 23:25:39 UTC

Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.