HackTesting

Common Vulnerabilities and Exposures (CVE)

CVE-2026-32068

Apr 30, 2026 14:42:09 UTC

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

CVE-2026-27930

Apr 30, 2026 14:42:09 UTC

Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally.

CVE-2026-27928

Apr 30, 2026 14:42:08 UTC

Improper input validation in Windows Hello allows an unauthorized attacker to bypass a security feature over a network.

CVE-2026-27925

Apr 30, 2026 14:42:07 UTC

Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to disclose information over an adjacent network.

CVE-2026-27923

Apr 30, 2026 14:42:07 UTC

Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.

CVE-2026-27922

Apr 30, 2026 14:42:06 UTC

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2026-27920

Apr 30, 2026 14:42:06 UTC

Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.

CVE-2026-27916

Apr 30, 2026 14:42:05 UTC

Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.

CVE-2026-27914

Apr 30, 2026 14:42:04 UTC

Improper access control in Microsoft Management Console allows an authorized attacker to elevate privileges locally.

CVE-2026-27913

Apr 30, 2026 14:42:03 UTC

Improper input validation in Windows BitLocker allows an unauthorized attacker to bypass a security feature locally.

CVE-2026-27912

Apr 30, 2026 14:42:03 UTC

Improper authorization in Windows Kerberos allows an authorized attacker to elevate privileges over an adjacent network.

CVE-2026-27911

Apr 30, 2026 14:42:01 UTC

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.

CVE-2026-27910

Apr 30, 2026 14:42:00 UTC

Improper handling of insufficient permissions or privileges in Windows Installer allows an authorized attacker to elevate privileges locally.

CVE-2026-27909

Apr 30, 2026 14:41:59 UTC

Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally.

CVE-2026-26184

Apr 30, 2026 14:41:58 UTC

Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.

Page: 37