Common Vulnerabilities and Exposures (CVE)
CVE-2026-42823
Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.
CVE-2026-41613
Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-41103
Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-40381
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-41097
Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-41086
Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
CVE-2026-40420
Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
CVE-2026-35436
Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
CVE-2026-40418
Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
CVE-2026-40403
Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally.
CVE-2026-40402
Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.
CVE-2026-40398
Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
CVE-2026-32209
Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally.