ReportizFlow
Filtered by vendor Microsoft
Subscriptions
Total
23766 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-21261 | 1 Microsoft | 11 365 Apps, Excel, Excel 2016 and 8 more | 2026-04-15 | 5.5 Medium |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2026-21257 | 1 Microsoft | 2 Visual Studio 2022, Visual Studio 2026 | 2026-04-15 | 8 High |
| Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-21256 | 1 Microsoft | 2 Visual Studio 2022, Visual Studio 2026 | 2026-04-15 | 8.8 High |
| Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-21255 | 1 Microsoft | 25 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 22 more | 2026-04-15 | 8.8 High |
| Improper access control in Windows Hyper-V allows an authorized attacker to bypass a security feature locally. | ||||
| CVE-2026-21253 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-04-15 | 7 High |
| Use after free in Mailslot File System allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-21251 | 1 Microsoft | 10 Windows Server 2016, Windows Server 2016 (server Core Installation), Windows Server 2019 and 7 more | 2026-04-15 | 7.8 High |
| Use after free in Windows Cluster Client Failover allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-21250 | 1 Microsoft | 11 Windows 11 24h2, Windows 11 24h2, Windows 11 25h2 and 8 more | 2026-04-15 | 7.8 High |
| Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-21249 | 1 Microsoft | 29 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 26 more | 2026-04-15 | 3.3 Low |
| External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing locally. | ||||
| CVE-2026-21245 | 1 Microsoft | 8 Windows 11 24h2, Windows 11 24h2, Windows 11 25h2 and 5 more | 2026-04-15 | 7.8 High |
| Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-21244 | 1 Microsoft | 25 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 22 more | 2026-04-15 | 7.3 High |
| Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally. | ||||
| CVE-2026-21243 | 1 Microsoft | 8 Windows Server 2019, Windows Server 2019 (server Core Installation), Windows Server 2022 and 5 more | 2026-04-15 | 7.5 High |
| Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-21240 | 1 Microsoft | 22 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 19 more | 2026-04-15 | 7.8 High |
| Time-of-check time-of-use (toctou) race condition in Windows HTTP.sys allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-21241 | 1 Microsoft | 15 Windows 11 22h3, Windows 11 23h2, Windows 11 23h2 and 12 more | 2026-04-15 | 7 High |
| Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-21239 | 1 Microsoft | 28 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 25 more | 2026-04-15 | 7.8 High |
| Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-21238 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-04-15 | 7.8 High |
| Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-21237 | 1 Microsoft | 19 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 16 more | 2026-04-15 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-27296 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2026-04-15 | 7.8 High |
| Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-27297 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2026-04-15 | 7.8 High |
| Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-27298 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2026-04-15 | 7.8 High |
| Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-27299 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2026-04-15 | 6.3 Medium |
| Adobe Framemaker versions 2022.8 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to access sensitive files or data on the system. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||