Briefs

CVE-2026-32168 is an improper input validation vulnerability in Azure Monitor Agent that allows a locally authorized attacker to elevate privileges.

Composer is vulnerable to command injection via a malicious Perforce repository due to improper escaping of user-supplied Perforce connection parameters, potentially leading to arbitrary command execution in the context of the user running Composer.

CVE-2026-6264, a critical deserialization vulnerability in Talend JobServer and Runtime, allows unauthenticated remote code execution via the JMX monitoring port, leading to complete system compromise.

CVE-2026-26152 is an insecure storage of sensitive information vulnerability in Windows Cryptographic Services that allows a local, authorized attacker to elevate privileges.

CVE-2026-26153 is an out-of-bounds read vulnerability in the Windows Encrypting File System (EFS) that allows an authorized local attacker to elevate privileges.

CVE-2026-26163 is a double free vulnerability in the Windows Kernel, allowing an authorized attacker to elevate privileges locally with a CVSS v3.1 score of 7.8.

CVE-2026-26179 is a double free vulnerability in the Windows Kernel, allowing a locally authenticated attacker to elevate privileges on the system.

CVE-2026-26181 is a use-after-free vulnerability in the Microsoft Brokering File System that enables a locally authenticated attacker to escalate privileges on the system.

CVE-2026-26182 is a use-after-free vulnerability in the Windows Ancillary Function Driver for WinSock, allowing a locally authorized attacker to elevate privileges.

A use-after-free vulnerability, CVE-2026-27908, exists in the Windows TDI Translation Driver (tdx.sys), allowing a locally authenticated attacker to elevate privileges.

CVE-2026-27909 is a use-after-free vulnerability in the Microsoft Windows Search Component that allows a locally authorized attacker to escalate privileges.

CVE-2026-27910 describes a local privilege escalation vulnerability in Windows Installer due to improper handling of insufficient permissions, allowing an authorized attacker to gain elevated privileges.

CVE-2026-27916 is a use-after-free vulnerability in Windows Universal Plug and Play (UPnP) Device Host that allows an authorized attacker to elevate privileges locally.

CVE-2026-27917 is a use-after-free vulnerability in the Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) that allows a locally authorized attacker to elevate privileges.

CVE-2026-27926 is a race condition vulnerability in the Windows Cloud Files Mini Filter Driver that allows a local attacker to elevate privileges.

CVE-2026-32071 is a null pointer dereference vulnerability in the Windows Local Security Authority Subsystem Service (LSASS), allowing an unauthorized network attacker to cause a denial-of-service condition.

A use-after-free vulnerability, CVE-2026-32078, exists in the Windows Projected File System, allowing a locally authenticated attacker to escalate privileges.

CVE-2026-32152 is a use-after-free vulnerability in the Desktop Window Manager (dwm.exe) that allows an authorized local attacker to elevate privileges.

CVE-2026-32153 is a use-after-free vulnerability in Microsoft Windows Speech that allows a locally authorized attacker to elevate privileges.

CVE-2026-32155 is a use-after-free vulnerability in the Desktop Window Manager that allows an authorized attacker to escalate privileges locally on a Windows system.

CVE-2026-32157 is a use-after-free vulnerability in the Remote Desktop Client that allows an unauthorized attacker to execute code over a network.

CVE-2026-32164 is a race condition vulnerability in Windows User Interface Core that allows a locally authorized attacker to elevate privileges.

CVE-2026-32195 is a stack-based buffer overflow vulnerability in the Windows Kernel that allows an authorized attacker to elevate privileges locally.

An unauthenticated, remote attacker can exploit an out-of-bounds read vulnerability (CVE-2026-33096) in Windows HTTP.sys to cause a denial-of-service condition.

CVE-2026-33098 is a use-after-free vulnerability in the Windows Container Isolation FS Filter Driver that allows a locally authorized attacker to elevate privileges.

A use-after-free vulnerability, CVE-2026-33099, in the Windows Ancillary Function Driver for WinSock, enables a locally authenticated attacker to elevate privileges on the system.

CVE-2026-33101 is a use-after-free vulnerability in the Windows Print Spooler Components that allows an authenticated local attacker to elevate privileges.

A double free vulnerability in the Windows IKE Extension, tracked as CVE-2026-33824, allows an unauthenticated remote attacker to execute arbitrary code over the network.

An improper input validation vulnerability (CVE-2026-33826) in Windows Active Directory could allow an authenticated attacker on an adjacent network to execute code.

An SQL injection vulnerability (CVE-2026-39815) in Fortinet FortiDDoS-F versions 7.2.1 through 7.2.2 may allow a low-privilege attacker to execute unauthorized code or commands.