Briefs

CVE-2026-32183 is a command injection vulnerability in the Windows Snipping Tool that allows a local attacker to execute arbitrary code.

CVE-2026-32222 is an untrusted pointer dereference vulnerability in the Windows Win32K ICOMP component, allowing a local attacker to escalate privileges.

CVE-2026-32156 is a use-after-free vulnerability in the Windows Universal Plug and Play (UPnP) Device Host service that allows an unauthorized attacker to execute code locally.

CVE-2026-26183 allows a locally authenticated attacker to escalate privileges due to improper access control within the Windows RPC API.

CVE-2026-26174 is a race condition vulnerability in Windows Server Update Service that allows an authorized attacker to elevate privileges locally.

Adobe Connect versions 2025.3, 12.10, and earlier are susceptible to a Cross-Site Scripting (XSS) vulnerability (CVE-2026-34617) that can lead to privilege escalation if a user interacts with a malicious URL or compromised web page.

CVE-2026-33100 is a use-after-free vulnerability in the Windows Ancillary Function Driver for WinSock, allowing a locally authorized attacker to elevate privileges.

CVE-2026-32224 is a use-after-free vulnerability in the Windows Server Update Service that allows a locally authenticated attacker to elevate privileges.

CVE-2026-32221 is a heap-based buffer overflow vulnerability in the Microsoft Graphics Component, allowing a local attacker to execute arbitrary code.

CVE-2026-32219 is a double free vulnerability in the Microsoft Brokering File System, allowing an authorized attacker to escalate privileges locally on a vulnerable Windows system.

CVE-2026-32200 is a use-after-free vulnerability in Microsoft Office PowerPoint that allows an unauthorized attacker to achieve local code execution by enticing a user to open a specially crafted PowerPoint document.

CVE-2026-32178 is a vulnerability in .NET that allows for network spoofing due to improper neutralization of special elements, potentially enabling attackers to impersonate legitimate entities.

CVE-2026-32165 is a use-after-free vulnerability in Windows User Interface Core that allows a locally authenticated attacker to elevate privileges.

CVE-2026-32162 allows an unauthorized attacker to achieve local privilege escalation in Windows COM by exploiting the acceptance of extraneous untrusted data with trusted data.

CVE-2026-32159 is a race condition vulnerability in Windows Push Notifications, allowing a local attacker with low privileges to elevate privileges by exploiting concurrent execution using a shared resource with improper synchronization.

CVE-2026-32091 is a race condition vulnerability in the Microsoft Brokering File System, allowing an unauthenticated local attacker to escalate privileges.

CVE-2026-32087 is a heap-based buffer overflow vulnerability in the Function Discovery Service (fdwsd.dll) that allows an authorized local attacker to elevate privileges on a Windows system.

A use-after-free vulnerability, CVE-2026-32070, exists in the Windows Common Log File System (CLFS) driver, enabling a locally authenticated attacker to escalate privileges on a vulnerable system.

CVE-2026-27920 is a local privilege escalation vulnerability in the Windows Universal Plug and Play (UPnP) Device Host due to an untrusted pointer dereference.

CVE-2026-27918 is a race condition vulnerability in Windows Shell, allowing a local attacker to elevate privileges due to improper synchronization when accessing shared resources.

Adobe Connect versions 2025.3, 12.10, and earlier are vulnerable to a reflected Cross-Site Scripting (XSS) attack, enabling attackers to execute malicious JavaScript in a victim's browser by enticing them to visit a crafted URL.

CVE-2026-26184 is a buffer over-read vulnerability in the Windows Projected File System (ProjFS) that allows a local attacker to elevate privileges.

CVE-2026-26176 is a heap-based buffer overflow vulnerability in the Windows Client Side Caching driver (csc.sys), which allows an authorized attacker to elevate privileges locally.

CVE-2026-26178 is an integer size truncation vulnerability in the Windows Advanced Rasterization Platform (WARP) that allows an unauthorized attacker to elevate privileges locally.

CVE-2026-26159 allows a local attacker to escalate privileges on Windows systems due to a missing authentication check in the Remote Desktop Licensing Service (RDLS).

A path traversal vulnerability (CVE-2026-39813) in Fortinet FortiSandbox versions 5.0.0 through 5.0.5 and 4.4.0 through 4.4.8 may allow an unauthenticated attacker to escalate privileges via '../filedir'.

CVE-2026-38529 is a Broken Object-Level Authorization (BOLA) vulnerability in Webkul Krayin CRM v2.2.x that allows authenticated attackers to reset user passwords and take over accounts.

CVE-2026-22828 is a heap-based buffer overflow in Fortinet FortiAnalyzer and FortiManager Cloud versions 7.6.2 through 7.6.4, potentially allowing a remote unauthenticated attacker to execute arbitrary code with a significant preparation effort due to ASLR and network segmentation.

A critical SQL injection vulnerability (CVE-2025-63939) exists in the anirudhkannan Grocery Store Management System 1.0, allowing unauthenticated attackers to execute arbitrary SQL queries via the sitem_name POST parameter in /Grocery/search_products_itname.php.

A path traversal vulnerability in UniFi Play devices allows an attacker with network access to write arbitrary files, leading to remote code execution.