Total CVEs

138,940

Critical Severity

3,615

High Severity

12,982

Last 7 Days

1,152
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 6,161 - 6,180 of 12,679 CVEs
CVE-2026-32091 HIGH - 8.4

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: Apr 14, 2026
Source: NVD
CVE-2026-32090 HIGH - 7.8

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: Apr 14, 2026
Source: NVD
CVE-2026-32089 HIGH - 7.8

Use after free in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: Apr 14, 2026
Source: NVD
CVE-2026-32087 HIGH - 7.0

Heap-based buffer overflow in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: Apr 14, 2026
Source: NVD
CVE-2026-32086 HIGH - 7.0

Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: Apr 14, 2026
Source: NVD
CVE-2026-32083 HIGH - 7.0

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: Apr 14, 2026
Source: NVD
CVE-2026-32082 HIGH - 7.0

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: Apr 14, 2026
Source: NVD
CVE-2026-32080 HIGH - 7.0

Use after free in Windows WalletService allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_server_2016
Published: Apr 14, 2026
Source: NVD
CVE-2026-32078 HIGH - 7.8

Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1809
Published: Apr 14, 2026
Source: NVD
CVE-2026-32077 HIGH - 7.8

Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: Apr 14, 2026
Source: NVD
CVE-2026-32076 HIGH - 7.8

Out-of-bounds read in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_11_23h2
Published: Apr 14, 2026
Source: NVD
CVE-2026-32075 HIGH - 7.0

Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: Apr 14, 2026
Source: NVD
CVE-2026-32074 HIGH - 7.8

Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally.

Published: Apr 14, 2026
Source: NVD
CVE-2026-32073 HIGH - 7.0

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Published: Apr 14, 2026
Source: NVD
CVE-2026-32071 HIGH - 7.5

Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.

Published: Apr 14, 2026
Source: NVD
CVE-2026-32070 HIGH - 7.0

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Published: Apr 14, 2026
Source: NVD
CVE-2026-32069 HIGH - 7.8

Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally.

Published: Apr 14, 2026
Source: NVD
CVE-2026-32068 HIGH - 7.0

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

Published: Apr 14, 2026
Source: NVD
CVE-2026-27929 HIGH - 7.0

Time-of-check time-of-use (toctou) race condition in Windows LUAFV allows an authorized attacker to elevate privileges locally.

Published: Apr 14, 2026
Source: NVD
CVE-2026-27928 HIGH - 8.7

Improper input validation in Windows Hello allows an unauthorized attacker to bypass a security feature over a network.

Published: Apr 14, 2026
Source: NVD