219614 matches found
CVE-2026-32209
Improper access control in Windows Filtering Platform WFP allows an authorized attacker to bypass a security feature locally...
CVE-2026-32170
Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally...
CVE-2026-42823
Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network...
CVE-2026-42832
Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally...
CVE-2026-41107
External control of file name or path in Microsoft Edge Chromium-based allows an unauthorized attacker to disclose information over a network...
CVE-2026-41101
Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally...
CVE-2026-41088
Access of resource using incompatible type 'type confusion' in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...
CVE-2026-40420
Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally...
CVE-2026-41086
Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network...
CVE-2026-41102
Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally...
CVE-2026-40381
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally...
CVE-2026-40370
External control of file name or path in SQL Server allows an authorized attacker to execute code over a network...
CVE-2026-40365
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...
CVE-2026-35436
Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally...
CVE-2026-32204
External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally...
CVE-2026-33834
Improper access control in Windows Event Logging Service allows an authorized attacker to elevate privileges locally...
CVE-2026-28380
Any Editor could delete any snapshot, even if they have no access to read or write them...
CVE-2026-33377 Dashboard Import Overwrites ACL — Editor Privilege Escalation to Dashboard Admin
An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard. The user must have write access to the dashboard to escalate privilege...
CVE-2026-33377 Dashboard Import Overwrites ACL — Editor Privilege Escalation to Dashboard Admin
An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard. The user must have write access to the dashboard to escalate privilege...
CVE-2026-30905
External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access...