CVSS: 8.8EPSS: 0%CPEs: 23EXPL: 0CVE-2026-32157 – Remote Desktop Client Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2026-32157
14 Apr 2026 — Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32157 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2026-32154 – Desktop Window Manager Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-32154
14 Apr 2026 — Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32154 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 0CVE-2026-23674 – MapUrlToZone Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2026-23674
10 Mar 2026 — Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23674 • CWE-41: Improper Resolution of Path Equivalence •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2026-26128 – Windows SMB Server Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-26128
10 Mar 2026 — Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26128 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 21EXPL: 0CVE-2026-26111 – Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2026-26111
10 Mar 2026 — Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26111 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2026-25190 – Windows GDI Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2026-25190
10 Mar 2026 — Untrusted search path in Windows GDI allows an unauthorized attacker to execute code locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25190 • CWE-426: Untrusted Search Path •
CVSS: 8.8EPSS: 0%CPEs: 21EXPL: 0CVE-2026-25188 – Windows Telephony Service Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-25188
10 Mar 2026 — Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to elevate privileges over an adjacent network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25188 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2026-25187 – Winlogon Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-25187
10 Mar 2026 — Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25187 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.5EPSS: 0%CPEs: 21EXPL: 0CVE-2026-25186 – Windows Accessibility Infrastructure (ATBroker.exe) Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-25186
10 Mar 2026 — Exposure of sensitive information to an unauthorized actor in Windows Accessibility Infrastructure (ATBroker.exe) allows an authorized attacker to disclose information locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25186 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 21EXPL: 0CVE-2026-25185 – Windows Shell Link Processing Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2026-25185
10 Mar 2026 — Exposure of sensitive information to an unauthorized actor in Windows Shell Link Processing allows an unauthorized attacker to perform spoofing over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25185 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •