Critical vulnerabilities, curated daily for security professionals
đ¯ SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
đ
Today's Security Brief
Wednesday's vulnerability disclosures highlight three maximum-severity (CVSS 9.9) vulnerabilities affecting SAP Business Planning (CVE-2026-27681), HP file handling (CVE-2026-38526), and an unknown multi-product component (CVE-2026-35031), all requiring immediate risk assessment. Critical CVEs rose to 23, a 21% increase over the prior day, while high-priority vulnerabilities climbed to 100, up 15%. Adobe Connect accounts for three critical flaws (CVE-2026-27303, CVE-2026-34615, CVE-2026-27243) spanning CVSS 9.3â9.6, and Microsoft products dominate the actively exploited list with confirmed exploitation across Exchange Server, Windows, SharePoint, and legacy Office components. Remote code execution and authentication bypass patterns are prominent across enterprise collaboration and document handling platforms. Patch availability currently stands at 0%, making compensating controls and network segmentation essential for all affected systems.
Three CVSS 9.9 vulnerabilities disclosed in SAP Business Planning, HP, and a multi-product component â highest severity in this cycle
23 critical CVEs (CVSS 9.0+), up 21% from the prior day's 19
100 high-priority CVEs (CVSS 7.0â8.9), up 15% from 87
Adobe Connect has three critical flaws (CVSS 9.3â9.6) affecting authentication and session handling
Patch availability is at 0% â no vendor fixes are currently available for any disclosed vulnerability
10 actively exploited vulnerabilities confirmed, including legacy Microsoft flaws dating back to 2009 and 2012
Immediate action: Prioritize risk assessment for SAP Business Planning, HP, and Adobe Connect environments, as these vendors carry the highest-severity scores with no patches available. Implement network segmentation, restrict access to affected services, and monitor for exploitation activity against Microsoft Exchange, SharePoint, and Windows systems where active exploitation is confirmed.
đĄ Tip: Swipe CVE cards left to â star, right to â remove
Section Navigation
â ī¸
CISA Known Exploited Vulnerabilities
â ī¸ CISA KEVURGENT
CVE-2026-21643
9.5đ
FortinetFortiClient EMS
â° Federal Deadline:April 15, 2026(1 days remaining)
An unauthenticated SQL injection vulnerability in Fortinet FortiClientEMS 7.4.4 allows for unauthorized code or command execution via crafted HTTP requests.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2026-3502
9.5
TrueConfClient
â° Federal Deadline:April 15, 2026(1 days remaining)
TrueConf Client Download of Code Without Integrity Check Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2012-1854
9.5đ Late Disclosure
MicrosoftVisual Basic for Applications (VBA)
â° Federal Deadline:April 26, 2026(12 days remaining)
Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-60710
9.5
MicrosoftWindows
â° Federal Deadline:April 26, 2026(12 days remaining)
Microsoft Windows Link Following Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2023-21529
9.5đ Late Disclosure
MicrosoftExchange Server
â° Federal Deadline:April 26, 2026(12 days remaining)
Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2023-36424
9.5đ Late Disclosure
MicrosoftWindows
â° Federal Deadline:April 26, 2026(12 days remaining)
Microsoft Windows Out-of-Bounds Read Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2020-9715
9.5đ Late Disclosure
AdobeAcrobat
â° Federal Deadline:April 26, 2026(12 days remaining)
Adobe Acrobat Use-After-Free Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2026-34621
9.5đ
AdobeAcrobat and Reader
â° Federal Deadline:April 26, 2026(12 days remaining)
Adobe Acrobat Reader is vulnerable to prototype pollution, which can result in arbitrary code execution when a victim opens a malicious file.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2009-0238
9.5đ Late Disclosure
MicrosoftOffice
â° Federal Deadline:April 27, 2026(13 days remaining)
Microsoft Office Remote Code Execution - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2026-32201
9.5
MicrosoftSharePoint Server
â° Federal Deadline:April 27, 2026(13 days remaining)
Microsoft SharePoint Server Improper Input Validation Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
đ¨
Critical Vulnerabilities
CVE-2026-40289
9.1
SUSEof model
PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the browser bridge (praisonai browser start) is vulnerable to unauthenticated remote session hijacking due to missing authentication and a bypassable origin check on its /ws WebSocket endpoint. The server binds to 0.0.0.0 by default and only validates the Origin header when one is present, meaning any non-browser client that omits the header is accepted without restriction. An unauthenticated network attacker can connect, send a start_session message, and the server will route it to the first idle browser-extension WebSocket (effectively hijacking that session) and then broadcast all resulting automation actions and outputs back to the attacker. This enables unauthorized remote control of connected browser automation sessions, leakage of sensitive page context and automation results, and misuse of model-backed browser actions in any environment where the bridge is network-reachable. This issue has been fixed in versions 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents.
CVSS Base9.1
â
CRSSelect profile
CVE-2026-40313
9.1đ
GitHubActions workflows
PraisonAI GitHub Actions workflows are vulnerable to credential leakage via the ArtiPACKED attack, allowing unauthorized access to repository secrets and supply chain compromise.
CVSS Base9.1
â
CRSSelect profile
CVE-2026-40288
9.8đ
Teamssystem
The PraisonAI workflow engine is vulnerable to arbitrary command and code execution via untrusted YAML configuration files.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-65135
9.8
HPthrough the
In manikandan580 School-management-system 1.0, a time-based blind SQL injection vulnerability exists in /studentms/admin/between-date-reprtsdetails.php through the fromdate POST parameter.
CVSS Base9.8
â
CRSSelect profile
CVE-2026-27303
9.6
AdobeConnect versions
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.
CVSS Base9.6
â
CRSSelect profile
CVE-2026-35031
9.9
UnknownMultiple Products
Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the subtitle upload endpoint (POST /Videos/{itemId}/Subtitles), where the Format field is not validated, allowing path traversal via the file extension and enabling arbitrary file write. This arbitrary file write can be chained into arbitrary file read via .strm files, database extraction, admin privilege escalation, and ultimately remote code execution as root via ld.so.preload. Exploitation requires an administrator account or a user that has been explicitly granted the "Upload Subtitles" permission. This issue has been fixed in version 10.11.7. If users are unable to upgrade immediately, they can grant non-administrator users Subtitle upload permissions to reduce attack surface.
CVSS Base9.9
â
CRSSelect profile
CVE-2026-34615
9.3
AdobeConnect versions
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.
CVSS Base9.3
â
CRSSelect profile
CVE-2026-27681
9.9
SAPBusiness Planning
Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL statements to read, modify, and delete database data. This leads to a high impact on the confidentiality, integrity, and availability of the system.
CVSS Base9.9
â
CRSSelect profile
CVE-2026-38526
9.9
HPfile
An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x allows attackers to execute arbitrary code via uploading a crafted PHP file.
CVSS Base9.9
â
CRSSelect profile
CVE-2026-27243
9.3
AdobeConnect versions
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Scope is changed.
CVSS Base9.3
â
CRSSelect profile
CVE-2026-27245
9.3
AdobeConnect versions
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Scope is changed.
CVSS Base9.3
â
CRSSelect profile
CVE-2026-27246
9.3
AdobeConnect versions
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.
CVSS Base9.3
â
CRSSelect profile
CVE-2026-34457
9.1đ
Nginxauth
OAuth2 Proxy contains an authentication bypass vulnerability when integrated with Nginx auth_request, allowing unauthenticated access to protected resources.
CVSS Base9.1
â
CRSSelect profile
CVE-2026-26149
9
MicrosoftPower Apps
Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to bypass a security feature over a network.
CVSS Base9
â
CRSSelect profile
CVE-2025-63939
9.8
ArchMultiple Products
Improper input handling in /Grocery/search_products_itname.php, in anirudhkannan Grocery Store Management System 1.0, allows SQL injection via the sitem_name POST parameter.
CVSS Base9.8
â
CRSSelect profile
CVE-2026-33824
9.8
DoubleMultiple Products
Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.
CVSS Base9.8
â
CRSSelect profile
CVE-2026-39399
9.6
F5Multiple Products
NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend jobâs handling of .nuspec files within NuGet packages. An attacker can supply a crafted nuspec file with malicious metadata, leading to cross package metadata injection that may result in remote code execution (RCE) and/or arbitrary blob writes due to insufficient input validation. The issue is exploitable via URI fragment injection using unsanitized package identifiers, allowing an attacker to control the resolved blob path. This enables writes to arbitrary blobs within the storage container, not limited to .nupkg files, resulting in potential tampering of existing content. This issue has been patched in commit 0e80f87628349207cdcaf55358491f8a6f1ca276.
CVSS Base9.6
â
CRSSelect profile
CVE-2026-5752
9.3
Terrarium allowsMultiple Products
Sandbox Escape Vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal.
CVSS Base9.3
â
CRSSelect profile
CVE-2026-4365
9.1đ
WordPressis vulnerable
The LearnPress WordPress plugin is vulnerable to unauthorized data deletion because it lacks proper capability checks on the `delete_question_answer` function.
CVSS Base9.1
â
CRSSelect profile
CVE-2026-39808
9.8
FortinetFortiSandbox
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via <insert attack vector here>
CVSS Base9.8
â
CRSSelect profile
CVE-2026-39813
9.8đ
FortinetFortiSandbox
A path traversal vulnerability in Fortinet FortiSandbox allows unauthenticated attackers to achieve privilege escalation via crafted file paths.
CVSS Base9.8
â
CRSSelect profile
CVE-2026-6264
9.8
the TalendMultiple Products
A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector is the JMX monitoring port of the Talend JobServer. The vulnerability can be mitigated for the Talend JobServer by requiring TLS client authentication for the monitoring port; however, the patch must be applied for full mitigation. For Talend ESB Runtime, the vulnerability can be mitigated by disabling the JobServer JMX monitoring port, which is disabled by default from the R2024-07-RT patch.
CVSS Base9.8
â
CRSSelect profile
CVE-2026-27304
9.3
ColdFusionMultiple Products
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
CVSS Base9.3
â
CRSSelect profile
â ī¸
High Priority Updates
CVE-2026-32190
8.4
MicrosoftOffice allows
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally
CVSS Base8.4
â
CRSSelect profile
CVE-2026-32221
8.4
MicrosoftGraphics Component
Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code locally
CVSS Base8.4
â
CRSSelect profile
CVE-2026-33115
8.4
MicrosoftOffice Word
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally
CVSS Base8.4
â
CRSSelect profile
CVE-2026-23657
7.8
MicrosoftOffice Word
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-26181
7.8
MicrosoftBrokering File
Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-27909
7.8
MicrosoftWindows Search
Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-32153
7.8
MicrosoftWindows Speech
Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-32171
8.8
AzureLogic Apps
Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network
CVSS Base8.8
â
CRSSelect profile
CVE-2026-32089
7.8
UnknownMultiple Products
Use after free in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-34617
8.7
AdobeConnect versions
Adobe Connect versions 2025
CVSS Base8.7
â
CRSSelect profile
CVE-2026-27290
8.6
AdobeFramemaker versions
Adobe Framemaker versions 2022
CVSS Base8.6
â
CRSSelect profile
CVE-2026-40287
8.4
Teamssystem
PraisonAI is a multi-agent teams system
CVSS Base8.4
â
CRSSelect profile
CVE-2026-32091
8.4
MicrosoftBrokering File
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally
CVSS Base8.4
â
CRSSelect profile
CVE-2026-33114
8.4
MicrosoftOffice Word
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally
CVSS Base8.4
â
CRSSelect profile
CVE-2026-26143
7.8
MicrosoftPowerShell allows
Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-26170
7.8
MicrosoftPowerShell allows
Improper input validation in Microsoft PowerShell allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-27914
7.8
MicrosoftManagement Console
Improper access control in Microsoft Management Console allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-26159
7.8
UnknownMultiple Products
Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-26160
7.8
UnknownMultiple Products
Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-26183
7.8
UnknownMultiple Products
Improper access control in Windows RPC API allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-32090
7.8
ConcurrentMultiple Products
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-35337
8.8
ApacheStorm
Deserialization of Untrusted Data vulnerability in Apache Storm
CVSS Base8.8
â
CRSSelect profile
CVE-2026-39815
8.8
FortinetFortiDDoS
A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiDDoS-F 7
CVSS Base8.8
â
CRSSelect profile
CVE-2026-26156
7.8
UnknownMultiple Products
Heap-based buffer overflow in Windows Hyper-V allows an unauthorized attacker to execute code locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-26176
7.8
WindowsMultiple Products
Heap-based buffer overflow in Windows Client Side Caching driver (csc
CVSS Base7.8
â
CRSSelect profile
CVE-2026-26180
7.8
UnknownMultiple Products
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-27915
7.8
UnknownMultiple Products
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-27916
7.8
UnknownMultiple Products
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-32078
7.8
UnknownMultiple Products
Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-26167
8.8
ConcurrentMultiple Products
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally
CVSS Base8.8
â
CRSSelect profile
CVE-2026-26178
8.8
IntegerMultiple Products
Integer size truncation in Windows Advanced Rasterization Platform (WARP) allows an unauthorized attacker to elevate privileges locally
CVSS Base8.8
â
CRSSelect profile
CVE-2026-32225
8.8
ProtectionMultiple Products
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network
CVSS Base8.8
â
CRSSelect profile
CVE-2026-27928
8.7
UnknownMultiple Products
Improper input validation in Windows Hello allows an unauthorized attacker to bypass a security feature over a network
CVSS Base8.7
â
CRSSelect profile
CVE-2026-34622
8.6
ReaderMultiple Products
Acrobat Reader versions 26
CVSS Base8.6
â
CRSSelect profile
CVE-2026-22828
8.1
FortinetFortiAnalyzer Cloud
A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer Cloud 7
CVSS Base8.1
â
CRSSelect profile
CVE-2025-69627
8.4
forMultiple Products
Nitro PDF Pro for Windows 14
CVSS Base8.4
â
CRSSelect profile
CVE-2026-32162
8.4
UnknownMultiple Products
Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate privileges locally
CVSS Base8.4
â
CRSSelect profile
CVE-2026-28291
8.1
UnknownMultiple Products
simple-git enables running native Git commands from JavaScript
CVSS Base8.1
â
CRSSelect profile
CVE-2026-33827
8.1
ConcurrentMultiple Products
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network
CVSS Base8.1
â
CRSSelect profile
CVE-2026-27912
8
UnknownMultiple Products
Improper authorization in Windows Kerberos allows an authorized attacker to elevate privileges over an adjacent network
CVSS Base8
â
CRSSelect profile
CVE-2026-33826
8
UnknownMultiple Products
Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network
CVSS Base8
â
CRSSelect profile
CVE-2026-33858
8.8
ApacheAirflow
Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code
CVSS Base8.8
â
CRSSelect profile
CVE-2026-38529
8.8
HPendpoint of
A Broken Object-Level Authorization (BOLA) in the /Settings/UserController
CVSS Base8.8
â
CRSSelect profile
CVE-2026-35196
8.8
HPendpoint within
Chamilo LMS is an open-source learning management system
CVSS Base8.8
â
CRSSelect profile
CVE-2026-20930
7.8
ConcurrentMultiple Products
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-26153
7.8
UnknownMultiple Products
Out-of-bounds read in Windows Encrypting File System (EFS) allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-26161
7.8
UntrustedMultiple Products
Untrusted pointer dereference in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-26162
7.8
UnknownMultiple Products
Access of resource using incompatible type ('type confusion') in Windows OLE allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-26163
7.8
DoubleMultiple Products
Double free in Windows Kernel allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-26168
7.8
ConcurrentMultiple Products
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-26172
7.8
ConcurrentMultiple Products
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-26179
7.8
DoubleMultiple Products
Double free in Windows Kernel allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-26184
7.8
BufferMultiple Products
Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-27907
7.8
IntegerMultiple Products
Integer underflow (wrap or wraparound) in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-27910
7.8
ImproperMultiple Products
Improper handling of insufficient permissions or privileges in Windows Installer allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-27911
7.8
ConcurrentMultiple Products
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-27918
7.8
ConcurrentMultiple Products
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-27919
7.8
UntrustedMultiple Products
Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-27920
7.8
UntrustedMultiple Products
Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-27927
7.8
ConcurrentMultiple Products
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Projected File System allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-32069
7.8
DoubleMultiple Products
Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-32074
7.8
DoubleMultiple Products
Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-32076
7.8
UnknownMultiple Products
Out-of-bounds read in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-32077
7.8
UntrustedMultiple Products
Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-32158
7.8
ConcurrentMultiple Products
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-32159
7.8
ConcurrentMultiple Products
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-32160
7.8
ConcurrentMultiple Products
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-34160
8.6
HPis accessible
Chamilo LMS is an open-source learning management system
CVSS Base8.6
â
CRSSelect profile
CVE-2026-38530
8.1
HPendpoint of
A Broken Object-Level Authorization (BOLA) in the /Controllers/Lead/LeadController
CVSS Base8.1
â
CRSSelect profile
CVE-2026-38532
8.1
HPendpoint of
A Broken Object-Level Authorization (BOLA) in the /Contact/Persons/PersonController
CVSS Base8.1
â
CRSSelect profile
CVE-2026-40040
8.8
HPMultiple Products
Pachno 1
CVSS Base8.8
â
CRSSelect profile
CVE-2026-32157
8.8
DesktopMultiple Products
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network
CVSS Base8.8
â
CRSSelect profile
CVE-2026-6196
8.8
TendaF456
A vulnerability was detected in Tenda F456 1
CVSS Base8.8
â
CRSSelect profile
CVE-2026-6197
8.8
TendaF456
A flaw has been found in Tenda F456 1
CVSS Base8.8
â
CRSSelect profile
CVE-2026-6198
8.8
TendaF456
A vulnerability has been found in Tenda F456 1
CVSS Base8.8
â
CRSSelect profile
CVE-2026-6199
8.8
TendaF456
A vulnerability was found in Tenda F456 1
CVSS Base8.8
â
CRSSelect profile
CVE-2026-6200
8.8
TendaF456
A vulnerability was determined in Tenda F456 1
CVSS Base8.8
â
CRSSelect profile
CVE-2026-27923
7.8
WindowMultiple Products
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-27924
7.8
WindowMultiple Products
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-32152
7.8
WindowMultiple Products
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-32154
7.8
WindowMultiple Products
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-32155
7.8
WindowMultiple Products
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-1462
8.8
theMultiple Products
A vulnerability in the `TFSMLayer` class of the `keras` package, version 3
CVSS Base8.8
â
CRSSelect profile
CVE-2026-6186
8.8
UTTMultiple Products
A security vulnerability has been detected in UTT HiPER 1200GW up to 2
CVSS Base8.8
â
CRSSelect profile
CVE-2026-6194
8.8
TotolinkMultiple Products
A weakness has been identified in Totolink A3002MU B20211125
CVSS Base8.8
â
CRSSelect profile
CVE-2026-25654
8.8
UnknownMultiple Products
A vulnerability has been identified in SINEC NMS (All versions < V4
CVSS Base8.8
â
CRSSelect profile
CVE-2026-27668
8.8
AccessMultiple Products
A vulnerability has been identified in RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) (All versions < V5
CVSS Base8.8
â
CRSSelect profile
CVE-2026-33120
8.8
SQLMultiple Products
Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network
CVSS Base8.8
â
CRSSelect profile
CVE-2026-24893
8.8
monitoringMultiple Products
openITCOCKPIT is an open source monitoring tool built for different monitoring engines
CVSS Base8.8
â
CRSSelect profile
CVE-2026-40291
8.8
PUTMultiple Products
Chamilo LMS is an open-source learning management system
CVSS Base8.8
â
CRSSelect profile
CVE-2026-27305
8.6
ColdFusionMultiple Products
ColdFusion versions 2023
CVSS Base8.6
â
CRSSelect profile
CVE-2026-38527
8.5
UnknownMultiple Products
A Server-Side Request Forgery (SSRF) in the /settings/webhooks/create component of Webkul Krayin CRM v2