Filtered by vendor Microsoft
Subscriptions
Total
23762 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-2314 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-04-17 | 8.8 High |
| Heap buffer overflow in Codecs in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-2315 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-04-17 | 8.8 High |
| Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-2316 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-04-17 | 6.5 Medium |
| Insufficient policy enforcement in Frames in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-2318 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-04-17 | 6.5 Medium |
| Inappropriate implementation in PictureInPicture in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-2319 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-04-17 | 7.5 High |
| Race in DevTools in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures and install a malicious extension to potentially exploit object corruption via a malicious file. (Chromium security severity: Medium) | ||||
| CVE-2026-2321 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-04-17 | 8.8 High |
| Use after free in Ozone in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-2322 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-04-17 | 5.4 Medium |
| Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-2323 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-04-17 | 4.3 Medium |
| Inappropriate implementation in Downloads in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-2026 | 2 Microsoft, Tenable | 3 Windows, Agent, Nessus Agent | 2026-04-17 | 6.1 Medium |
| A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service (DoS) attacks. | ||||
| CVE-2026-32220 | 1 Microsoft | 8 Windows 11 24h2, Windows 11 24h2, Windows 11 25h2 and 5 more | 2026-04-17 | 4.4 Medium |
| Improper access control in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally. | ||||
| CVE-2026-32221 | 1 Microsoft | 8 Windows 11 24h2, Windows 11 24h2, Windows 11 25h2 and 5 more | 2026-04-17 | 8.4 High |
| Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-32222 | 1 Microsoft | 8 Windows 11 24h2, Windows 11 24h2, Windows 11 25h2 and 5 more | 2026-04-17 | 7.8 High |
| Untrusted pointer dereference in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-32223 | 1 Microsoft | 8 Windows 11 24h2, Windows 11 24h2, Windows 11 25h2 and 5 more | 2026-04-17 | 6.8 Medium |
| Heap-based buffer overflow in Windows USB Print Driver allows an unauthorized attacker to elevate privileges with a physical attack. | ||||
| CVE-2026-32224 | 1 Microsoft | 2 Windows 11 26h1, Windows 11 26h1 | 2026-04-17 | 7 High |
| Use after free in Windows Server Update Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-32225 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-04-17 | 8.8 High |
| Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network. | ||||
| CVE-2026-33096 | 1 Microsoft | 15 Windows 11 22h3, Windows 11 23h2, Windows 11 23h2 and 12 more | 2026-04-17 | 7.5 High |
| Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-33098 | 1 Microsoft | 25 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 22 more | 2026-04-17 | 7.8 High |
| Use after free in Windows Container Isolation FS Filter Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-33099 | 1 Microsoft | 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more | 2026-04-17 | 7 High |
| Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-33100 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-04-17 | 7 High |
| Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-33101 | 1 Microsoft | 12 Windows 11 24h2, Windows 11 24h2, Windows 11 25h2 and 9 more | 2026-04-17 | 7.8 High |
| Use after free in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally. | ||||