CVE-2026-27928
Improper input validation in Windows Hello allows an unauthorized attacker to bypass a security feature over a network. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27928
Tagged: Cybersecurity Alert
CVE-2026-27929
Time-of-check time-of-use (toctou) race condition in Windows LUAFV allows an authorized attacker to elevate privileges locally. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27929
CVE-2026-27930
Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27930
CVE-2026-27924
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27924
CVE-2026-27925
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to disclose information over an adjacent network. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27925
CVE-2026-27926
Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27926
CVE-2026-27927
Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Projected File System allows an authorized attacker to elevate privileges locally. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27927
CVE-2026-27922
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27922
CVE-2026-27923
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27923
CVE-2026-27919
Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27919
CVE-2026-27920
Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27920
CVE-2026-27921
Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows TCP/IP allows an authorized attacker to elevate privileges locally. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27921
CVE-2026-27917
Use after free in Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) allows an authorized attacker to elevate privileges locally. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27917
CVE-2026-27918
Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Shell allows an authorized attacker to elevate privileges locally. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27918