CVE-2026-26155
Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26155
Tagged: Cybersecurity Alert
CVE-2026-26156
Heap-based buffer overflow in Windows Hyper-V allows an unauthorized attacker to execute code locally. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26156
CVE-2026-26152
Insecure storage of sensitive information in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26152
CVE-2026-26153
Out-of-bounds read in Windows Encrypting File System (EFS) allows an authorized attacker to elevate privileges locally. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26153
CVE-2026-26154
Improper input validation in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26154
CVE-2026-26151
Insufficient ui warning of dangerous operations in Windows Remote Desktop allows an unauthorized attacker to perform spoofing over a network. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26151
CVE-2026-24906
October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a Stored Cross-Site Scripting (XSS) vulnerability in the Backend Editor Settings. The Markup Classes fields (used for...
CVE-2026-24907
October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a stored cross-site scripting (XSS) vulnerability in the Event Log mail preview feature. When viewing logged mail...
CVE-2026-25184
Concurrent execution using shared resource with improper synchronization (‘race condition’) in Applocker Filter Driver (applockerfltr.sys) allows an authorized attacker to elevate privileges locally. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25184
CVE-2026-26143
Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26143
CVE-2026-26149
Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to perform spoofing over a network. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26149
CVE-2026-23653
Improper neutralization of special elements used in a command (‘command injection’) in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23653
CVE-2026-23657
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23657
CVE-2026-23666
Improper input validation in .NET Framework allows an unauthorized attacker to deny service over a network. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23666