SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense, Artificial Intelligence
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
VOLUME 26ISSUE 15
The Consensus Security Vulnerability Alert
Internet Storm Center Spotlight
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Microsoft Patch Tuesday April 2026
Published: 2026-04-14
Last Updated: 2026-04-14 17:46:09 UTC
by Johannes Ullrich (Version: 1)
This month's Microsoft Patch Tuesday looks like a record one, but let's look at it a bit closer to understand what is happening:
The update patches a total of 243 vulnerabilities. However, 78 of them are Chromium issues affecting Microsoft Edge. Patches for Edge were released earlier. This leaves 165 vulnerabilities that are not Edge-related. Of these, 8 are rated critical, and 154 are important. One vulnerability has already been exploited, and another was made public before today but has not yet been seen in the wild.
Noteworthy Vulnerabilities:
CVE-2026-33827 (Windows TCP/IP Remote Code Execution Vulnerability): As a packet nerd, I love these types of vulnerabilities. Need to know more to really figure out the impact. Microsoft describes this as a race condition, allowing attackers to execute arbitrary code over the network. Exploitation is likely tricky, but never underestimate the creativity of an AI aided attacker.
CVE-2026-33825 (Microsoft Defender Elevation of Privilege Vulnerability): This vulnerability has already been disclosed.
CVE-2026-32201 (Microsoft SharePoint Server Spoofing Vulnerability): Two similar SharePoint server spoofing vulnerabilities were patched this month. Both are rated important, and this particular one is already being exploited.
CVE-2026-33826 (Windows Active Directory Remote Code Execution Vulnerability): CVSS score of "only" 8.0, but critical according to Microsoft.
CVE-2026-32190 (Microsoft Office Remote Code Execution Vulnerability): Standard fair for every monthly patch Tuesday. These are often the more worrisome vulnerabilities. Two additional critical RCE vulnerabilities affect Word (CVE-2026-33114, CVE-2026-33115).
CVE-2026-32157 (Remote Desktop Client Remote Code Execution Vulnerability): Typically, these vulnerabilities require a user to connect to a malicious RDP server, but connections may be initiated by clicking on an "rdp:" link.
CVE-2026-33824 (Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability): IKE, part of IPSEC, is usually not enabled by default. It isn't clear yet what the exact exploitation requirements are (will update once MSFT's page responds again)
CVE-2026-23666 (.NET Framework Denial of Service Vulnerability): Just a denial of service. Not sure why this deserved "critical".
Read the full entry: https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+April+2026/32898/
Scans for EncystPHP Webshell
Published: 2026-04-13
Last Updated: 2026-04-13 13:02:50 UTC
by Johannes Ullrich (Version: 1)
Last week, I wrote about attackers scanning for various webshells, hoping to find some that do not require authentication or others that use well-known credentials. But some attackers are paying attention and are deploying webshells with more difficult-to-guess credentials. Today, I noticed some scans for what appears to be the "EncystPHP" web shell. Fortinet wrote about this webshell back in January. It appears to be a favorite among attackers compromising vulnerable FreePBX systems.
The requests I observed look like ...
This URL matches what Fortinet reported back in January.
The parameter name "md5" is a bit misleading. The webshell will just compare the string. The parameter is not necessarily the MD5 hash of a specific "password"; any string will work as long as it matches the hard-coded string in the webshell. The string above has the correct length for an MD5 hash, but I wasn't able to find it in common MD5 hash databases. It is very possible that only a few different values are used across different attack campaigns. Many attackers may just "copy/paste" the code, including this access secret ...
Read the full entry: https://isc.sans.edu/diary/Scans+for+EncystPHP+Webshell/32892/
Obfuscated JavaScript or Nothing
Published: 2026-04-09
Last Updated: 2026-04-10 06:40:46 UTC
by Xavier Mertens (Version: 1)
I spotted an interesting piece of JavaScript code that was delivered via a phishing email in a RAR archive. The file was called ... and is only identified as malicious by 15 AV’s on VirusTotal.
The file is pretty big (10MB) and contains a copy of the AsmDB project lib. The purpose is unknown.
As usual with JavaScript, the file is pretty well obfuscated and contains UTF characters (supported on Windows) but, when you scroll a bit, some code is disclosed ...
Read the full entry: https://isc.sans.edu/diary/Obfuscated+JavaScript+or+Nothing/32884/
OTHER INTERNET STORM CENTER ENTRIES
Scanning for AI Models (2026.04.14)
https://isc.sans.edu/diary/Scanning+for+AI+Models/32896/
Number Usage in Passwords: Take Two (2026.04.09)
https://isc.sans.edu/diary/Number+Usage+in+Passwords+Take+Two/32866/
TeamPCP Supply Chain Campaign: Update 007 - Cisco Source Code Stolen via Trivy-Linked Breach, Google GTIG Tracks TeamPCP as UNC6780, and CISA KEV Deadline Arrives with No Standalone Advisory (2026.04.08)
More Honeypot Fingerprinting Scans (2026.04.08)
https://isc.sans.edu/diary/More+Honeypot+Fingerprinting+Scans/32878/
Recent CVEs
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
CVE-2026-32201 - Microsoft SharePoint Server Spoofing Vulnerability
Product: Microsoft SharePoint Server
CVSS Score: 6.5
** KEV since 2026-04-14 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-32201
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201
KEV Reference: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-32201
CVE-2026-34621 - Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are vulnerable to an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') allowing arbitrary code execution through user interaction with a malicious file.
Product: Adobe Acrobat Reader
CVSS Score: 8.6
** KEV since 2026-04-13 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-34621
ISC Podcast: https://isc.sans.edu/podcastdetail/9888
NVD References: https://helpx.adobe.com/security/products/acrobat/apsb26-43.html
KEV Reference: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34621
CVE-2026-5281 - Chromium: CVE-2026-5281 Use after free in Dawn
Product: Google Chrome
CVSS Score: 0
** KEV since 2026-04-01 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-5281
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5281
KEV Reference: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-5281
CVE-2026-5272 through CVE-2026-5277, CVE-2026-5279, CVE-2026-5280, CVE-2026-5283 through CVE-2026-5287, CVE-2026-5289 through CVE-2026-5292, CVE-2026-5858 through CVE-2026-5915, CVE-2026-5918 & CVE-2026-59159 - Multiple vulnerabilities in Chromium
Product: Google Chrome
ISC Diary: https://isc.sans.edu/diary/32898
References:
- https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2026
CVE-2026-40175 - Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain
Product: Axios
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-40175
ISC Podcast: https://isc.sans.edu/podcastdetail/9890
NVD References: https://github.com/axios/axios/security/advisories/GHSA-fvcv-3m26-pcqx
CVE-2026-33824 - Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability
Product: Microsoft Windows IKE Extension
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-33824
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33824
CVE-2026-34197 - Apache ActiveMQ Broker, Apache ActiveMQ is vulnerable to improper input validation and improper control of generation of code ('code injection') through the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console, allowing authenticated attackers to execute arbitrary code on the broker's JVM.
Product: Apache ActiveMQ Broker
CVSS Score: 8.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-34197
ISC Podcast: https://isc.sans.edu/podcastdetail/9886
NVD References: http://www.openwall.com/lists/oss-security/2026/04/06/3
CVE-2026-26149 - Microsoft Power Apps Security Feature Bypass
Product: Microsoft Power Apps
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-26149
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26149
CVE-2026-27140 - Code execution vulnerability in SWIG code generation in cmd/go
Product: SWIG file names
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-27140
CVE-2026-23666, CVE-2026-26171, CVE-2026-32178, CVE-2026-32203, CVE-2026-33116 - .NET Framework vulnerabilities
Product: Microsoft .NET Framework
CVSS Score: 7.5
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23666
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26171
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32178
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32203
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33116
CVE-2026-32157 - Remote Desktop Client Remote Code Execution Vulnerability
Product: Remote Desktop Client Microsoft
CVSS Score: 8.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-32157
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32157
CVE-2026-32190 - Microsoft Office Remote Code Execution Vulnerability
Product: Microsoft Office
CVSS Score: 8.4
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-32190
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32190
CVE-2026-23657, CVE-2026-33095, CVE-2026-33114 & CVE-2026-33115 - Microsoft Word Remote Code Execution Vulnerabilities
Product: Microsoft Word
CVSS Score: 8.4
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23657
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33095
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33114
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33115
CVE-2026-33825 - Microsoft Defender Elevation of Privilege Vulnerability
Product: Microsoft Defender
CVSS Score: 7.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-33825
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33825
CVE-2026-33826 - Windows Active Directory Remote Code Execution Vulnerability
Product: Microsoft Windows Active Directory
CVSS Score: 8.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-33826
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33826
CVE-2026-33827 - Windows TCP/IP Remote Code Execution Vulnerability
Product: Microsoft Windows TCP/IP
CVSS Score: 8.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-33827
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33827
CVE-2025-6965 - Integer Truncation on SQLite
Product: SQLite
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-6965
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-6965
CVE-2021-4473 - The Tianxin Internet Behavior Management System contains a command injection vulnerability in the Reporter component endpoint, allowing unauthenticated attackers to execute arbitrary commands and achieve remote code execution.
Product: Tianxin Internet Behavior Management System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-4473
NVD References: https://www.vulncheck.com/advisories/tianxin-internet-behavior-management-system-command-injection-via-toquery-php
CVE-2026-22679 - Weaver (Fanwei) E-cology 10.0 versions prior to 20260312 have an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by invoking exposed debug functionality.
Product: Weaver (Fanwei) E-cology 10.0
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-22679
NVD References: https://www.vulncheck.com/advisories/weaver-e-cology-unauthenticated-rce-via-dubboapi-debug-endpoint
CVE-2026-5731, CVE-2026-5734, CVE-2026-5735 - Memory safety bugs in Firefox, Firefox ESR, Thunderbird, and Thunderbird ESR.
Product: Mozilla Firefox ESR, Thunderbird ESR, Firefox, Thunderbird
CVSS Scores: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-5731
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-5734
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-5735
NVD References:
- https://www.mozilla.org/security/advisories/mfsa2026-25/
- https://www.mozilla.org/security/advisories/mfsa2026-26/
- https://www.mozilla.org/security/advisories/mfsa2026-27/
- https://www.mozilla.org/security/advisories/mfsa2026-28/
- https://www.mozilla.org/security/advisories/mfsa2026-29/
CVE-2025-52908, CVE-2025-52909 & CVE-2025-62818 - Vulnerabilities in Samsung Mobile Processor, Wearable Processor, and Modem Exynos models
Product: Samsung Mobile Processor, Wearable Processor, and Modem Exynos
CVSS Scores: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-52908 (buffer overflow)
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-52909 (buffer overflow)
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-62818 (out-of-bounds write)
NVD References:
- https://semiconductor.samsung.com/support/quality-support/product-security-updates/
- https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-52908/
- https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-52909/
- https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-62818/
CVE-2026-20889, CVE-2026-20911, CVE-2026-21413 - Heap-based buffer overflow vulnerabilities in LibRaw
Product: Libraw
CVSS Scores: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-20889
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-20911
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-21413
NVD References:
- https://talosintelligence.com/vulnerability_reports/TALOS-2026-2358
- https://talosintelligence.com/vulnerability_reports/TALOS-2026-2330
- https://talosintelligence.com/vulnerability_reports/TALOS-2026-2331
CVE-2026-30079 - OpenAirInterface V2.2.0 AMF is vulnerable to out-of-sequence messages during UE registration, allowing authentication to be bypassed completely.
Product: OpenAirInterface
CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-30079
NVD References: https://gitlab.eurecom.fr/oai/cn5g/oai-cn5g-amf/-/issues/77
CVE-2026-35458 - Gotenberg does not properly timeout user-supplied scope patterns, allowing users to hang workers indefinitely.
Product: Gotenberg
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-35458
NVD References: https://github.com/gotenberg/gotenberg/security/advisories/GHSA-fmwg-qcqh-m992
CVE-2026-4277 - Django: Add permissions on inline model instances were not validated leading to potential security issues in versions before 6.0.4, 5.2.13, and 4.2.30.
Product: Django Project
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-4277
NVD References: https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
CVE-2026-33815 & CVE-2026-33816 - Memory-safety vulnerabilities in github.com/jackc/pgx/v5.
Product: Pgx Project
CVSS Scores: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-33815
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-33816
CVE-2026-35490 - Changedetection.io prior to version 0.54.8 has a vulnerability where the @login_optionally_required decorator is placed before @blueprint.route(), causing authentication to be disabled on certain routes.
Product: Changedetection
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-35490
NVD References: https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-jmrh-xmgh-x9j4
CVE-2026-23696 - Windmill CE and EE versions 1.276.0 through 1.603.2 are vulnerable to SQL injection, enabling authenticated attackers to access sensitive data and execute arbitrary code.
Product: Windmill CE and EE versions
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-23696
NVD References: https://www.vulncheck.com/advisories/windmill-file-ownership-handling-sqli-rce
CVE-2026-35614 & CVE-2026-39351 - Vulnerabilities in the Frappe full-stack web application framework.
Product: Frappe
CVSS Scores: 9.1 - 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-35614 (SQL injection)
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-39351 (missing authorization)
NVD References:
- https://github.com/frappe/frappe/security/advisories/GHSA-583g-fg76-fhfr
- https://github.com/frappe/frappe/security/advisories/GHSA-8ggw-hfr6-rw3x
CVE-2026-39305, CVE-2026-39888, CVE-2026-39890, CVE-2026-40088, CVE-2026-40154, CVE-2026-40288, CVE-2026-40289, CVE-2026-40313 - Multiple vulnerabilities in PraisonAI.
Product: PraisonAI Action Orchestrator
CVSS Scores: 9.0 - 9.9
NVD References:
- https://unit42.paloaltonetworks.com/github-repo-artifacts-leak-tokens
- https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-jfxc-v5g9-38xr
- https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-qf73-2hrx-xprp
- https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-32vr-5gcf-3pw2
- https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-2763-cj5r-c79m
- https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-pv9q-275h-rh7x
- https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-vc46-vw85-3wvm
- https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-8x8f-54wf-vv92
- https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-3959-6v5q-45q2
CVE-2026-4631 - Cockpit's remote login feature allows attackers to inject malicious SSH options or shell commands without validation, leading to code execution on the host.
Product: Cockpit Remote Login feature
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-4631
NVD References: https://www.openwall.com/lists/oss-security/2026/04/10/5
CVE-2026-28386 - OpenSSL FIPS module in version 3.6 is affected by an out-of-bounds read vulnerability when processing partial cipher blocks with AES-CFB128 encryption on systems with AVX-512 and VAES support.
Product: OpenSSL FIPS module
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-28386
NVD References: https://openssl-library.org/news/secadv/20260407.txt
CVE-2026-39846 - SiYuan, a personal knowledge management system, is vulnerable to remote code execution via malicious notes synced to another user prior to version 3.6.4.
Product: SiYuan personal knowledge management system
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-39846
NVD References: https://github.com/siyuan-note/siyuan/security/advisories/GHSA-phhp-9rm9-6gr2
CVE-2026-39847 - Emmett is vulnerable to path traversal attacks in versions prior to 2.8.1, allowing attackers to read arbitrary files outside the assets directory.
Product: Emmett
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-39847
NVD References: https://github.com/emmett-framework/emmett/security/advisories/GHSA-pr46-2v3c-5356
CVE-2026-1346 - IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 may allow a locally authenticated user to escalate their privileges to root.
Product: IBM Security Verify Access
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-1346
NVD References: https://www.ibm.com/support/pages/node/7268253
CVE-2026-33229 - XWiki Platform is vulnerable to an improperly protected scripting API allowing users with script rights to execute arbitrary Python scripts and compromise the confidentiality, integrity, and availability of the instance before version 17.4.8 and 17.10.1.
Product: XWiki
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-33229
NVD References: https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h259-74h5-4rh9
CVE-2023-46945 - QD 20230821 is vulnerable to Server-side request forgery (SSRF) via a crafted request
Product: QD-Today
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46945
CVE-2026-39860 - Nix, a package manager for Linux and Unix systems, had a vulnerability that allowed users to gain root privileges by following symlinks during fixed-output derivation output registration.
Product: Nix
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-39860
NVD References: https://github.com/NixOS/nix/security/advisories/GHSA-g3g9-5vj6-r3gj
CVE-2026-34177, CVE-2026-34178, CVE-2026-34179 - Multiple vulnerabilities in Canonical LXD.
Product: Canonical LXD
CVSS Scores: 9.1
NVD References:
- https://github.com/canonical/lxd/security/advisories/GHSA-fm2x-c5qw-4h6f
- https://github.com/canonical/lxd/security/advisories/GHSA-q96j-3fmm-7fv4
- https://github.com/canonical/lxd/security/advisories/GHSA-c3h3-89qf-jqm5
CVE-2025-57735 - Airflow 3.1 did not invalidate JWT tokens upon logout, allowing for potential token reuse if intercepted, but Airflow 3.2+ now includes token invalidation at logout to address this vulnerability.
Product: Airflow
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-57735
NVD References: https://www.openwall.com/lists/oss-security/2026/04/09/16
CVE-2026-5442, CVE-2026-5443, CVE-2026-5445 - Multiple Heap Buffer Overflows in Orthanc DICOM Server
Product: Orthanc DICOM Server
CVSS Scores: 9.1 - 9.8
NVD References: https://kb.cert.org/vuls/id/536588
CVE-2026-39980 - OpenCTI allows users with the Manage customization capability to run arbitrary JavaScript in the context of the platform process prior to version 6.9.5.
Product: OpenCTI open source platform
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-39980
NVD References: https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-jv9r-jw2f-rhrf
CVE-2026-39912 - V2Board 1.6.1 through 1.7.4 and Xboard through 0.1.9 are vulnerable to exposing authentication tokens in HTTP response bodies, allowing unauthenticated attackers to obtain complete account access.
Product: V2Board and Xboard
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-39912
NVD References: https://www.vulncheck.com/advisories/v2board-xboard-authentication-token-exposure-via-loginwithmaillink
CVE-2026-29145 - Apache Tomcat and Apache Tomcat Native allow certain scenarios where CLIENT_CERT authentication does not fail as expected when soft fail is disabled, affecting versions from 11.0.0-M1 to 11.0.18, 10.1.0-M7 to 10.1.52, and 9.0.83 to 9.0.115, as well as versions of Apache Tomcat Native from 1.1.23 to 1.1.34, 1.2.0 to 1.2.39, 1.3.0 to 1.3.6, and 2.0.0 to 2.0.13.
Product: Apache Tomcat
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-29145
NVD References: https://lists.apache.org/thread/yz5fxmhd2j43wgqykssdo7kltws57jfz
CVE-2026-33784 - Juniper Networks Support Insights (JSI) Virtual Lightweight Collector (vLWC) is vulnerable to unauthorized control due to a default password issue in versions before 3.0.94.
Product: Juniper Networks Support Insights (JSI) Virtual Lightweight Collector (vLWC)
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-33784
NVD References: https://kb.juniper.net/JSA107871
CVE-2026-5412 - Juju versions prior to 2.9.57 and 3.6.21 have an authorization issue in the Controller facade, allowing authenticated users to extract sensitive cloud credentials.
Product: Juju Controller facade
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-5412
NVD References: https://github.com/juju/juju/security/advisories/GHSA-w5fq-8965-c969
CVE-2025-44560 - owntone-server 2ca10d9 is vulnerable to Buffer Overflow due to lack of recursive checking.
Product: owntone-server
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44560
CVE-2026-23781 - BMC Control-M/MFT 9.0.20 through 9.0.22 stores default debug user credentials in cleartext, posing a risk of unauthorized access to the MFT API debug interface.
Product: BMC Control-M/MFT
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-23781
NVD References: https://docs.bmc.com/xwiki/bin/view/Control-M-Orchestration/Control-M/ctm9022/Patches/Control-M-MFT-PAAFP-9-0-22-025/
CVE-2026-30232 - Chartbrew is vulnerable to Server-Side Request Forgery attacks due to allowing authenticated users to create API data connections with arbitrary URLs.
Product: Chartbrew
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-30232
NVD References: https://github.com/chartbrew/chartbrew/security/advisories/GHSA-p4rg-967r-w4cv
CVE-2026-31845 - Rukovoditel CRM version 3.6.4 and earlier has a reflected cross-site scripting vulnerability in the Zadarma telephony API endpoint due to the insecure direct object reference of user-supplied input.
Product: Rukovoditel CRM
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-31845
CVE-2019-25709 - CF Image Hosting Script 1.6.5 is vulnerable to unauthenticated attackers who can download and decode the application database to delete all pictures.
Product: CF Image Hosting Script CF Image Hosting Script 1.6.5
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2019-25709
NVD References: https://www.vulncheck.com/advisories/cf-image-hosting-script-unauthorized-database-access
CVE-2026-5085 - Solstice::Session versions through 1440 for Perl generates session ids insecurely by using predictable elements such as epoch time, stringified hash references, built-in rand() function, and process id, making it vulnerable to attacks.
Product: Solstice::Session
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-5085
NVD References: https://www.openwall.com/lists/oss-security/2026/04/13/2
CVE-2026-40042 & CVE-2026-40044 - Vulnerabilities in Pachno 1.0.6.
Product: Pachno 1.0.6
CVSS Score: 9.8
NVD References:
- https://www.vulncheck.com/advisories/pachno-wiki-textparser-xml-external-entity-injection
- https://www.vulncheck.com/advisories/pachno-filecache-deserialization-remote-code-execution
CVE-2026-22562, CVE-2026-22563, CVE-2026-22564 - Multiple vulnerabilities in UniFi Play devices.
Product Name: UniFi Play Devices
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-22562
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-22563
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-22564
NVD References: https://community.ui.com/releases/Security-Advisory-Bulletin-063/e468dd4b-5090-4ef8-89d8-939903c08e83
CVE-2026-27681 - SAP Business Planning and Consolidation and SAP Business Warehouse are vulnerable to SQL injection attacks, jeopardizing data confidentiality, integrity, and availability.
Product: SAP Business Planning and Consolidation
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-27681
CVE-2026-6264 - Talend JobServer and Talend Runtime are vulnerable to unauthenticated remote code execution via the JMX monitoring port.
Product: Talend JobServer
CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-6264
CVE-2026-38526 - Webkul Krayin CRM v2.2.x is vulnerable to an authenticated arbitrary file upload flaw in the /admin/tinymce/upload endpoint, enabling attackers to execute malicious PHP code.
Product: Webkul Krayin CRM
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-38526
NVD References: https://github.com/TREXNEGRO/Security-Advisories/blob/main/CVE-2026-38526/poc.md
Recent CVEs Continued
CVE-2026-39808 & CVE-2026-39813 - Vulnerabilities in Fortinet FortiSandbox.
Product: Fortinet FortiSandbox
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-39808 (OS command injection)
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-39813 (path traversal)
NVD References:
- https://fortiguard.fortinet.com/psirt/FG-IR-26-100
- https://fortiguard.fortinet.com/psirt/FG-IR-26-112
CVE-2026-20930 - Windows Management Services Elevation of Privilege Vulnerability
Product: Windows Management Services
CVSS Score: 7.8
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20930
CVE-2026-25184 - Applocker Filter Driver (applockerfltr.sys) Elevation of Privilege Vulnerability
Product: Applocker Filter Driver
CVSS Score: 7.0
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25184
CVE-2026-26151 - Microsoft Windows Remote Desktop Spoofing Vulnerability
Product: Microsoft Windows Remote Desktop
CVSS Score: 7.1
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26151
CVE-2026-26152 - Microsoft Cryptographic Services Elevation of Privilege Vulnerability
Product: Microsoft Windows Cryptographic Services
CVSS Score: 7.0
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26152
CVE-2026-26153 - Windows Encrypted File System (EFS) Elevation of Privilege Vulnerability
Product: Microsoft Windows Encrypting File System (EFS)
CVSS Score: 7.8
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26153
CVE-2026-26154, CVE-2026-26174, CVE-2026-32224 - Windows Server Update Service (WSUS) Vulnerabilities
Product: Microsoft Windows Server Update Service
CVSS Scores: 7.0 - 7.5
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26154
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26174
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32224
CVE-2026-26156 - Windows Hyper-V Remote Code Execution Vulnerabilities
Product: Microsoft Windows Hyper-V
CVSS Scores: 7.3 - 7.8
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26156
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32149
CVE-2026-26159, CVE-2026-26160 - Microsoft Windows Remote Desktop Licensing Service Elevation of Privilege Vulnerabilities
Product: Microsoft Windows Remote Desktop Licensing Service
CVSS Score: 7.8
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26159
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26160
CVE-2026-26161 - Windows Sensor Data Service Elevation of Privilege Vulnerability
Product: Microsoft Windows Sensor Data Service
CVSS Score: 7.8
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26161
CVE-2026-26162 - Windows OLE Elevation of Privilege Vulnerability
Product: Microsoft Windows OLE
CVSS Score: 7.8
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26162
CVE-2026-26165, CVE-2026-26166, CVE-2026-27918, CVE-2026-32225 - Windows Shell Elevation of Privilege Vulnerabilities
Product: Microsoft Windows Shell
CVSS Scores: 7.0 - 8.8
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26165
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26166
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27918
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32225
CVE-2026-26167, CVE-2026-26172, CVE-2026-32158, CVE-2026-32159, CVE-2026-32160 - Windows Push Notifications Elevation of Privilege Vulnerabilities
Product: Microsoft Windows Push Notifications
CVSS Scores: 7.8 - 8.8
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26167
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26172
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32158
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32159
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32160
CVE-2026-26168, CVE-2026-26173, CVE-2026-26177, CVE-2026-26182, CVE-2026-27922, CVE-2026-32073, CVE-2026-33099, CVE-2026-33100 - Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerabilities
Product: Microsoft Windows Ancillary Function Driver for WinSock
CVSS Scores: 7.0 - 7.8
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26168
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26173
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26177
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26182
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27922
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32073
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33099
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33100
CVE-2026-26143 & CVE-2026-26170 - Microsoft PowerShell Vulnerabilities
Product: Microsoft PowerShell
CVSS Score: 7.8
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26143
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26170
CVE-2026-26176 - Windows Client Side Caching driver (csc.sys) Elevation of Privilege Vulnerability
Product name: Windows Client Side Caching driver
CVSS Score: 7.8
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26176
CVE-2026-26178 - Windows Advanced Rasterization Platform Elevation of Privilege Vulnerability
Product: Microsoft Windows Advanced Rasterization Platform (WARP)
CVSS Score: 8.8
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26178
CVE-2026-26163, CVE-2026-26179, CVE-2026-26180, CVE-2026-32195 - Windows Kernel Elevation of Privilege Vulnerabilities
Product: Microsoft Windows Kernel
CVSS Score: 7.8
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26163
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26179
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26180
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32195
CVE-2026-26181, CVE-2026-32091, CVE-2026-32219 - Microsoft Brokering File System Elevation of Privilege Vulnerabilities
Product: Microsoft Brokering File System
CVSS Scores: 7.0 - 8.4
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26181
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32091
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32219
CVE-2026-26183, CVE-2026-26184, CVE-2026-27927, CVE-2026-32069, CVE-2026-32074, CVE-2026-32078 - Remote Access Management service/API (RPC server) Elevation of Privilege Vulnerabilities
Product: Microsoft Windows RPC API
CVSS Score: 7.8
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26183
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26184
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27927
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32069
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32074
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32078
CVE-2026-27243, CVE-2026-27245, CVE-2026-27246, CVE-2026-27303, CVE-2026-34615 - Multiple vulnerabilities in Adobe Connect.
Product: Adobe Connect
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-27243
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-27245
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-27246
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-27303
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-34615
NVD References: https://helpx.adobe.com/security/products/connect/apsb26-37.html
CVE-2026-27304 - ColdFusion versions 2023.18, 2025.6 and earlier are vulnerable to an Improper Input Validation flaw allowing arbitrary code execution without user interaction.
Product: Adobe ColdFusion
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-27304
NVD References: https://helpx.adobe.com/security/products/coldfusion/apsb26-38.html
CVE-2026-27915, CVE-2026-27916, CVE-2026-27919, CVE-2026-27920, CVE-2026-32075, CVE-2026-32077, CVE-2026-32156 - Windows UPnP Device Host Elevation of Privilege Vulnerabilities
Product: Microsoft Windows Universal Plug and Play (UPnP) Device Host
CVSS Scores: 7.4 - 7.8
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27915
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27916
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27919
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27920
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32075
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32077
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32156
CVE-2026-27923, CVE-2026-27924, CVE-2026-32152, CVE-2026-32154, CVE-2026-32155 - Desktop Window Manager Elevation of Privilege Vulnerabilities
Product: Microsoft Desktop Window Manager
CVSS Score: 7.8
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27923
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27924
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32152
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32154
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32155
CVE-2026-32068, CVE-2026-32082, CVE-2026-32083 - Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerabilities
Product: Microsoft Windows SSDP Service
CVSS Score: 7.0
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32068
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32082
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32083
CVE-2026-32086, CVE-2026-32087 - Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerabilities
Product: Microsoft Function Discovery Service
CVSS Score: 7.0
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32086
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32087
CVE-2026-32089, CVE-2026-32090 - Windows Speech Brokered API Elevation of Privilege Vulnerability
Product: Microsoft Windows Speech Brokered API
CVSS Score: 7.8
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32089
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32090
CVE-2026-32093, CVE-2026-32150 - Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerabilities
Product: Microsoft Function Discovery Service
CVSS Score: 7.0
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32093
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32150
CVE-2026-27907, CVE-2026-32076 - Windows Storage Spaces Controller Elevation of Privilege Vulnerabilities
Product: Microsoft Windows Storage Spaces Controller
CVSS Score: 7.8
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27907
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32076
CVE-2026-32153 - Windows Speech Runtime Elevation of Privilege Vulnerability
Product: Microsoft Windows Speech
CVSS Score: 7.8
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32153
CVE-2026-27908, CVE-2026-27921 - Windows TDI Translation Driver (tdx.sys) Elevation of Privilege Vulnerabilities
Product: Microsoft Windows TDI Translation Driver (tdx.sys)
CVSS Score: 7.0
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27908
-https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27921
CVE-2026-27909 - Windows Search Service Elevation of Privilege Vulnerability
Product: Microsoft Windows Search Component
CVSS Score: 7.8
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27909
CVE-2026-27910 - Windows Installer Elevation of Privilege Vulnerability
Product: Windows Installer
CVSS Score: 7.8
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27910
CVE-2026-27911, CVE-2026-32163, CVE-2026-32164, CVE-2026-32165 - Windows User Interface Core Elevation of Privilege Vulnerabilities
Product: Microsoft Windows User Interface Core
CVSS Score: 7.8
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27911
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32163
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32164
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32165
CVE-2026-27912 - Windows Kerberos Elevation of Privilege Vulnerability
Product: Microsoft Windows Kerberos
CVSS Score: 8.0
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27912
CVE-2026-27913 - Windows BitLocker Security Feature Bypass Vulnerability
Product: Microsoft Windows BitLocker
CVSS Score: 7.7
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27913
CVE-2026-27914 - Microsoft Management Console Elevation of Privilege Vulnerability
Product: Microsoft Microsoft Management Console
CVSS Score: 7.8
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27914
CVE-2026-27917 - Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) Elevation of Privilege Vulnerability
Product: Microsoft Windows WFP NDIS Lightweight Filter Driver
CVSS Score: 7.0
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27917
CVE-2026-32188, CVE-2026-32189, CVE-2026-32197 through CVE-2026-32200 - Microsoft Excel Information Disclosure Vulnerabilities
Product: Microsoft Excel
CVSS Score: 7.1 - 7.8
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32188
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32189
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32197
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32198
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32199
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32200
CVE-2026-27926 - Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Product: Microsoft Windows Cloud Files Mini Filter Driver
CVSS Score: 7.0
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27926
CVE-2026-27928 - Windows Hello Security Feature Bypass Vulnerability
Product: Microsoft Windows Hello
CVSS Score: 8.7
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27928
CVE-2026-27929 - Windows LUA File Virtualization Filter Driver Elevation of Privilege Vulnerability
Product: Microsoft Windows LUAFV
CVSS Score: 7.0
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27929
CVE-2026-32070 - Windows Common Log File System Driver Elevation of Privilege Vulnerability
Product: Microsoft Windows Common Log File System Driver
CVSS Score: 7.0
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32070
CVE-2026-32071 - Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability
Product: Microsoft Windows Local Security Authority Subsystem Service (LSASS)
CVSS Score: 7.5
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32071
CVE-2026-32080 - Windows WalletService Elevation of Privilege Vulnerability
Product: Microsoft Windows WalletService
CVSS Score: 7.0
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32080
CVE-2026-32162 - Windows COM Elevation of Privilege Vulnerability
Product: Microsoft Windows COM
CVSS Score: 8.4
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32162
CVE-2026-32168, CVE-2026-32192 - Azure Monitor Agent Elevation of Privilege Vulnerabilities
Product: Microsoft Azure Monitor Agent
CVSS Score: 7.8
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32168
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32192
CVE-2026-32171 - Azure Logic Apps Elevation of Privilege Vulnerability
Product: Microsoft Azure Logic Apps
CVSS Score: 8.8
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32171
CVE-2026-32183 - Windows Snipping Tool Remote Code Execution Vulnerability
Product: Microsoft Windows Snipping Tool
CVSS Score: 7.8
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32183
CVE-2026-32184 - Microsoft High Performance Compute (HPC) Pack Elevation of Privilege Vulnerability
Product: Microsoft High Performance Compute Pack (HPC)
CVSS Score: 7.8
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32184
CVE-2026-32221 - Windows Graphics Component Remote Code Execution Vulnerability
Product: Microsoft Microsoft Graphics Component
CVSS Score: 8.4
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32221
CVE-2026-32222, CVE-2026-33104 - Windows Win32k Elevation of Privilege Vulnerabilities
Product: Microsoft Windows Win32K
CVSS Scores: 7.0 - 7.8
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32222
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33104
CVE-2026-33096 - HTTP.sys Denial of Service Vulnerability
Product: Microsoft Windows HTTP.sys
CVSS Score: 7.5
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33096
CVE-2026-33098 - Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability
Product: Microsoft Windows Container Isolation FS Filter Driver
CVSS Score: 7.8
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33098
CVE-2026-33101 - Windows Print Spooler Elevation of Privilege Vulnerability
Product: Microsoft Windows Print Spooler Components
CVSS Score: 7.8
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33101
CVE-2026-33120 - Microsoft SQL Server Remote Code Execution Vulnerability
Product: Microsoft SQL Server
CVSS Score: 8.8
ISC Diary: https://isc.sans.edu/diary/32898
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33120
CVE-2026-34457 - OAuth2 Proxy prior to version 7.15.2 is vulnerable to an authentication bypass when used with certain configurations, allowing unauthenticated remote attackers to access protected resources.
Product: OAuth2 Proxy
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-34457
NVD References: https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-5hvv-m4w4-gf6v
Sponsors
Wiz
2026 Cloud Threats Report 80% of cloud breaches still start with the basics - and AI is making them faster. Get insights on the patterns behind today’s cloud attacks with the 2026 Cloud Threats Retrospective Report.
SANS
Webinar | What's Working & What's Ahead in Cyber Defense | Thursday, April 30, 2026 at 8:30 AM ET
SANS
Exposure Management Track at Spring Cyber Solutions Fest 2026 | Thursday, May 7 at 10:00 AM ET with chair Jonathan Risto
SANS
Webinar | Agentic Exploitation: Why Threat Feeds are the New Critical Business Vulnerability | Tuesday, April 28 at 1:00 PM ET