Microsoft: Security Vulnerabilities
Improper neutralization of special elements used in a command ('command injection') in Windows Snipping Tool allows an unauthorized attacker to execute code locally.
CVSS Score
7.8
EPSS Score
0.001
Published
2026-04-14
Use after free in Windows User Interface Core allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-04-14
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.
CVSS Score
6.7
EPSS Score
0.001
Published
2026-04-14
Improper input validation in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.001
Published
2026-04-14
Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.
CVSS Score
8.8
EPSS Score
0.001
Published
2026-04-14
Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate privileges locally.
CVSS Score
8.4
EPSS Score
0.0
Published
2026-04-14
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-04-14
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-04-14
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVSS Score
8.8
EPSS Score
0.001
Published
2026-04-14
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-04-14