|
111
|
7.8 |
HIGH
Local
|
microsoft
|
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2019
windows_server_2022
windows_server_2022_…
|
Use after free in Windows User Interface Core allows an authorized attacker to elevate privileges locally.
Update
|
CWE-362
CWE-416
Race Condition
Use After Free
|
CVE-2026-32165
|
2026-04-21 01:42 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
112
|
8.8 |
HIGH
Network
|
dataease
|
dataease
|
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /datasource/getTableField endpoint. The getTableFiledSql …
Update
|
CWE-89
SQL Injection
|
CVE-2026-33207
|
2026-04-21 01:41 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
113
|
5.5 |
MEDIUM
Local
|
microsoft
|
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2022
windows_server_2022_23h2
windows_server_2025
|
Improper privilege management in Microsoft Windows allows an authorized attacker to deny service locally.
Update
|
CWE-269
Improper Privilege Management
|
CVE-2026-32181
|
2026-04-21 01:40 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
114
|
9.8 |
CRITICAL
Network
|
dataease
|
dataease
|
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource update process. When a new table definitio…
Update
|
CWE-89
SQL Injection
|
CVE-2026-33122
|
2026-04-21 01:40 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
115
|
7.8 |
HIGH
Local
|
microsoft
|
windows_10_1607
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2012
windows_server_2016
w…
|
Improper neutralization of special elements used in a command ('command injection') in Windows Snipping Tool allows an unauthorized attacker to execute code locally.
Update
|
CWE-77
Command Injection
|
CVE-2026-32183
|
2026-04-21 01:40 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
116
|
7.8 |
HIGH
Local
|
microsoft
|
defender_antimalware_platform
|
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.
Update
|
CWE-1220
Insufficient Granularity of Access Control
|
CVE-2026-33825
|
2026-04-21 01:37 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
117
|
8.8 |
HIGH
Network
|
dataease
|
dataease
|
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource saving process. The deTableName field from…
Update
|
CWE-89
SQL Injection
|
CVE-2026-33121
|
2026-04-21 01:37 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
118
|
7.0 |
HIGH
Local
|
microsoft
|
windows_11_26h1
|
Stack-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
Update
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-32195
|
2026-04-21 01:37 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
119
|
8.8 |
HIGH
Network
|
dataease
|
dataease
|
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the sort parameter of the /de2api/datasetData/enumValueObj en…
Update
|
CWE-89
SQL Injection
|
CVE-2026-33084
|
2026-04-21 01:36 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
120
|
8.8 |
HIGH
Network
|
dataease
|
dataease
|
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the orderDirection parameter used in dataset-related endpoint…
Update
|
CWE-89
SQL Injection
|
CVE-2026-33083
|
2026-04-21 01:35 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
