| | CVE-2026-6307 |  Red Hat | high | 8.8 | — | | A type confusion flaw was found in the Turbofan component of the Chromium browser.
Upstream bug(s):
… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-6362 | Red Hat | high | 9.6 | — | | An use after free flaw was found in the Codecs component of the Chromium browser.
Upstream bug(s):
h… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-6360 | Red Hat | high | 9.6 | — | | An use after free flaw was found in the FileSystem component of the Chromium browser.
Upstream bug(s… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-6319 | Red Hat | medium | 9.6 | — | | An use after free flaw was found in the Payments component of the Chromium browser.
Upstream bug(s):… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-40688 |  Fortinet | high | 7.2 | 0.6%
| | An out-of-bounds write vulnerability [CWE-787] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.… | Apr 14, 2026 | Apr 20, 2026 |
| | CVE-2026-33822 |  Microsoft | medium | 6.1 | 0.1%
| | Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information … | Apr 14, 2026 | Apr 29, 2026 |
| | CVE-2026-33120 | Microsoft | high | 8.8 | 0.1%
| | Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a net… | Apr 14, 2026 | May 6, 2026 |
| | CVE-2026-33116 | Microsoft | high | 7.5 | 0.8%
| | Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows… | Apr 14, 2026 | May 6, 2026 |
| | CVE-2026-33115 | Microsoft | high | 8.4 | 0.1%
| | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | Apr 14, 2026 | Apr 29, 2026 |
| | CVE-2026-33114 | Microsoft | high | 8.4 | 0.1%
| | Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute co… | Apr 14, 2026 | Apr 29, 2026 |
| | CVE-2026-33103 | Microsoft | medium | 5.5 | 0.0%
| | Improper access control in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to dis… | Apr 14, 2026 | Apr 28, 2026 |
| | CVE-2026-33095 | Microsoft | high | 7.8 | 0.1%
| | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | Apr 14, 2026 | Apr 29, 2026 |
| | CVE-2026-32226 | Microsoft | medium | 5.9 | 0.1%
| | Concurrent execution using shared resource with improper synchronization ('race condition') in .NET … | Apr 14, 2026 | May 6, 2026 |
| | CVE-2026-32203 | Microsoft | high | 7.5 | 0.1%
| | Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny servic… | Apr 14, 2026 | May 6, 2026 |
| | CVE-2026-32200 | Microsoft | high | 7.8 | 0.1%
| | Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locall… | Apr 14, 2026 | Apr 28, 2026 |
| | CVE-2026-32199 | Microsoft | high | 7.8 | 0.1%
| | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | Apr 14, 2026 | Apr 28, 2026 |
| | CVE-2026-32198 | Microsoft | high | 7.8 | 0.1%
| | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | Apr 14, 2026 | Apr 28, 2026 |
| | CVE-2026-32197 | Microsoft | high | 7.8 | 0.1%
| | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | Apr 14, 2026 | Apr 28, 2026 |
| | CVE-2026-32196 | Microsoft | medium | 6.1 | 0.0%
| | Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admi… | Apr 14, 2026 | Apr 28, 2026 |
| | CVE-2026-32192 | Microsoft | high | 7.8 | 0.5%
| | Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate pr… | Apr 14, 2026 | May 7, 2026 |
| | CVE-2026-32190 | Microsoft | high | 8.4 | 0.1%
| | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | Apr 14, 2026 | Apr 29, 2026 |
| | CVE-2026-32189 | Microsoft | high | 7.8 | 0.1%
| | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | Apr 14, 2026 | Apr 29, 2026 |
| | CVE-2026-32188 | Microsoft | high | 7.1 | 0.1%
| | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information… | Apr 14, 2026 | Apr 29, 2026 |
| | CVE-2026-32184 | Microsoft | high | 7.8 | 0.5%
| | Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an authori… | Apr 14, 2026 | May 6, 2026 |
| | CVE-2026-32178 | Microsoft | high | 7.5 | 0.0%
| | Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoof… | Apr 14, 2026 | May 7, 2026 |
| | CVE-2026-32176 | Microsoft | medium | 6.7 | 0.1%
| | Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server a… | Apr 14, 2026 | May 7, 2026 |
| | CVE-2026-32171 | Microsoft | high | 8.8 | 0.1%
| | Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate pr… | Apr 14, 2026 | Apr 27, 2026 |
| | CVE-2026-32168 | Microsoft | high | 7.8 | 0.1%
| | Improper input validation in Azure Monitor Agent allows an authorized attacker to elevate privileges… | Apr 14, 2026 | May 6, 2026 |
| | CVE-2026-32167 | Microsoft | medium | 6.7 | 0.1%
| | Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server a… | Apr 14, 2026 | May 7, 2026 |
| | CVE-2026-32157 | Microsoft | high | 8.8 | 0.1%
| | Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a netwo… | Apr 14, 2026 | May 7, 2026 |
| | CVE-2026-26171 | Microsoft | high | 7.5 | 0.5%
| | Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a net… | Apr 14, 2026 | May 7, 2026 |
| | CVE-2026-26149 | Microsoft | critical | 9.0 | 0.1%
| | Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an auth… | Apr 14, 2026 | May 7, 2026 |
| | CVE-2026-26143 | Microsoft | high | 7.8 | 0.1%
| | Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a securi… | Apr 14, 2026 | Apr 27, 2026 |
| | CVE-2026-23666 | Microsoft | high | 7.5 | 0.1%
| | Improper input validation in .NET Framework allows an unauthorized attacker to deny service over a n… | Apr 14, 2026 | May 7, 2026 |
| | CVE-2026-23657 | Microsoft | high | 7.8 | 0.1%
| | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | Apr 14, 2026 | Apr 29, 2026 |
| | CVE-2026-23653 | Microsoft | medium | 5.7 | 0.1%
| | Improper neutralization of special elements used in a command ('command injection') in GitHub Copilo… | Apr 14, 2026 | May 6, 2026 |
| | CVE-2026-20945 | Microsoft | medium | 4.6 | 0.0%
| | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of… | Apr 14, 2026 | May 6, 2026 |
| | CVE-2026-32214 | Microsoft | medium | 5.5 | 0.0%
| | Improper access control in Universal Plug and Play (upnp.dll) allows an authorized attacker to discl… | Apr 14, 2026 | Apr 24, 2026 |
| | CVE-2026-33829 | Microsoft | medium | 4.3 | 0.0%
| | Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauth… | Apr 14, 2026 | Apr 24, 2026 |
| | CVE-2026-33824 | Microsoft | critical | 9.8 | 0.1%
| | Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network. | Apr 14, 2026 | Apr 24, 2026 |
| | CVE-2026-33827 | Microsoft | high | 8.1 | 0.1%
| | Concurrent execution using shared resource with improper synchronization ('race condition') in Windo… | Apr 14, 2026 | Apr 24, 2026 |
| | CVE-2026-33104 | Microsoft | high | 7.0 | 0.0%
| | Concurrent execution using shared resource with improper synchronization ('race condition') in Windo… | Apr 14, 2026 | Apr 24, 2026 |
| | CVE-2026-33101 | Microsoft | high | 7.8 | 0.0%
| | Use after free in Windows Print Spooler Components allows an authorized attacker to elevate privileg… | Apr 14, 2026 | Apr 24, 2026 |
| | CVE-2026-33100 | Microsoft | high | 7.0 | 0.0%
| | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to ele… | Apr 14, 2026 | Apr 24, 2026 |
| | CVE-2026-33099 | Microsoft | high | 7.0 | 0.0%
| | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to ele… | Apr 14, 2026 | Apr 24, 2026 |
| | CVE-2026-32225 | Microsoft | high | 8.8 | 0.1%
| | Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security f… | Apr 14, 2026 | Apr 24, 2026 |
| | CVE-2026-32201 | Microsoft | medium | 6.5 | 7.9%
| ⚠ KEV | Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform … | Apr 14, 2026 | Apr 24, 2026 |
| | CVE-2026-32164 | Microsoft | high | 7.8 | 0.0%
| | Concurrent execution using shared resource with improper synchronization ('race condition') in Windo… | Apr 14, 2026 | Apr 24, 2026 |
| | CVE-2026-32163 | Microsoft | high | 7.8 | 0.0%
| | Concurrent execution using shared resource with improper synchronization ('race condition') in Windo… | Apr 14, 2026 | Apr 24, 2026 |
| | CVE-2026-32162 | Microsoft | high | 8.4 | 0.0%
| | Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized atta… | Apr 14, 2026 | Apr 24, 2026 |