CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2026-32202	High	—	MicrosoftWindows	Microsoft Windows Shell contains a protection mechanism failure vulnerability that allows an unauthorized attacker to perform spoofing over a network.	Apr 28, 2026	KEV
CVE-2026-33825	High	—	MicrosoftDefender	Microsoft Defender contains an insufficient granularity of access control vulnerability that could allow an authorized attacker to escalate privileges locally.	Apr 22, 2026	KEV
CVE-2009-0238	High	—	MicrosoftOffice	Microsoft Office Excel contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system if a user opens a specially crafted Excel file that includes a malformed object.	Apr 14, 2026	KEV
CVE-2026-32201	High	—	MicrosoftSharePoint Server	Microsoft SharePoint Server contains an improper input validation vulnerability that allows an unauthorized attacker to perform spoofing over a network.	Apr 14, 2026	KEV
CVE-2012-1854	High	—	MicrosoftVisual Basic for Applications (VBA)	Microsoft Visual Basic for Applications (VBA) contains an insecure library loading vulnerability that could allow for remote code execution.	Apr 13, 2026	KEV
CVE-2025-60710	High	—	MicrosoftWindows	Microsoft Windows contains a link following vulnerability that allows for privilege escalation	Apr 13, 2026	KEV
CVE-2023-21529	High	—	MicrosoftExchange Server	Microsoft Exchange Server contains a deserialization of untrusted data that allows an authenticated attacker to achieve remote code execution.	Apr 13, 2026	KEV
CVE-2023-36424	High	—	MicrosoftWindows	Microsoft Windows Common Log File System Driver contains an out-of-bounds read vulnerability that could allow a threat actor for privileges escalation	Apr 13, 2026	KEV
CVE-2026-5281	High	—	GoogleDawn	Google Dawn contains an use-after-free vulnerability that could allow a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. This vulnerability could affect multiple Chromium-based products including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Apr 1, 2026	KEV
CVE-2026-24285(1)	Info	0.0%	—	Referenced in article: Microsoft March 2026 Patch Tuesday fixes 2 zero-days, 79 flaws	Mar 28, 2026	—
CVE-2026-23672(1)	Info	0.0%	—	Referenced in article: Microsoft March 2026 Patch Tuesday fixes 2 zero-days, 79 flaws	Mar 28, 2026	—
CVE-2026-25188(1)	Info	0.1%	—	Referenced in article: Microsoft March 2026 Patch Tuesday fixes 2 zero-days, 79 flaws	Mar 28, 2026	—
CVE-2026-25166(1)	Info	0.4%	—	Referenced in article: Microsoft March 2026 Patch Tuesday fixes 2 zero-days, 79 flaws	Mar 28, 2026	—
CVE-2026-26128(1)	Info	0.0%	—	Referenced in article: Microsoft March 2026 Patch Tuesday fixes 2 zero-days, 79 flaws	Mar 28, 2026	—
CVE-2026-25185(1)	Info	0.1%	—	Referenced in article: Microsoft March 2026 Patch Tuesday fixes 2 zero-days, 79 flaws	Mar 28, 2026	—
CVE-2026-25172(3)	Info	0.1%	—	Referenced in article: Microsoft March 2026 Patch Tuesday fixes 2 zero-days, 79 flaws	Mar 28, 2026	—
CVE-2026-25173(3)	Info	0.1%	—	Referenced in article: Microsoft March 2026 Patch Tuesday fixes 2 zero-days, 79 flaws	Mar 28, 2026	—
CVE-2026-26111(3)	Info	0.1%	—	Referenced in article: Microsoft March 2026 Patch Tuesday fixes 2 zero-days, 79 flaws	Mar 28, 2026	—
CVE-2026-23673(1)	Info	0.0%	—	Referenced in article: Microsoft March 2026 Patch Tuesday fixes 2 zero-days, 79 flaws	Mar 28, 2026	—
CVE-2026-24290(1)	Info	0.0%	—	Referenced in article: Microsoft March 2026 Patch Tuesday fixes 2 zero-days, 79 flaws	Mar 28, 2026	—

CVE-2026-32202KEV

High

Microsoft Windows Shell contains a protection mechanism failure vulnerability that allows an unauthorized attacker to perform spoofing over a network.

Microsoft

CVE-2026-33825KEV

High

Microsoft Defender contains an insufficient granularity of access control vulnerability that could allow an authorized attacker to escalate privileges locally.

Microsoft

CVE-2009-0238KEV

High

Microsoft Office Excel contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system if a user opens a specially crafted Excel file that includes a malformed object.

Microsoft

CVE-2026-32201KEV

High

Microsoft SharePoint Server contains an improper input validation vulnerability that allows an unauthorized attacker to perform spoofing over a network.

Microsoft

CVE-2012-1854KEV

High

Microsoft Visual Basic for Applications (VBA) contains an insecure library loading vulnerability that could allow for remote code execution.

Microsoft

CVE-2025-60710KEV

High

Microsoft Windows contains a link following vulnerability that allows for privilege escalation

Microsoft

CVE-2023-21529KEV

High

Microsoft Exchange Server contains a deserialization of untrusted data that allows an authenticated attacker to achieve remote code execution.

Microsoft

CVE-2023-36424KEV

High

Microsoft Windows Common Log File System Driver contains an out-of-bounds read vulnerability that could allow a threat actor for privileges escalation

Microsoft

CVE-2026-5281KEV

High

Google Dawn contains an use-after-free vulnerability that could allow a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. This vulnerability could affect multiple Chromium-based products including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Google

CVE-2026-24285

Info