Peter Leibling – Seite 119

CVE-2026-23666 .NET Framework Denial of Service Vulnerability

Concurrent execution using shared resource with improper synchronization (‚race condition‘) in .NET Framework allows an unauthorized attacker to deny service over a network.

CVE-2026-27915 Windows UPnP Device Host Elevation of Privilege Vulnerability

Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.

CVE-2026-23657 Microsoft Word Remote Code Execution Vulnerability

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-32160 Windows Push Notifications Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization (‚race condition‘) in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

CVE-2026-27907 Windows Storage Spaces Controller Elevation of Privilege Vulnerability

Integer underflow (wrap or wraparound) in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.

CVE-2026-20806 Windows COM Server Information Disclosure Vulnerability

Access of resource using incompatible type (‚type confusion‘) in Windows COM allows an authorized attacker to disclose information locally.

CVE-2026-32212 Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability

Improper link resolution before file access (‚link following‘) in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.

CVE-2026-33116 .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

Loop with unreachable exit condition (‚infinite loop‘) in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network.

CVE-2026-32226 .NET Framework Denial of Service Vulnerability