Total
5024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-20934 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-01-16 | N/A | 7.5 HIGH |
|
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.
|
|||||
| CVE-2026-20932 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2026-01-16 | N/A | 5.5 MEDIUM |
|
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
|
|||||
| CVE-2026-20931 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-01-16 | N/A | 8.0 HIGH |
|
External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network.
|
|||||
| CVE-2026-20929 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more | 2026-01-16 | N/A | 7.5 HIGH |
|
Improper access control in Windows HTTP.sys allows an authorized attacker to elevate privileges over a network.
|
|||||
| CVE-2026-20927 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-01-16 | N/A | 5.3 MEDIUM |
|
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to deny service over a network.
|
|||||
| CVE-2026-20926 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-01-16 | N/A | 7.5 HIGH |
|
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.
|
|||||
| CVE-2026-20925 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-01-16 | N/A | 6.5 MEDIUM |
|
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
|
|||||
| CVE-2026-20875 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-01-15 | N/A | 7.5 HIGH |
|
Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.
|
|||||
| CVE-2026-20919 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-01-15 | N/A | 7.5 HIGH |
|
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.
|
|||||
| CVE-2026-20921 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-01-15 | N/A | 7.5 HIGH |
|
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.
|
|||||
| CVE-2026-20922 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-01-15 | N/A | 7.8 HIGH |
|
Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.
|
|||||
| CVE-2026-20872 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-01-15 | N/A | 6.5 MEDIUM |
|
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
|
|||||
| CVE-2026-20869 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-01-15 | N/A | 7.0 HIGH |
|
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Local Session Manager (LSM) allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2026-20860 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-01-15 | N/A | 7.8 HIGH |
|
Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2026-20856 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-01-15 | N/A | 8.1 HIGH |
|
Improper input validation in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
|
|||||
| CVE-2026-20836 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2026-01-15 | N/A | 7.0 HIGH |
|
Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2026-20834 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-01-15 | N/A | 4.6 MEDIUM |
|
Absolute path traversal in Windows Shell allows an unauthorized attacker to perform spoofing with a physical attack.
|
|||||
| CVE-2026-20833 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2026-01-15 | N/A | 5.5 MEDIUM |
|
Use of a broken or risky cryptographic algorithm in Windows Kerberos allows an authorized attacker to disclose information locally.
|
|||||
| CVE-2026-20832 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2026-01-15 | N/A | 7.8 HIGH |
|
Windows Remote Procedure Call Interface Definition Language (IDL) Elevation of Privilege Vulnerability
|
|||||
| CVE-2026-20831 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-01-15 | N/A | 7.8 HIGH |
|
Time-of-check time-of-use (toctou) race condition in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2026-20839 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-01-15 | N/A | 5.5 MEDIUM |
|
Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to disclose information locally.
|
|||||
| CVE-2026-20840 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-01-15 | N/A | 7.8 HIGH |
|
Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.
|
|||||
| CVE-2026-20843 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-01-15 | N/A | 7.8 HIGH |
|
Improper access control in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2026-20844 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2026-01-15 | N/A | 7.4 HIGH |
|
Use after free in Windows Clipboard Server allows an unauthorized attacker to elevate privileges locally.
|
|||||
| CVE-2026-20847 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-01-15 | N/A | 6.5 MEDIUM |
|
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to perform spoofing over a network.
|
|||||
| CVE-2026-20848 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-01-15 | N/A | 7.5 HIGH |
|
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.
|
|||||
| CVE-2026-20849 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-01-15 | N/A | 7.5 HIGH |
|
Reliance on untrusted inputs in a security decision in Windows Kerberos allows an authorized attacker to elevate privileges over a network.
|
|||||
| CVE-2026-20852 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2026-01-15 | N/A | 7.7 HIGH |
|
Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally.
|
|||||
| CVE-2026-20823 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2026-01-15 | N/A | 5.5 MEDIUM |
|
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
|
|||||
| CVE-2026-20824 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-01-15 | N/A | 5.5 MEDIUM |
|
Protection mechanism failure in Windows Remote Assistance allows an unauthorized attacker to bypass a security feature locally.
|
|||||
| CVE-2026-20826 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2026-01-15 | N/A | 7.8 HIGH |
|
Concurrent execution using shared resource with improper synchronization ('race condition') in Tablet Windows User Interface (TWINUI) Subsystem allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2026-20827 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2026-01-15 | N/A | 5.5 MEDIUM |
|
Exposure of sensitive information to an unauthorized actor in Tablet Windows User Interface (TWINUI) Subsystem allows an authorized attacker to disclose information locally.
|
|||||
| CVE-2026-20828 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-01-15 | N/A | 4.6 MEDIUM |
|
Out-of-bounds read in Windows Internet Connection Sharing (ICS) allows an unauthorized attacker to disclose information with a physical attack.
|
|||||
| CVE-2026-20822 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2026-01-14 | N/A | 7.8 HIGH |
|
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2026-20821 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-01-14 | N/A | 6.2 MEDIUM |
|
Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an unauthorized attacker to disclose information locally.
|
|||||
| CVE-2026-20820 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-01-14 | N/A | 7.8 HIGH |
|
Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2026-20818 | 1 Microsoft | 5 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 2 more | 2026-01-14 | N/A | 6.2 MEDIUM |
|
Insertion of sensitive information into log file in Windows Kernel allows an unauthorized attacker to disclose information locally.
|
|||||
| CVE-2026-20816 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-01-14 | N/A | 7.8 HIGH |
|
Time-of-check time-of-use (toctou) race condition in Windows Installer allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2026-20814 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2026-01-14 | N/A | 7.0 HIGH |
|
Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2026-20812 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2026-01-14 | N/A | 6.5 MEDIUM |
|
Improper input validation in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to perform tampering over a network.
|
|||||