Month: January 2026

Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally. Continue reading CVE-2026-20838 Windows Kernel Information Disclosure Vulnerability→

Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows SMB Server allows an authorized attacker to elevate privileges over a network. Continue reading CVE-2026-20934 Windows SMB Server Elevation of Privilege Vulnerability→

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally. Continue reading CVE-2026-20837 Windows Media Remote Code Execution Vulnerability→

Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows SMB Server allows an authorized attacker to deny service over a network. Continue reading CVE-2026-20927 Windows SMB Server Denial of Service Vulnerability→

Concurrent execution using shared resource with improper synchronization (‘race condition’) in Graphics Kernel allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-20836 DirectX Graphics Kernel Elevation of Privilege Vulnerability→

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network. Continue reading CVE-2026-20925 NTLM Hash Disclosure Spoofing Vulnerability→

Out-of-bounds read in Capability Access Management Service (camsvc) allows an authorized attacker to disclose information locally. Continue reading CVE-2026-20835 Capability Access Management Service (camsvc) Information Disclosure Vulnerability→

Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-20923 Windows Management Services Elevation of Privilege Vulnerability→