Month: January 2026

Absolute path traversal in Windows Shell allows an unauthorized attacker to perform spoofing with a physical attack. Continue reading CVE-2026-20834 Windows Spoofing Vulnerability→

Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows SMB Server allows an authorized attacker to elevate privileges over a network. Continue reading CVE-2026-20921 Windows SMB Server Elevation of Privilege Vulnerability→

Use of a broken or risky cryptographic algorithm in Windows Kerberos allows an authorized attacker to disclose information locally. Continue reading CVE-2026-20833 Windows Kerberos Information Disclosure Vulnerability→

Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows SMB Server allows an authorized attacker to elevate privileges over a network. Continue reading CVE-2026-20919 Windows SMB Server Elevation of Privilege Vulnerability→

Information published. Continue reading CVE-2026-20832 Windows Remote Procedure Call Interface Definition Language (IDL) Elevation of Privilege Vulnerability→

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. Continue reading CVE-2026-20948 Microsoft Word Remote Code Execution Vulnerability→

Time-of-check time-of-use (toctou) race condition in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-20831 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability→

Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an unauthorized attacker to disclose information locally. Continue reading CVE-2026-20935 Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability→