Month: January 2026

Use after free in Windows DWM allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-20842 Microsoft DWM Core Library Elevation of Privilege Vulnerability→

Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally. Continue reading CVE-2026-20951 Microsoft SharePoint Server Remote Code Execution Vulnerability→

Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally. Continue reading CVE-2026-20840 Windows NTFS Remote Code Execution Vulnerability→

Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to execute code locally. Continue reading CVE-2026-20944 Microsoft Word Remote Code Execution Vulnerability→

Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to disclose information locally. Continue reading CVE-2026-20839 Windows Client-Side Caching (CSC) Service Information Disclosure Vulnerability→

Heap-based buffer overflow in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-20940 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability→

Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally. Continue reading CVE-2026-20838 Windows Kernel Information Disclosure Vulnerability→

Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows SMB Server allows an authorized attacker to elevate privileges over a network. Continue reading CVE-2026-20934 Windows SMB Server Elevation of Privilege Vulnerability→