Month: January 2026

Out-of-bounds read in Windows TPM allows an authorized attacker to disclose information locally. Continue reading CVE-2026-20829 TPM Trustlet Information Disclosure Vulnerability→

Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Management Services allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-20874 Windows Management Services Elevation of Privilege Vulnerability→

Out-of-bounds read in Windows Internet Connection Sharing (ICS) allows an unauthorized attacker to disclose information with a physical attack. Continue reading CVE-2026-20828 Windows rndismp6.sys Information Disclosure Vulnerability→

Use after free in Windows Win32K – ICOMP allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-20870 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability→

Exposure of sensitive information to an unauthorized actor in Tablet Windows User Interface (TWINUI) Subsystem allows an authorized attacker to disclose information locally. Continue reading CVE-2026-20827 Tablet Windows User Interface (TWINUI) Subsystem Information Disclosure Vulnerability→

Double free in Windows Win32K – ICOMP allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-20863 Win32k Elevation of Privilege Vulnerability→

Concurrent execution using shared resource with improper synchronization (‘race condition’) in Tablet Windows User Interface (TWINUI) Subsystem allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-20826 Tablet Windows User Interface (TWINUI) Subsystem Information Disclosure Vulnerability→

Use after free in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to execute code over a network. Continue reading CVE-2026-20854 Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability→