Month: January 2026

Access of resource using incompatible type (‘type confusion’) in Windows Win32K – ICOMP allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-20811 Win32k Elevation of Privilege Vulnerability→

Untrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally. Continue reading CVE-2026-20943 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability→

Free of memory not on the heap in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-20810 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability→

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally. Continue reading CVE-2026-20932 Windows File Explorer Information Disclosure Vulnerability→

Improper access control in Windows Deployment Services allows an unauthorized attacker to execute code over an adjacent network. Continue reading CVE-2026-0386 Windows Deployment Services Remote Code Execution Vulnerability→

Missing authentication for critical function in SQL Server allows an authorized attacker to elevate privileges over a network. Continue reading CVE-2026-20803 Microsoft SQL Server Elevation of Privilege Vulnerability→

Improper verification of cryptographic signature in Windows Admin Center allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-20965 Windows Admin Center Elevation of Privilege Vulnerability→

Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally. Continue reading CVE-2026-20805 Desktop Window Manager Information Disclosure Vulnerability→