Month: January 2026

Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally. Continue reading CVE-2026-20804 Windows Hello Tampering Vulnerability→

Time-of-check time-of-use (toctou) race condition in Windows Kernel Memory allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-20809 Windows Kernel Memory Elevation of Privilege Vulnerability→

Concurrent execution using shared resource with improper synchronization (‘race condition’) in Printer Association Object allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-20808 Windows File Explorer Elevation of Privilege Vulnerability→

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Continue reading CVE-2026-20953 Microsoft Office Remote Code Execution Vulnerability→

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network. Continue reading CVE-2026-20872 NTLM Hash Disclosure Spoofing Vulnerability→

Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Management Services allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-20861 Windows Management Services Elevation of Privilege Vulnerability→

Use after free in Windows Win32K – ICOMP allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-20920 Win32k Elevation of Privilege Vulnerability→

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally. Continue reading CVE-2026-20937 Windows File Explorer Information Disclosure Vulnerability→