Month: January 2026

Improper link resolution before file access (‘link following’) in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-20941 Host Process for Windows Tasks Elevation of Privilege Vulnerability→

Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network. Continue reading CVE-2026-21226 Azure Core shared client library for Python Remote Code Execution Vulnerability→

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally. Continue reading CVE-2026-20823 Windows File Explorer Information Disclosure Vulnerability→

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Continue reading CVE-2026-20957 Microsoft Excel Remote Code Execution Vulnerability→

Windows Secure Boot stores Microsoft certificates in the UEFI KEK and DB. These original certificates are approaching expiration, and devices containing affected certificate versions must update them to maintain Secure Boot functionality and avoid comp… Continue reading CVE-2026-21265 Secure Boot Certificate Expiration Security Feature Bypass Vulnerability→

Use of uninitialized resource in Dynamic Root of Trust for Measurement (DRTM) allows an authorized attacker to disclose information locally. Continue reading CVE-2026-20962 Dynamic Root of Trust for Measurement (DRTM) Information Disclosure Vulnerability→

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Continue reading CVE-2026-20952 Microsoft Office Remote Code Execution Vulnerability→

Improper access control in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally. Continue reading CVE-2026-20949 Microsoft Excel Security Feature Bypass Vulnerability→