Month: January 2026

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally. Continue reading CVE-2026-20823 Windows File Explorer Information Disclosure Vulnerability→

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Continue reading CVE-2026-20957 Microsoft Excel Remote Code Execution Vulnerability→

Windows Secure Boot stores Microsoft certificates in the UEFI KEK and DB. These original certificates are approaching expiration, and devices containing affected certificate versions must update them to maintain Secure Boot functionality and avoid comp… Continue reading CVE-2026-21265 Secure Boot Certificate Expiration Security Feature Bypass Vulnerability→

Use of uninitialized resource in Dynamic Root of Trust for Measurement (DRTM) allows an authorized attacker to disclose information locally. Continue reading CVE-2026-20962 Dynamic Root of Trust for Measurement (DRTM) Information Disclosure Vulnerability→

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Continue reading CVE-2026-20952 Microsoft Office Remote Code Execution Vulnerability→

Improper access control in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally. Continue reading CVE-2026-20949 Microsoft Excel Security Feature Bypass Vulnerability→

Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Management Services allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-20918 Windows Management Services Elevation of Privilege Vulnerability→

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally. Continue reading CVE-2026-20939 Windows File Explorer Information Disclosure Vulnerability→