Month: January 2026

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-20859 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability→

Exposure of sensitive information to an unauthorized actor in Windows Management Services allows an authorized attacker to disclose information locally. Continue reading CVE-2026-20862 Windows Management Services Information Disclosure Vulnerability→

Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-20858 Windows Management Services Elevation of Privilege Vulnerability→

Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. Continue reading CVE-2026-21219 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability→

Untrusted pointer dereference in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-20857 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability→

Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows WalletService allows an unauthorized attacker to elevate privileges locally. Continue reading CVE-2026-20853 Windows WalletService Elevation of Privilege Vulnerability→

Improper input validation in Windows Server Update Service allows an unauthorized attacker to execute code over a network. Continue reading CVE-2026-20856 Windows Server Update Service (WSUS) Remote Code Execution Vulnerability→

Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows SMB Server allows an authorized attacker to elevate privileges over a network. Continue reading CVE-2026-20848 Windows SMB Server Elevation of Privilege Vulnerability→