Month: January 2026

Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-20865 Windows Management Services Elevation of Privilege Vulnerability→

Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-20871 Desktop Windows Manager Elevation of Privilege Vulnerability→

Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-20864 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability→

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. Continue reading CVE-2026-20868 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability→

Access of resource using incompatible type (‘type confusion’) in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-20860 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability→

Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Management Services allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-20866 Windows Management Services Elevation of Privilege Vulnerability→

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-20859 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability→

Exposure of sensitive information to an unauthorized actor in Windows Management Services allows an authorized attacker to disclose information locally. Continue reading CVE-2026-20862 Windows Management Services Information Disclosure Vulnerability→