Latest CVE Feed
-
7.5
HIGHCVE-2026-20848
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 +5 more products- Published: Jan. 13, 2026
- Modified: Jan. 15, 2026
-
7.5
HIGHCVE-2026-20849
Reliance on untrusted inputs in a security decision in Windows Kerberos allows an authorized attacker to elevate privileges over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 +8 more products- Published: Jan. 13, 2026
- Modified: Jan. 15, 2026
-
6.2
MEDIUMCVE-2026-20851
Out-of-bounds read in Capability Access Management Service (camsvc) allows an unauthorized attacker to disclose information locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 15, 2026
-
7.7
HIGHCVE-2026-20852
Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 +3 more products- Published: Jan. 13, 2026
- Modified: Jan. 15, 2026
-
7.4
HIGHCVE-2026-20853
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows WalletService allows an unauthorized attacker to elevate privileges locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 15, 2026
-
7.5
HIGHCVE-2026-20854
Use after free in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to execute code over a network.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 15, 2026
-
5.5
MEDIUMCVE-2026-20823
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 +3 more products- Published: Jan. 13, 2026
- Modified: Jan. 15, 2026
-
5.5
MEDIUMCVE-2026-20824
Protection mechanism failure in Windows Remote Assistance allows an unauthorized attacker to bypass a security feature locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 +5 more products- Published: Jan. 13, 2026
- Modified: Jan. 15, 2026
-
4.4
MEDIUMCVE-2026-20825
Improper access control in Windows Hyper-V allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 +1 more products- Published: Jan. 13, 2026
- Modified: Jan. 15, 2026
-
7.8
HIGHCVE-2026-20826
Concurrent execution using shared resource with improper synchronization ('race condition') in Tablet Windows User Interface (TWINUI) Subsystem allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 +3 more products- Published: Jan. 13, 2026
- Modified: Jan. 15, 2026
-
3.7
LOWCVE-2026-22920
The device's passwords have not been adequately salted, making them vulnerable to password extraction attacks.... Read more
Affected Products :- Published: Jan. 15, 2026
- Modified: Jan. 15, 2026
- Vuln Type: Cryptography
-
3.8
LOWCVE-2026-22919
An attacker with administrative access may inject malicious content into the login page, potentially enabling cross-site scripting (XSS) attacks, leading to the extraction of sensitive data.... Read more
Affected Products :- Published: Jan. 15, 2026
- Modified: Jan. 15, 2026
- Vuln Type: Injection
-
4.3
MEDIUMCVE-2026-22918
An attacker may exploit missing protection against clickjacking by tricking users into performing unintended actions through maliciously crafted web pages, leading to the extraction of sensitive data.... Read more
Affected Products :- Published: Jan. 15, 2026
- Modified: Jan. 15, 2026
- Vuln Type: Cross-Site Request Forgery
-
4.3
MEDIUMCVE-2026-22917
Improper input handling in a system endpoint may allow attackers to overload resources, causing a denial of service.... Read more
Affected Products :- Published: Jan. 15, 2026
- Modified: Jan. 15, 2026
- Vuln Type: Denial of Service
-
4.3
MEDIUMCVE-2026-22916
An attacker with low privileges may be able to trigger critical system functions such as reboot or factory reset without proper restrictions, potentially leading to service disruption or loss of configuration.... Read more
Affected Products :- Published: Jan. 15, 2026
- Modified: Jan. 15, 2026
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2026-22915
An attacker with low privileges may be able to read files from specific directories on the device, potentially exposing sensitive information.... Read more
Affected Products :- Published: Jan. 15, 2026
- Modified: Jan. 15, 2026
- Vuln Type: Path Traversal
-
4.3
MEDIUMCVE-2026-22914
An attacker with limited permissions may still be able to write files to specific locations on the device, potentially leading to system manipulation.... Read more
Affected Products :- Published: Jan. 15, 2026
- Modified: Jan. 15, 2026
- Vuln Type: Path Traversal
-
4.3
MEDIUMCVE-2026-22913
Improper handling of a URL parameter may allow attackers to execute code in a user's browser after login. This can lead to the extraction of sensitive data.... Read more
Affected Products :- Published: Jan. 15, 2026
- Modified: Jan. 15, 2026
- Vuln Type: Cross-Site Scripting
-
4.3
MEDIUMCVE-2026-22912
Improper validation of a login parameter may allow attackers to redirect users to malicious websites after authentication. This can lead to various risk including stealing credentials from unsuspecting users.... Read more
Affected Products :- Published: Jan. 15, 2026
- Modified: Jan. 15, 2026
- Vuln Type: Server-Side Request Forgery
-
5.3
MEDIUMCVE-2026-22911
Firmware update files may expose password hashes for system accounts, which could allow a remote attacker to recover credentials and gain unauthorized access to the device.... Read more
Affected Products :- Published: Jan. 15, 2026
- Modified: Jan. 15, 2026
- Vuln Type: Information Disclosure