Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
9,687 matching · page 143/194Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2026-20866(opens NVD record) | High | 7.8 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally. | Jan 13, 2026 |
| CVE-2026-20865(opens NVD record) | High | 7.8 | Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally. | Jan 13, 2026 |
| CVE-2026-20864(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally. | Jan 13, 2026 |
| CVE-2026-20863(opens NVD record) | High | 7.0 | Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. | Jan 13, 2026 |
| CVE-2026-20862(opens NVD record) | Medium | 5.5 | Exposure of sensitive information to an unauthorized actor in Windows Management Services allows an authorized attacker to disclose information locally. | Jan 13, 2026 |
| CVE-2026-20861(opens NVD record) | High | 7.8 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally. | Jan 13, 2026 |
| CVE-2026-20860(opens NVD record) | High | 7.8 | Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | Jan 13, 2026 |
| CVE-2026-20859(opens NVD record) | High | 7.8 | Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally. | Jan 13, 2026 |
| CVE-2026-20858(opens NVD record) | High | 7.8 | Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally. | Jan 13, 2026 |
| CVE-2026-20857(opens NVD record) | High | 7.8 | Untrusted pointer dereference in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. | Jan 13, 2026 |
| CVE-2026-20856(opens NVD record) | High | 8.1 | Improper input validation in Windows Server Update Service allows an unauthorized attacker to execute code over a network. | Jan 13, 2026 |
| CVE-2026-20854(opens NVD record) | High | 7.5 | Use after free in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to execute code over a network. | Jan 13, 2026 |
| CVE-2026-20853(opens NVD record) | High | 7.4 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows WalletService allows an unauthorized attacker to elevate privileges locally. | Jan 13, 2026 |
| CVE-2026-20852(opens NVD record) | High | 7.7 | Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally. | Jan 13, 2026 |
| CVE-2026-20851(opens NVD record) | Medium | 6.2 | Out-of-bounds read in Capability Access Management Service (camsvc) allows an unauthorized attacker to disclose information locally. | Jan 13, 2026 |
| CVE-2026-20849(opens NVD record) | High | 7.5 | Reliance on untrusted inputs in a security decision in Windows Kerberos allows an authorized attacker to elevate privileges over a network. | Jan 13, 2026 |
| CVE-2026-20848(opens NVD record) | High | 7.5 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network. | Jan 13, 2026 |
| CVE-2026-20847(opens NVD record) | Medium | 6.5 | Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to perform spoofing over a network. | Jan 13, 2026 |
| CVE-2026-20844(opens NVD record) | High | 7.4 | Use after free in Windows Clipboard Server allows an unauthorized attacker to elevate privileges locally. | Jan 13, 2026 |
| CVE-2026-20843(opens NVD record) | High | 7.8 | Improper access control in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally. | Jan 13, 2026 |
| CVE-2026-20842(opens NVD record) | High | 7.0 | Use after free in Windows DWM allows an authorized attacker to elevate privileges locally. | Jan 13, 2026 |
| CVE-2026-20840(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally. | Jan 13, 2026 |
| CVE-2026-20839(opens NVD record) | Medium | 5.5 | Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to disclose information locally. | Jan 13, 2026 |
| CVE-2026-20838(opens NVD record) | Medium | 5.5 | Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally. | Jan 13, 2026 |
| CVE-2026-20837(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally. | Jan 13, 2026 |
| CVE-2026-20836(opens NVD record) | High | 7.0 | Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally. | Jan 13, 2026 |
| CVE-2026-20835(opens NVD record) | Medium | 5.5 | Out-of-bounds read in Capability Access Management Service (camsvc) allows an authorized attacker to disclose information locally. | Jan 13, 2026 |
| CVE-2026-20834(opens NVD record) | Medium | 4.6 | Absolute path traversal in Windows Shell allows an unauthorized attacker to perform spoofing with a physical attack. | Jan 13, 2026 |
| CVE-2026-20833(opens NVD record) | Medium | 5.5 | Use of a broken or risky cryptographic algorithm in Windows Kerberos allows an authorized attacker to disclose information locally. | Jan 13, 2026 |
| CVE-2026-20832(opens NVD record) | High | 7.8 | Windows Remote Procedure Call Interface Definition Language (IDL) Elevation of Privilege Vulnerability | Jan 13, 2026 |
| CVE-2026-20831(opens NVD record) | High | 7.8 | Time-of-check time-of-use (toctou) race condition in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | Jan 13, 2026 |
| CVE-2026-20830(opens NVD record) | High | 7.0 | Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally. | Jan 13, 2026 |
| CVE-2026-20829(opens NVD record) | Medium | 5.5 | Out-of-bounds read in Windows TPM allows an authorized attacker to disclose information locally. | Jan 13, 2026 |
| CVE-2026-20828(opens NVD record) | Medium | 4.6 | Out-of-bounds read in Windows Internet Connection Sharing (ICS) allows an unauthorized attacker to disclose information with a physical attack. | Jan 13, 2026 |
| CVE-2026-20827(opens NVD record) | Medium | 5.5 | Exposure of sensitive information to an unauthorized actor in Tablet Windows User Interface (TWINUI) Subsystem allows an authorized attacker to disclose information locally. | Jan 13, 2026 |
| CVE-2026-20826(opens NVD record) | High | 7.8 | Concurrent execution using shared resource with improper synchronization ('race condition') in Tablet Windows User Interface (TWINUI) Subsystem allows an authorized attacker to elevate privileges locally. | Jan 13, 2026 |
| CVE-2026-20825(opens NVD record) | Medium | 4.4 | Improper access control in Windows Hyper-V allows an authorized attacker to disclose information locally. | Jan 13, 2026 |
| CVE-2026-20824(opens NVD record) | Medium | 5.5 | Protection mechanism failure in Windows Remote Assistance allows an unauthorized attacker to bypass a security feature locally. | Jan 13, 2026 |
| CVE-2026-20823(opens NVD record) | Medium | 5.5 | Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally. | Jan 13, 2026 |
| CVE-2026-20822(opens NVD record) | High | 7.8 | Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | Jan 13, 2026 |
| CVE-2026-20821(opens NVD record) | Medium | 6.2 | Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an unauthorized attacker to disclose information locally. | Jan 13, 2026 |
| CVE-2026-20820(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | Jan 13, 2026 |
| CVE-2026-20819(opens NVD record) | Medium | 5.5 | Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to disclose information locally. | Jan 13, 2026 |
| CVE-2026-20818(opens NVD record) | Medium | 6.2 | Insertion of sensitive information into log file in Windows Kernel allows an unauthorized attacker to disclose information locally. | Jan 13, 2026 |
| CVE-2026-20817(opens NVD record) | High | 7.8 | Improper handling of insufficient permissions or privileges in Windows Error Reporting allows an authorized attacker to elevate privileges locally. | Jan 13, 2026 |
| CVE-2026-20816(opens NVD record) | High | 7.8 | Time-of-check time-of-use (toctou) race condition in Windows Installer allows an authorized attacker to elevate privileges locally. | Jan 13, 2026 |
| CVE-2026-20815(opens NVD record) | High | 7.0 | Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally. | Jan 13, 2026 |
| CVE-2026-20814(opens NVD record) | High | 7.0 | Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally. | Jan 13, 2026 |
| CVE-2026-20812(opens NVD record) | Medium | 6.5 | Improper input validation in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to perform tampering over a network. | Jan 13, 2026 |
| CVE-2026-20811(opens NVD record) | High | 7.8 | Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. | Jan 13, 2026 |