CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2026-20922 – Windows NTFS Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2026-20922
13 Jan 2026 — Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20922 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2026-20921 – Windows SMB Server Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-20921
13 Jan 2026 — Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20921 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2026-20875 – Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2026-20875
13 Jan 2026 — Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20875 • CWE-476: NULL Pointer Dereference •
CVSS: 7.0EPSS: 0%CPEs: 24EXPL: 0CVE-2026-20869 – Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-20869
13 Jan 2026 — Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Local Session Manager (LSM) allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20869 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2026-20860 – Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-20860
13 Jan 2026 — Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20860 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2026-20840 – Windows NTFS Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2026-20840
13 Jan 2026 — Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20840 • CWE-122: Heap-based Buffer Overflow •
CVSS: 4.9EPSS: 0%CPEs: 24EXPL: 0CVE-2026-20834 – Windows Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2026-20834
13 Jan 2026 — Absolute path traversal in Windows Shell allows an unauthorized attacker to perform spoofing with a physical attack. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20834 • CWE-36: Absolute Path Traversal CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2026-20833 – Windows Kerberos Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-20833
13 Jan 2026 — Use of a broken or risky cryptographic algorithm in Windows Kerberos allows an authorized attacker to disclose information locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20833 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2026-20831 – Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-20831
13 Jan 2026 — Time-of-check time-of-use (toctou) race condition in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20831 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 4.9EPSS: 0%CPEs: 24EXPL: 0CVE-2026-20828 – Windows rndismp6.sys Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-20828
13 Jan 2026 — Out-of-bounds read in Windows Internet Connection Sharing (ICS) allows an unauthorized attacker to disclose information with a physical attack. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20828 • CWE-125: Out-of-bounds Read •