CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0CVE-2026-20940 – Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-20940
13 Jan 2026 — Heap-based buffer overflow in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20940 • CWE-822: Untrusted Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2026-20934 – Windows SMB Server Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-20934
13 Jan 2026 — Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20934 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2026-20932 – Windows File Explorer Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-20932
13 Jan 2026 — Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20932 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 24EXPL: 0CVE-2026-20927 – Windows SMB Server Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2026-20927
13 Jan 2026 — Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to deny service over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20927 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2026-20926 – Windows SMB Server Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-20926
13 Jan 2026 — Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20926 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2026-20925 – NTLM Hash Disclosure Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2026-20925
13 Jan 2026 — External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20925 • CWE-73: External Control of File Name or Path •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2026-20924 – Windows Management Services Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-20924
13 Jan 2026 — Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20924 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2026-20923 – Windows Management Services Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-20923
13 Jan 2026 — Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20923 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2026-20922 – Windows NTFS Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2026-20922
13 Jan 2026 — Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20922 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2026-20921 – Windows SMB Server Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-20921
13 Jan 2026 — Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20921 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •