CVSS: 6.2EPSS: 0%CPEs: 19EXPL: 0CVE-2026-20821 – Remote Procedure Call Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-20821
13 Jan 2026 — Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an unauthorized attacker to disclose information locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20821 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0CVE-2026-20820 – Windows Common Log File System Driver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-20820
13 Jan 2026 — Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20820 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0CVE-2026-20816 – Windows Installer Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-20816
13 Jan 2026 — Time-of-check time-of-use (toctou) race condition in Windows Installer allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20816 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2026-0386 – Windows Deployment Services Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2026-0386
13 Jan 2026 — Improper access control in Windows Deployment Services allows an unauthorized attacker to execute code over an adjacent network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0386 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 3%CPEs: 22EXPL: 0CVE-2025-59230 – Microsoft Windows Improper Access Control Vulnerability
https://notcve.org/view.php?id=CVE-2025-59230
14 Oct 2025 — Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally. Microsoft Windows contains an improper access control vulnerability in Windows Remote Access Connection Manager which could allow an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59230 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2025-59214 – Microsoft Windows File Explorer Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2025-59214
14 Oct 2025 — Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59214 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.5EPSS: 0%CPEs: 22EXPL: 0CVE-2025-59208 – Windows MapUrlToZone Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-59208
14 Oct 2025 — Out-of-bounds read in Windows MapUrlToZone allows an unauthorized attacker to disclose information over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59208 • CWE-125: Out-of-bounds Read •
CVSS: 7.0EPSS: 0%CPEs: 22EXPL: 0CVE-2025-59205 – Windows Graphics Component Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-59205
14 Oct 2025 — Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59205 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 22EXPL: 0CVE-2025-59190 – Windows Search Service Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2025-59190
14 Oct 2025 — Improper input validation in Microsoft Windows Search Component allows an unauthorized attacker to deny service locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59190 • CWE-20: Improper Input Validation •
CVSS: 7.0EPSS: 0%CPEs: 22EXPL: 0CVE-2025-58736 – Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-58736
14 Oct 2025 — Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58736 • CWE-416: Use After Free •