CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2026-20939 – Windows File Explorer Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-20939
13 Jan 2026 — Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20939 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2026-20937 – Windows File Explorer Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-20937
13 Jan 2026 — Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20937 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.6EPSS: 0%CPEs: 24EXPL: 0CVE-2026-20936 – Windows NDIS Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-20936
13 Jan 2026 — Out-of-bounds read in Windows NDIS allows an authorized attacker to disclose information with a physical attack. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20936 • CWE-125: Out-of-bounds Read •
CVSS: 8.0EPSS: 1%CPEs: 24EXPL: 0CVE-2026-20931 – Windows Telephony Service Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-20931
13 Jan 2026 — External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20931 • CWE-73: External Control of File Name or Path •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2026-20929 – Windows HTTP.sys Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-20929
13 Jan 2026 — Improper access control in Windows HTTP.sys allows an authorized attacker to elevate privileges over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20929 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2026-20872 – NTLM Hash Disclosure Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2026-20872
13 Jan 2026 — External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20872 • CWE-73: External Control of File Name or Path •
CVSS: 10.0EPSS: 0%CPEs: 24EXPL: 0CVE-2026-20868 – Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2026-20868
13 Jan 2026 — Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20868 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2026-20849 – Windows Kerberos Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-20849
13 Jan 2026 — Reliance on untrusted inputs in a security decision in Windows Kerberos allows an authorized attacker to elevate privileges over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20849 • CWE-807: Reliance on Untrusted Inputs in a Security Decision •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2026-20848 – Windows SMB Server Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-20848
13 Jan 2026 — Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20848 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2026-20843 – Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-20843
13 Jan 2026 — Improper access control in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20843 • CWE-284: Improper Access Control •