CVE-2026-20828
- EPSS 0.62%
- Veröffentlicht 13.01.2026 17:56:20
- Zuletzt bearbeitet 15.01.2026 13:08:46
Out-of-bounds read in Windows Internet Connection Sharing (ICS) allows an unauthorized attacker to disclose information with a physical attack.
- EPSS 0.3%
- Veröffentlicht 13.01.2026 17:56:19
- Zuletzt bearbeitet 15.01.2026 13:16:27
Concurrent execution using shared resource with improper synchronization ('race condition') in Tablet Windows User Interface (TWINUI) Subsystem allows an authorized attacker to elevate privileges locally.
CVE-2026-20824
- EPSS 0.88%
- Veröffentlicht 13.01.2026 17:56:18
- Zuletzt bearbeitet 15.01.2026 13:21:04
Protection mechanism failure in Windows Remote Assistance allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-20825
- EPSS 0.51%
- Veröffentlicht 13.01.2026 17:56:18
- Zuletzt bearbeitet 15.01.2026 13:18:07
Improper access control in Windows Hyper-V allows an authorized attacker to disclose information locally.
CVE-2026-20822
- EPSS 0.39%
- Veröffentlicht 13.01.2026 17:56:17
- Zuletzt bearbeitet 14.01.2026 20:41:57
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2026-20823
- EPSS 0.65%
- Veröffentlicht 13.01.2026 17:56:17
- Zuletzt bearbeitet 15.01.2026 13:24:55
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
CVE-2026-20819
- EPSS 0.55%
- Veröffentlicht 13.01.2026 17:56:15
- Zuletzt bearbeitet 14.01.2026 20:33:03
Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to disclose information locally.
- EPSS 2.39%
- Veröffentlicht 13.01.2026 17:56:13
- Zuletzt bearbeitet 14.01.2026 20:29:02
Time-of-check time-of-use (toctou) race condition in Windows Installer allows an authorized attacker to elevate privileges locally.
- EPSS 0.3%
- Veröffentlicht 13.01.2026 17:56:12
- Zuletzt bearbeitet 14.01.2026 20:27:14
Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally.
CVE-2026-20812
- EPSS 1.12%
- Veröffentlicht 13.01.2026 17:56:11
- Zuletzt bearbeitet 14.01.2026 20:25:38
Improper input validation in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to perform tampering over a network.