Common Vulnerabilities and Exposures (CVE)
CVE-2026-20870
Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
CVE-2026-20868
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2026-20867
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-20866
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-20863
Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
CVE-2026-20862
Exposure of sensitive information to an unauthorized actor in Windows Management Services allows an authorized attacker to disclose information locally.
CVE-2026-20861
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-21219
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
CVE-2026-20854
Use after free in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to execute code over a network.
CVE-2026-20853
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows WalletService allows an unauthorized attacker to elevate privileges locally.
CVE-2026-20849
Reliance on untrusted inputs in a security decision in Windows Kerberos allows an authorized attacker to elevate privileges over a network.
CVE-2026-20848
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.
CVE-2026-20843
Improper access control in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally.
CVE-2026-20960
Improper authorization in Microsoft Power Apps allows an authorized attacker to execute code over a network.
CVE-2026-20947
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.