Common Vulnerabilities and Exposures (CVE)

CVE-2026-21226

Jan 20, 2026 17:35:32 UTC

Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network.

CVE-2026-20941

Jan 20, 2026 17:35:31 UTC

Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.

CVE-2026-20958

Jan 20, 2026 17:35:30 UTC

Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network.

CVE-2026-20957

Jan 20, 2026 17:35:30 UTC

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-20952

Jan 20, 2026 17:35:29 UTC

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-20950

Jan 20, 2026 17:35:28 UTC

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-20949

Jan 20, 2026 17:35:28 UTC

Improper access control in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally.

CVE-2026-20948

Jan 20, 2026 17:35:27 UTC

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-20939

Jan 20, 2026 17:35:27 UTC

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

CVE-2026-20937

Jan 20, 2026 17:35:26 UTC

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

CVE-2026-20936

Jan 20, 2026 17:35:26 UTC

Out-of-bounds read in Windows NDIS allows an authorized attacker to disclose information with a physical attack.

CVE-2026-20935

Jan 20, 2026 17:35:25 UTC

Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an unauthorized attacker to disclose information locally.

CVE-2026-20931

Jan 20, 2026 17:35:24 UTC

External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network.

CVE-2026-20929

Jan 20, 2026 17:35:24 UTC

Improper access control in Windows HTTP.sys allows an authorized attacker to elevate privileges over a network.

CVE-2026-20874

Jan 20, 2026 17:35:23 UTC

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.