HackTesting

Common Vulnerabilities and Exposures (CVE)

CVE-2026-20958

Jan 26, 2026 17:50:36 UTC

Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network.

CVE-2026-20957

Jan 26, 2026 17:50:36 UTC

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-20952

Jan 26, 2026 17:50:35 UTC

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-20950

Jan 26, 2026 17:50:34 UTC

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-20949

Jan 26, 2026 17:50:34 UTC

Improper access control in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally.

CVE-2026-20948

Jan 26, 2026 17:50:33 UTC

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-20939

Jan 26, 2026 17:50:32 UTC

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

CVE-2026-20937

Jan 26, 2026 17:50:31 UTC

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

CVE-2026-20936

Jan 26, 2026 17:50:31 UTC

Out-of-bounds read in Windows NDIS allows an authorized attacker to disclose information with a physical attack.

CVE-2026-20935

Jan 26, 2026 17:50:30 UTC

Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an unauthorized attacker to disclose information locally.

CVE-2026-20931

Jan 26, 2026 17:50:30 UTC

External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network.

CVE-2026-20929

Jan 26, 2026 17:50:29 UTC

Improper access control in Windows HTTP.sys allows an authorized attacker to elevate privileges over a network.

CVE-2026-20874

Jan 26, 2026 17:50:28 UTC

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.

CVE-2026-20873

Jan 26, 2026 17:50:28 UTC

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.

CVE-2026-20872

Jan 26, 2026 17:50:27 UTC

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.

Page: 2