HackTesting

Common Vulnerabilities and Exposures (CVE)

CVE-2026-20935

Jan 20, 2026 23:04:13 UTC

Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an unauthorized attacker to disclose information locally.

CVE-2026-20931

Jan 20, 2026 23:04:13 UTC

External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network.

CVE-2026-20929

Jan 20, 2026 23:04:12 UTC

Improper access control in Windows HTTP.sys allows an authorized attacker to elevate privileges over a network.

CVE-2026-20874

Jan 20, 2026 23:04:12 UTC

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.

CVE-2026-20873

Jan 20, 2026 23:04:11 UTC

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.

CVE-2026-20872

Jan 20, 2026 23:04:11 UTC

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-20871

Jan 20, 2026 23:04:10 UTC

Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally.

CVE-2026-20870

Jan 20, 2026 23:04:09 UTC

Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

CVE-2026-20868

Jan 20, 2026 23:04:09 UTC

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

CVE-2026-20867

Jan 20, 2026 23:04:08 UTC

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.

CVE-2026-20866

Jan 20, 2026 23:04:08 UTC

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.

CVE-2026-20863

Jan 20, 2026 23:04:07 UTC

Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

CVE-2026-20862

Jan 20, 2026 23:04:07 UTC

Exposure of sensitive information to an unauthorized actor in Windows Management Services allows an authorized attacker to disclose information locally.

CVE-2026-20861

Jan 20, 2026 23:04:06 UTC

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.

CVE-2026-21219

Jan 20, 2026 23:04:05 UTC

Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.

Page: 2