HackTesting

Common Vulnerabilities and Exposures (CVE)

CVE-2026-20840

Feb 13, 2026 20:40:18 UTC

Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.

CVE-2026-20839

Feb 13, 2026 20:40:17 UTC

Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to disclose information locally.

CVE-2026-20838

Feb 13, 2026 20:40:16 UTC

Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally.

CVE-2026-20837

Feb 13, 2026 20:40:16 UTC

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.

CVE-2026-20836

Feb 13, 2026 20:40:15 UTC

Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally.

CVE-2026-20835

Feb 13, 2026 20:40:15 UTC

Out-of-bounds read in Capability Access Management Service (camsvc) allows an authorized attacker to disclose information locally.

CVE-2026-20834

Feb 13, 2026 20:40:14 UTC

Absolute path traversal in Windows Shell allows an unauthorized attacker to perform spoofing with a physical attack.

CVE-2026-20833

Feb 13, 2026 20:40:14 UTC

Use of a broken or risky cryptographic algorithm in Windows Kerberos allows an authorized attacker to disclose information locally.

CVE-2026-20832

Feb 13, 2026 20:40:13 UTC

Windows Remote Procedure Call Interface Definition Language (IDL) Elevation of Privilege Vulnerability

CVE-2026-20831

Feb 13, 2026 20:40:13 UTC

Time-of-check time-of-use (toctou) race condition in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2026-20829

Feb 13, 2026 20:40:12 UTC

Out-of-bounds read in Windows TPM allows an authorized attacker to disclose information locally.

CVE-2026-20828

Feb 13, 2026 20:40:12 UTC

Out-of-bounds read in Windows Internet Connection Sharing (ICS) allows an unauthorized attacker to disclose information with a physical attack.

CVE-2026-20827

Feb 13, 2026 20:40:11 UTC

Exposure of sensitive information to an unauthorized actor in Tablet Windows User Interface (TWINUI) Subsystem allows an authorized attacker to disclose information locally.

CVE-2026-20826

Feb 13, 2026 20:40:11 UTC

Concurrent execution using shared resource with improper synchronization ('race condition') in Tablet Windows User Interface (TWINUI) Subsystem allows an authorized attacker to elevate privileges locally.

CVE-2026-20825

Feb 13, 2026 20:40:10 UTC

Improper access control in Windows Hyper-V allows an authorized attacker to disclose information locally.

Page: 34