Common Vulnerabilities and Exposures (CVE)

CVE-2026-20810

Jan 30, 2026 03:39:00 UTC

Free of memory not on the heap in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2026-20809

Jan 30, 2026 03:39:00 UTC

Time-of-check time-of-use (toctou) race condition in Windows Kernel Memory allows an authorized attacker to elevate privileges locally.

CVE-2026-20808

Jan 30, 2026 03:38:59 UTC

Concurrent execution using shared resource with improper synchronization ('race condition') in Printer Association Object allows an authorized attacker to elevate privileges locally.

CVE-2026-20805

Jan 30, 2026 03:38:58 UTC

Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.

CVE-2026-20804

Jan 30, 2026 03:38:57 UTC

Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally.

CVE-2026-20965

Jan 30, 2026 03:38:56 UTC

Improper verification of cryptographic signature in Windows Admin Center allows an authorized attacker to elevate privileges locally.

CVE-2026-20803

Jan 30, 2026 03:38:56 UTC

Missing authentication for critical function in SQL Server allows an authorized attacker to elevate privileges over a network.

CVE-2026-0386

Jan 30, 2026 03:38:55 UTC

Improper access control in Windows Deployment Services allows an unauthorized attacker to execute code over an adjacent network.

Windows Secure Boot stores Microsoft certificates in the UEFI KEK and DB. These original certificates are approaching expiration, and devices containing affected certificate versions must update them to maintain Secure Boot functionality an...

CVE-2026-20962

Jan 30, 2026 03:38:53 UTC

Use of uninitialized resource in Dynamic Root of Trust for Measurement (DRTM) allows an authorized attacker to disclose information locally.

CVE-2025-54942

Jan 30, 2026 03:38:07 UTC

A missing authentication for critical function vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to access deployment functionality without prior authentication.

CVE-2025-54943

Jan 30, 2026 03:37:33 UTC

A missing authorization vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to perform unauthorized application deployment due to the absence of proper access control checks.

CVE-2025-54944

Jan 30, 2026 03:36:54 UTC

An unrestricted upload of file with dangerous type vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to write malicious code in a specific file, which may lead to arbitrary code execution.

CVE-2025-54945

Jan 30, 2026 03:36:16 UTC

An external control of file name or path vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary system commands via a malicious file by controlling the destination file path.

CVE-2025-54946

Jan 30, 2026 03:35:51 UTC

A SQL injection vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary SQL commands.

Page: 37