Microsoft Microsoft Makers of the Windows Operating System and hundreds of products that run on it.

  1. Vendors
  2. Microsoft

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Microsoft product.

RSS Feeds for Microsoft security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Microsoft products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Microsoft Sorted by Most Security Vulnerabilities since 2018

Microsoft Windows 104329 vulnerabilities

Microsoft Windows Server 20164174 vulnerabilities

Microsoft Windows Server 20194135 vulnerabilities

Microsoft Windows Server 20123129 vulnerabilities

Microsoft Windows Server 20082810 vulnerabilities

Microsoft Windows Server 20222471 vulnerabilities

Microsoft Windows 112278 vulnerabilities

Microsoft Windows 71803 vulnerabilities

Microsoft Windows 8.11703 vulnerabilities

Microsoft Windows Rt 8 11569 vulnerabilities

Microsoft Windows 11 23h21326 vulnerabilities

Microsoft Windows 10 15071239 vulnerabilities

Microsoft Windows Server 2022 23h21115 vulnerabilities

Microsoft Windows 11 24h21003 vulnerabilities

Microsoft Windows Server 2025951 vulnerabilities

Microsoft Windows Server 23h2610 vulnerabilities

Microsoft Windows598 vulnerabilities

Microsoft Office580 vulnerabilities

Microsoft Internet Explorer (IE)447 vulnerabilities
Popular web browser for windows

Microsoft Windows Server 2012 R2444 vulnerabilities

Microsoft 365 Apps419 vulnerabilities

Microsoft Sharepoint Server403 vulnerabilities

Microsoft Windows Vista382 vulnerabilities

Microsoft Edge Browser353 vulnerabilities
Web Browser based on Chromium

Microsoft Windows Server348 vulnerabilities

Microsoft Windows Server 2008 R2345 vulnerabilities

Microsoft Windows XP326 vulnerabilities

Microsoft Windows Server 2008 Sp2306 vulnerabilities

Microsoft Windows Server 2003262 vulnerabilities

Microsoft Edge Chromium218 vulnerabilities

Microsoft Office Long Term Servicing Channel210 vulnerabilities

Microsoft Excel173 vulnerabilities
Spreadsheet Software

Microsoft Windows 11 25h2170 vulnerabilities

Microsoft Windows 2003 Server162 vulnerabilities

Microsoft Office Online Server134 vulnerabilities

Microsoft Exchange Server132 vulnerabilities

Microsoft Sql Server 2019130 vulnerabilities

Microsoft Visual Studio 2019119 vulnerabilities

Microsoft Visual Studio 2022116 vulnerabilities

Microsoft Windows 2000112 vulnerabilities

Microsoft Sql Server 2022102 vulnerabilities

Microsoft Windows 11 2h297 vulnerabilities

Microsoft Word95 vulnerabilities

Microsoft Office 202495 vulnerabilities

Microsoft Windows 10 21h195 vulnerabilities

Microsoft Office 202194 vulnerabilities

Microsoft SQL Server94 vulnerabilities
Database Server

Microsoft Visual Studio 201793 vulnerabilities

Microsoft Dynamics 36593 vulnerabilities

Microsoft Sql Server 201790 vulnerabilities

Microsoft Sql Server 201688 vulnerabilities

Microsoft Office 201985 vulnerabilities

Microsoft Visual Studio84 vulnerabilities
Developer IDE

Microsoft Outlook84 vulnerabilities

Microsoft Office Macos 202479 vulnerabilities

Microsoft Office Macos 202178 vulnerabilities

Microsoft Windows Server 20h272 vulnerabilities

Microsoft Net69 vulnerabilities

Microsoft Visual Studio Code61 vulnerabilities
VSCode Developer IDE

Microsoft Windows 861 vulnerabilities

Microsoft Office Compatibility Pack61 vulnerabilities

Microsoft Windows Nt57 vulnerabilities

Microsoft Windows 10 190957 vulnerabilities

Microsoft Office Web Apps55 vulnerabilities

Microsoft Azure Site Recovery53 vulnerabilities

Microsoft Windows Rt46 vulnerabilities

Microsoft Excel 201644 vulnerabilities

Microsoft Windows 10 180344 vulnerabilities

Microsoft Office Web Apps Server41 vulnerabilities

Microsoft Windows 10 170940 vulnerabilities

Microsoft Azure Devops Server40 vulnerabilities

Microsoft Powershell36 vulnerabilities

Microsoft Windows Server 200434 vulnerabilities

Microsoft Windows Server 180334 vulnerabilities

Microsoft ASP.NET Core34 vulnerabilities

Microsoft Excel Viewer33 vulnerabilities

Microsoft Windows 10 170331 vulnerabilities

Microsoft Ole Db Driver For Sql Server31 vulnerabilities

Microsoft Sharepoint Server 201630 vulnerabilities

Microsoft Sharepoint Server 201930 vulnerabilities

Microsoft Windows 10 190326 vulnerabilities

Microsoft Windows Server 190326 vulnerabilities

Microsoft Windows 10 200426 vulnerabilities

Microsoft Odbc Driver For Sql Server26 vulnerabilities

Microsoft Remote Desktop Client22 vulnerabilities

Microsoft Visio21 vulnerabilities

Microsoft Office Word Viewer20 vulnerabilities

Microsoft Remote Desktop20 vulnerabilities

Microsoft Defender For Iot20 vulnerabilities

Microsoft Teams20 vulnerabilities

Microsoft Office 201618 vulnerabilities

Microsoft Powerpoint18 vulnerabilities

Microsoft Dynamics 365 Business Central17 vulnerabilities

Recent Microsoft Security Advisories

Advisory Title Published
CVE-2026-21264 CVE-2026-21264 Microsoft Account Spoofing Vulnerability January 22, 2026
CVE-2026-21521 CVE-2026-21521 Word Copilot Information Disclosure Vulnerability January 22, 2026
CVE-2026-21227 CVE-2026-21227 Azure Logic Apps Elevation of Privilege Vulnerability January 22, 2026
CVE-2026-24307 CVE-2026-24307 M365 Copilot Information Disclosure Vulnerability January 22, 2026
CVE-2026-24305 CVE-2026-24305 Azure Entra ID Elevation of Privilege Vulnerability January 22, 2026
CVE-2026-21524 CVE-2026-21524 Azure Data Explorer Information Disclosure Vulnerability January 22, 2026
CVE-2026-24306 CVE-2026-24306 Azure Front Door Elevation of Privilege Vulnerability January 22, 2026
CVE-2026-24304 CVE-2026-24304 Azure Resource Manager Elevation of Privilege Vulnerability January 22, 2026
CVE-2026-21520 CVE-2026-21520 Copilot Studio Information Disclosure Vulnerability January 22, 2026
CVE-2026-0902 Chromium: CVE-2026-0902 Inappropriate implementation in V8 January 17, 2026

Known Exploited Microsoft Vulnerabilities

The following Microsoft vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Microsoft Windows Information Disclosure Vulnerability Microsoft Windows Desktop Windows Manager contains an information disclosure vulnerability that allows an authorized attacker to disclose information locally.
CVE-2026-20805 Exploit Probability: 4.6% 		January 13, 2026
Microsoft Office PowerPoint Code Injection Vulnerability Microsoft Office PowerPoint contains a code injection vulnerability that allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an invalid index value that triggers memory corruption.
CVE-2009-0556 Exploit Probability: 78.5% 		January 7, 2026
Microsoft Windows Use After Free Vulnerability Microsoft Windows Cloud Files Mini Filter Driver contains a use after free vulnerability that can allow an authorized attacker to elevate privileges locally.
CVE-2025-62221 Exploit Probability: 3.2% 		December 9, 2025
Microsoft Windows Race Condition Vulnerability Microsoft Windows Kernel contains a race condition vulnerability that allows a local attacker with low-level privileges to escalate privileges. Successful exploitation of this vulnerability could enable the attacker to gain SYSTEM-level access.
CVE-2025-62215 Exploit Probability: 0.7% 		November 12, 2025
Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability Microsoft Windows Server Update Service (WSUS) contains a deserialization of untrusted data vulnerability that allows for remote code execution.
CVE-2025-59287 Exploit Probability: 73.5% 		October 24, 2025
Microsoft Windows SMB Client Improper Access Control Vulnerability Microsoft Windows SMB Client contains an improper access control vulnerability that could allow for privilege escalation. An attacker could execute a specially crafted malicious script to coerce the victim machine to connect back to the attack system using SMB and authenticate.
CVE-2025-33073 Exploit Probability: 54.1% 		October 20, 2025
Microsoft Windows Untrusted Pointer Dereference Vulnerability Microsoft Windows Agere Modem Driver contains an untrusted pointer dereference vulnerability that allows for privilege escalation. An attacker who successfully exploited this vulnerability could gain administrator privileges.
CVE-2025-24990 Exploit Probability: 6.9% 		October 14, 2025
Microsoft Windows Improper Access Control Vulnerability Microsoft Windows contains an improper access control vulnerability in Windows Remote Access Connection Manager which could allow an authorized attacker to elevate privileges locally.
CVE-2025-59230 Exploit Probability: 7.3% 		October 14, 2025
Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability Microsoft Internet Explorer contains an uninitialized memory corruption vulnerability that could allow for remote code execution. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
CVE-2010-3962 Exploit Probability: 87.1% 		October 6, 2025
Microsoft Windows Remote Code Execution Vulnerability Microsoft Windows Kernel contains an unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers that allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page.
CVE-2011-3402 Exploit Probability: 89.2% 		October 6, 2025
Microsoft Windows Privilege Escalation Vulnerability Microsoft Windows Common Log File System Driver contains a privilege escalation vulnerability that could allow a local, privileged attacker to bypass certain security mechanisms.
CVE-2021-43226 Exploit Probability: 8.4% 		October 6, 2025
Microsoft Windows Out-of-Bounds Write Vulnerability Microsoft Windows contains a n out-of-bounds write vulnerability in the InformationCardSigninHelper Class ActiveX control, icardie.dll. An attacker could exploit the vulnerability by constructing a specially crafted webpage. When a user views the webpage, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Use
CVE-2013-3918 Exploit Probability: 86.1% 		October 6, 2025
Microsoft Internet Explorer Resource Management Errors Vulnerability Microsoft Internet Explorer contains a memory corruption vulnerability that allows for remote code execution. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
CVE-2013-3893 Exploit Probability: 81.2% 		August 12, 2025
Microsoft Office Excel Remote Code Execution Vulnerability Microsoft Office Excel contains a remote code execution vulnerability that can be exploited when a specially crafted Excel file is opened. This malicious file could be delivered as an email attachment or hosted on a malicious website. An attacker could leverage this vulnerability by creating a specially crafted Excel file, which, when opened, allowing an attacker to execute remote code on the affected system.
CVE-2007-0671 Exploit Probability: 65.2% 		August 12, 2025
Microsoft SharePoint Improper Authentication Vulnerability Microsoft SharePoint contains an improper authentication vulnerability that allows an authorized attacker to perform spoofing over a network. Successfully exploitation could allow an attacker to view sensitive information and make some changes to disclosed information. This vulnerability could be chained with CVE-2025-49704. The update for CVE-2025-53771 includes more robust protections than the update for CVE-2025-49706.
CVE-2025-49706 Exploit Probability: 72.1% 		July 22, 2025
Microsoft SharePoint Code Injection Vulnerability Microsoft SharePoint contains a code injection vulnerability that could allow an authorized attacker to execute code over a network. This vulnerability could be chained with CVE-2025-49706. The update for CVE-2025-53770 includes more robust protections than the update for CVE-2025-49704.
CVE-2025-49704 Exploit Probability: 75.5% 		July 22, 2025
Microsoft SharePoint Deserialization of Untrusted Data Vulnerability Microsoft SharePoint Server on-premises contains a deserialization of untrusted data vulnerability that could allow an unauthorized attacker to execute code over a network.
CVE-2025-53770 Exploit Probability: 91.2% 		July 20, 2025
Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.
CVE-2025-32701 Exploit Probability: 1.5% 		May 13, 2025
Microsoft Windows Ancillary Function Driver for WinSock Use-After-Free Vulnerability Microsoft Windows Ancillary Function Driver for WinSock contains a use-after-free vulnerability that allows an authorized attacker to escalate privileges to administrator.
CVE-2025-32709 Exploit Probability: 0.8% 		May 13, 2025
Microsoft Windows DWM Core Library Use-After-Free Vulnerability Microsoft Windows DWM Core Library contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.
CVE-2025-30400 Exploit Probability: 1.1% 		May 13, 2025

Of the known exploited vulnerabilities above, 5 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. 6 known exploited Microsoft vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.

Top 10 Riskiest Microsoft Vulnerabilities

Based on the current exploit probability, these Microsoft vulnerabilities are on CISA's Known Exploited vulnerabilities list (KEV) and are ranked by the current EPSS exploit probability.

Rank CVE EPSS Vulnerability
1 CVE-2019-0708 94.5% "BlueKeep" Microsoft Windows Remote Desktop Remote Code Execution Vulnerability
2 CVE-2019-0604 94.4% Microsoft SharePoint Remote Code Execution Vulnerability
3 CVE-2017-7269 94.4% Microsft Windows Server 2003 R2 IIS WEBDAV buffer overflow Remote Code Execution vulnerability (COVI
4 CVE-2020-0796 94.4% Microsoft SMBv3 Remote Code Execution Vulnerability
5 CVE-2020-0688 94.4% Microsoft Exchange Server Key Validation Vulnerability
6 CVE-2021-38647 94.4% Microsoft Azure Open Management Infrastructure (OMI) Remote Code Execution Vulnerability
7 CVE-2017-11882 94.4% Microsoft Office memory corruption vulnerability
8 CVE-2020-1472 94.4% NetLogon Privilege Escalation Vulnerability
9 CVE-2023-29357 94.4% Microsoft SharePoint Server Privilege Escalation Vulnerability
10 CVE-2021-40444 94.3% Microsoft Windows, Server (spec. IE) All Arbitrary Code Execution

By the Year

In 2026 there have been 138 vulnerabilities in Microsoft with an average score of 7.3 out of ten. Last year, in 2025 Microsoft had 2195 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Microsoft in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.07.




Year Vulnerabilities Average Score
2026 138 7.26
2025 2195 7.19
2024 1504 7.47
2023 1546 7.24
2022 1315 7.43
2021 1115 7.45
2020 1211 7.26
2019 768 7.10
2018 583 6.89

It may take a day or so for new Microsoft vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-24304 Jan 23, 2026
Jan 2026: Azure Resource Manager Elevation of Privilege Vulnerability Improper access control in Azure Resource Manager allows an authorized attacker to elevate privileges over a network.
Azure Resource Manager
CVE-2026-21264 Jan 22, 2026
Jan 2026: Microsoft Account Spoofing Vulnerability Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Account allows an unauthorized attacker to perform spoofing over a network.
Micrososft Account
CVE-2026-21521 Jan 22, 2026
Jan 2026: Word Copilot Information Disclosure Vulnerability Improper neutralization of escape, meta, or control sequences in Copilot allows an unauthorized attacker to disclose information over a network.
365 Word Copilot
CVE-2026-21227 Jan 22, 2026
Jan 2026: Azure Logic Apps Elevation of Privilege Vulnerability Improper limitation of a pathname to a restricted directory ('path traversal') in Azure Logic Apps allows an unauthorized attacker to elevate privileges over a network.
Azure Logic Apps
CVE-2026-24307 Jan 22, 2026
Jan 2026: M365 Copilot Information Disclosure Vulnerability Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to disclose information over a network.
365 Copilot
CVE-2026-24305 Jan 22, 2026
Jan 2026: Azure Entra ID Elevation of Privilege Vulnerability Azure Entra ID Elevation of Privilege Vulnerability
Microsoft Entra Id
CVE-2026-21524 Jan 22, 2026
Jan 2026: Azure Data Explorer Information Disclosure Vulnerability Exposure of sensitive information to an unauthorized actor in Azure Data Explorer allows an unauthorized attacker to disclose information over a network.
Azure Data Explorer
CVE-2026-24306 Jan 22, 2026
Jan 2026: Azure Front Door Elevation of Privilege Vulnerability Improper access control in Azure Front Door (AFD) allows an unauthorized attacker to elevate privileges over a network.
Azure Front Door
CVE-2026-21520 Jan 22, 2026
Jan 2026: Copilot Studio Information Disclosure Vulnerability Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector
Copilot Studio
CVE-2026-0908 Jan 20, 2026
Use after free in ANGLE in Google Chrome prior to 144.0.7559.59 Use after free in ANGLE in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-0907 Jan 20, 2026
Incorrect security UI in Split View in Google Chrome prior to 144.0.7559.59 Incorrect security UI in Split View in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-0906 Jan 20, 2026
Incorrect security UI in Google Chrome on Android prior to 144.0.7559.59 Incorrect security UI in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-0905 Jan 20, 2026
Insufficient policy enforcement in Network in Google Chrome prior to 144.0.7559.59 Insufficient policy enforcement in Network in Google Chrome prior to 144.0.7559.59 allowed an attack who obtained a network log file to potentially obtain potentially sensitive information via a network log file. (Chromium security severity: Medium)
CVE-2026-0904 Jan 20, 2026
Incorrect security UI in Digital Credentials in Google Chrome prior to 144.0.7559.59 Incorrect security UI in Digital Credentials in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-0903 Jan 20, 2026
Inappropriate implementation in Downloads in Google Chrome on Windows prior to 144.0.7559.59 Inappropriate implementation in Downloads in Google Chrome on Windows prior to 144.0.7559.59 allowed a remote attacker to bypass dangerous file type protections via a malicious file. (Chromium security severity: Medium)
CVE-2026-0902 Jan 20, 2026
Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-0901 Jan 20, 2026
Inappropriate implementation in Blink in Google Chrome on Android prior to 144.0.7559.59 Inappropriate implementation in Blink in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)
CVE-2026-0899 Jan 20, 2026
Out of bounds memory access in V8 in Google Chrome prior to 144.0.7559.59 Out of bounds memory access in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2026-0900 Jan 20, 2026
Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2026-21223 Jan 16, 2026
Jan 2026: Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Microsoft Edge Elevation Service exposes a privileged COM interface that inadequately validates the privileges of the calling process. A standard (nonadministrator) local user can invoke the IElevatorEdge interface method LaunchUpdateCmdElevatedAndWait, causing the service to execute privileged update commands as LocalSystem. This allows a nonadministrator to enable or disable Windows VirtualizationBased Security (VBS) by modifying protected system registry keys under HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard. Disabling VBS weakens critical platform protections such as Credential Guard, Hypervisorprotected Code Integrity (HVCI), and the Secure Kernel, resulting in a security feature bypass.
Edge Chromium
CVE-2026-20960 Jan 16, 2026
Jan 2026: Microsoft Power Apps Remote Code Execution Vulnerability Improper authorization in Microsoft Power Apps allows an authorized attacker to execute code over a network.
Power Apps
CVE-2026-21226 Jan 13, 2026
Jan 2026: Azure Core shared client library for Python Remote Code Execution Vulnerability Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network.
Azure Core Shared Client Library Python
CVE-2026-20941 Jan 13, 2026
Jan 2026: Host Process for Windows Tasks Elevation of Privilege Vulnerability Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.
Windows Server 2025
Windows 11 25h2
Windows 11 24h2
And others...
CVE-2026-20958 Jan 13, 2026
Jan 2026: Microsoft SharePoint Information Disclosure Vulnerability Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network.
Sharepoint Server 2016
Sharepoint Server 2019
Sharepoint Server
And others...
CVE-2026-20957 Jan 13, 2026
Jan 2026: Microsoft Excel Remote Code Execution Vulnerability Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Office 2021
Office 2019
365 Apps
And others...
CVE-2026-20950 Jan 13, 2026
Jan 2026: Microsoft Excel Remote Code Execution Vulnerability Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Office 2021
Office 2019
365 Apps
And others...
CVE-2026-20952 Jan 13, 2026
Jan 2026: Microsoft Office Remote Code Execution Vulnerability Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Office 2019
365 Apps
Office Macos 2021
And others...
CVE-2026-20948 Jan 13, 2026
Jan 2026: Microsoft Word Remote Code Execution Vulnerability Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Sharepoint Server 2016
Sharepoint Server 2019
Office 2019
And others...
CVE-2026-20949 Jan 13, 2026
Jan 2026: Microsoft Excel Security Feature Bypass Vulnerability Improper access control in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally.
365 Apps
Office Macos 2021
Office 2021
And others...
CVE-2026-20939 Jan 13, 2026
Jan 2026: Windows File Explorer Information Disclosure Vulnerability Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
Windows 10
Windows Server 2019
Windows Server 2022
And others...
CVE-2026-20936 Jan 13, 2026
Jan 2026: Windows NDIS Information Disclosure Vulnerability Out-of-bounds read in Windows NDIS allows an authorized attacker to disclose information with a physical attack.
Windows 10
Windows Server 2019
Windows Server 2022
And others...
CVE-2026-20937 Jan 13, 2026
Jan 2026: Windows File Explorer Information Disclosure Vulnerability Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
Windows 10
Windows Server 2019
Windows Server 2022
And others...
CVE-2026-20935 Jan 13, 2026
Jan 2026: Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an unauthorized attacker to disclose information locally.
Windows 11 25h2
Windows 11 23h2
Windows 11 24h2
And others...
CVE-2026-20929 Jan 13, 2026
Jan 2026: Windows HTTP.sys Elevation of Privilege Vulnerability Improper access control in Windows HTTP.sys allows an authorized attacker to elevate privileges over a network.
Windows 10
Windows Server 2019
Windows Server 2022
And others...
CVE-2026-20931 Jan 13, 2026
Jan 2026: Windows Telephony Service Elevation of Privilege Vulnerability External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network.
Windows 10
Windows Server 2019
Windows Server 2022
And others...
CVE-2026-20874 Jan 13, 2026
Jan 2026: Windows Management Services Elevation of Privilege Vulnerability Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
Windows 10
Windows Server 2019
Windows Server 2022
And others...
CVE-2026-20872 Jan 13, 2026
Jan 2026: NTLM Hash Disclosure Spoofing Vulnerability External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
Windows 10
Windows Server 2019
Windows Server 2022
And others...
CVE-2026-20873 Jan 13, 2026
Jan 2026: Windows Management Services Elevation of Privilege Vulnerability Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
Windows 10
Windows Server 2019
Windows Server 2022
And others...
CVE-2026-20870 Jan 13, 2026
Jan 2026: Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
Windows Server 2025
Windows 11 25h2
Windows 11 24h2
And others...
CVE-2026-20871 Jan 13, 2026
Jan 2026: Desktop Windows Manager Elevation of Privilege Vulnerability Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally.
Windows Server 2022
Windows 10
Windows Server 2025
And others...
CVE-2026-20868 Jan 13, 2026
Jan 2026: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Windows 10
Windows Server 2019
Windows Server 2022
And others...
CVE-2026-20866 Jan 13, 2026
Jan 2026: Windows Management Services Elevation of Privilege Vulnerability Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
Windows 10
Windows Server 2019
Windows Server 2022
And others...
CVE-2026-20867 Jan 13, 2026
Jan 2026: Windows Management Services Elevation of Privilege Vulnerability Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
Windows 10
Windows Server 2019
Windows Server 2022
And others...
CVE-2026-20862 Jan 13, 2026
Jan 2026: Windows Management Services Information Disclosure Vulnerability Exposure of sensitive information to an unauthorized actor in Windows Management Services allows an authorized attacker to disclose information locally.
Windows 10
Windows Server 2019
Windows Server 2022
And others...
CVE-2026-20863 Jan 13, 2026
Jan 2026: Win32k Elevation of Privilege Vulnerability Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
Windows Server 2022
Windows Server 2025
Windows 11 25h2
And others...
CVE-2026-20861 Jan 13, 2026
Jan 2026: Windows Management Services Elevation of Privilege Vulnerability Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
Windows 10
Windows Server 2019
Windows Server 2022
And others...
CVE-2026-20854 Jan 13, 2026
Jan 2026: Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerabi Use after free in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to execute code over a network.
Windows Server 2025
Windows 11 25h2
Windows 11 24h2
And others...
CVE-2026-21219 Jan 13, 2026
Jan 2026: Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
Windows Sdk
CVE-2026-20853 Jan 13, 2026
Jan 2026: Windows WalletService Elevation of Privilege Vulnerability Concurrent execution using shared resource with improper synchronization ('race condition') in Windows WalletService allows an unauthorized attacker to elevate privileges locally.
Windows 10
Windows 11 25h2
Windows 11 23h2
And others...
CVE-2026-20849 Jan 13, 2026
Jan 2026: Windows Kerberos Elevation of Privilege Vulnerability Reliance on untrusted inputs in a security decision in Windows Kerberos allows an authorized attacker to elevate privileges over a network.
Windows 10
Windows Server 2019
Windows Server 2022
And others...
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.