Total CVEs

141,537

Critical Severity

3,871

High Severity

13,923

Last 7 Days

1,618
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 13,141 - 13,160 of 13,618 CVEs
CVE-2026-20955 HIGH - 7.8

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Vendor: microsoft
Product: 365_apps
Published: Jan 13, 2026
Source: NVD
CVE-2026-20953 HIGH - 8.4

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Vendor: microsoft
Product: 365_apps
Published: Jan 13, 2026
Source: NVD
CVE-2026-20952 HIGH - 8.4

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Vendor: microsoft
Product: 365_apps
Published: Jan 13, 2026
Source: NVD
CVE-2026-20951 HIGH - 7.8

Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.

Vendor: microsoft
Product: sharepoint_server
Published: Jan 13, 2026
Source: NVD
CVE-2026-20950 HIGH - 7.8

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Vendor: microsoft
Product: 365_apps
Published: Jan 13, 2026
Source: NVD
CVE-2026-20949 HIGH - 7.8

Improper access control in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally.

Vendor: microsoft
Product: 365_apps
Published: Jan 13, 2026
Source: NVD
CVE-2026-20948 HIGH - 7.8

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Vendor: microsoft
Product: 365_apps
Published: Jan 13, 2026
Source: NVD
CVE-2026-20947 HIGH - 8.8

Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Vendor: microsoft
Product: sharepoint_server
Published: Jan 13, 2026
Source: NVD
CVE-2026-20946 HIGH - 7.8

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Vendor: microsoft
Product: 365_apps
Published: Jan 13, 2026
Source: NVD
CVE-2026-20944 HIGH - 8.4

Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Vendor: microsoft
Product: 365_apps
Published: Jan 13, 2026
Source: NVD
CVE-2026-20943 HIGH - 7.0

Untrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally.

Vendor: microsoft
Product: office
Published: Jan 13, 2026
Source: NVD
CVE-2026-20941 HIGH - 7.8

Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_11_24h2
Published: Jan 13, 2026
Source: NVD
CVE-2026-20940 HIGH - 7.8

Heap-based buffer overflow in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD
CVE-2026-20938 HIGH - 7.8

Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_11_23h2
Published: Jan 13, 2026
Source: NVD
CVE-2026-20934 HIGH - 7.5

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD
CVE-2026-20931 HIGH - 8.0

External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD
CVE-2026-20929 HIGH - 7.5

Improper access control in Windows HTTP.sys allows an authorized attacker to elevate privileges over a network.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD
CVE-2026-20926 HIGH - 7.5

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD
CVE-2026-20924 HIGH - 7.8

Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1809
Published: Jan 13, 2026
Source: NVD
CVE-2026-20923 HIGH - 7.8

Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1809
Published: Jan 13, 2026
Source: NVD