Total CVEs

141,537

Critical Severity

3,871

High Severity

13,923

Last 7 Days

1,618
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 13,161 - 13,180 of 13,618 CVEs
CVE-2026-20922 HIGH - 7.8

Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD
CVE-2026-20921 HIGH - 7.5

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD
CVE-2026-20920 HIGH - 7.8

Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_11_23h2
Published: Jan 13, 2026
Source: NVD
CVE-2026-20919 HIGH - 7.5

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD
CVE-2026-20918 HIGH - 7.8

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1809
Published: Jan 13, 2026
Source: NVD
CVE-2026-20877 HIGH - 7.8

Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1809
Published: Jan 13, 2026
Source: NVD
CVE-2026-20875 HIGH - 7.5

Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD
CVE-2026-20874 HIGH - 7.8

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1809
Published: Jan 13, 2026
Source: NVD
CVE-2026-20873 HIGH - 7.8

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1809
Published: Jan 13, 2026
Source: NVD
CVE-2026-20871 HIGH - 7.8

Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_21h2
Published: Jan 13, 2026
Source: NVD
CVE-2026-20870 HIGH - 7.8

Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_11_24h2
Published: Jan 13, 2026
Source: NVD
CVE-2026-20869 HIGH - 7.0

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Local Session Manager (LSM) allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD
CVE-2026-20868 HIGH - 8.8

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD
CVE-2026-20867 HIGH - 7.8

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1809
Published: Jan 13, 2026
Source: NVD
CVE-2026-20866 HIGH - 7.8

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1809
Published: Jan 13, 2026
Source: NVD
CVE-2026-20865 HIGH - 7.8

Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1809
Published: Jan 13, 2026
Source: NVD
CVE-2026-20864 HIGH - 7.8

Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1809
Published: Jan 13, 2026
Source: NVD
CVE-2026-20863 HIGH - 7.0

Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_11_23h2
Published: Jan 13, 2026
Source: NVD
CVE-2026-20861 HIGH - 7.8

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1809
Published: Jan 13, 2026
Source: NVD
CVE-2026-20860 HIGH - 7.8

Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD