Total CVEs

142,588

Critical Severity

4,002

High Severity

14,355

Last 7 Days

1,856
Quick preset (or use dates below)
Clear Filters
Showing 13,581 - 13,600 of 14,355 CVEs
CVE-2026-20946 HIGH - 7.8

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Vendor: microsoft
Product: 365_apps
Published: Jan 13, 2026
Source: NVD
CVE-2026-20944 HIGH - 8.4

Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Vendor: microsoft
Product: 365_apps
Published: Jan 13, 2026
Source: NVD
CVE-2026-20943 HIGH - 7.0

Untrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally.

Vendor: microsoft
Product: office
Published: Jan 13, 2026
Source: NVD
CVE-2026-20941 HIGH - 7.8

Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_11_24h2
Published: Jan 13, 2026
Source: NVD
CVE-2026-20940 HIGH - 7.8

Heap-based buffer overflow in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD
CVE-2026-20938 HIGH - 7.8

Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_11_23h2
Published: Jan 13, 2026
Source: NVD
CVE-2026-20934 HIGH - 7.5

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD
CVE-2026-20931 HIGH - 8.0

External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD
CVE-2026-20929 HIGH - 7.5

Improper access control in Windows HTTP.sys allows an authorized attacker to elevate privileges over a network.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD
CVE-2026-20926 HIGH - 7.5

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD
CVE-2026-20924 HIGH - 7.8

Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1809
Published: Jan 13, 2026
Source: NVD
CVE-2026-20923 HIGH - 7.8

Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1809
Published: Jan 13, 2026
Source: NVD
CVE-2026-20922 HIGH - 7.8

Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD
CVE-2026-20921 HIGH - 7.5

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD
CVE-2026-20920 HIGH - 7.8

Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_11_23h2
Published: Jan 13, 2026
Source: NVD
CVE-2026-20919 HIGH - 7.5

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD
CVE-2026-20918 HIGH - 7.8

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1809
Published: Jan 13, 2026
Source: NVD
CVE-2026-20877 HIGH - 7.8

Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1809
Published: Jan 13, 2026
Source: NVD
CVE-2026-20875 HIGH - 7.5

Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD
CVE-2026-20874 HIGH - 7.8

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1809
Published: Jan 13, 2026
Source: NVD