Total CVEs

142,588

Critical Severity

4,002

High Severity

14,355

Last 7 Days

1,847
Quick preset (or use dates below)
Clear Filters
Showing 13,601 - 13,620 of 14,355 CVEs
CVE-2026-20873 HIGH - 7.8

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1809
Published: Jan 13, 2026
Source: NVD
CVE-2026-20871 HIGH - 7.8

Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_21h2
Published: Jan 13, 2026
Source: NVD
CVE-2026-20870 HIGH - 7.8

Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_11_24h2
Published: Jan 13, 2026
Source: NVD
CVE-2026-20869 HIGH - 7.0

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Local Session Manager (LSM) allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD
CVE-2026-20868 HIGH - 8.8

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD
CVE-2026-20867 HIGH - 7.8

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1809
Published: Jan 13, 2026
Source: NVD
CVE-2026-20866 HIGH - 7.8

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1809
Published: Jan 13, 2026
Source: NVD
CVE-2026-20865 HIGH - 7.8

Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1809
Published: Jan 13, 2026
Source: NVD
CVE-2026-20864 HIGH - 7.8

Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1809
Published: Jan 13, 2026
Source: NVD
CVE-2026-20863 HIGH - 7.0

Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_11_23h2
Published: Jan 13, 2026
Source: NVD
CVE-2026-20861 HIGH - 7.8

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1809
Published: Jan 13, 2026
Source: NVD
CVE-2026-20860 HIGH - 7.8

Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD
CVE-2026-20859 HIGH - 7.8

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_11_24h2
Published: Jan 13, 2026
Source: NVD
CVE-2026-20858 HIGH - 7.8

Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1809
Published: Jan 13, 2026
Source: NVD
CVE-2026-20857 HIGH - 7.8

Untrusted pointer dereference in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1809
Published: Jan 13, 2026
Source: NVD
CVE-2026-20856 HIGH - 8.1

Improper input validation in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD
CVE-2026-20854 HIGH - 7.5

Use after free in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to execute code over a network.

Vendor: microsoft
Product: windows_11_24h2
Published: Jan 13, 2026
Source: NVD
CVE-2026-20853 HIGH - 7.4

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows WalletService allows an unauthorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD
CVE-2026-20852 HIGH - 7.7

Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD
CVE-2026-20849 HIGH - 7.5

Reliance on untrusted inputs in a security decision in Windows Kerberos allows an authorized attacker to elevate privileges over a network.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD