Total CVEs

142,588

Critical Severity

4,002

High Severity

14,355

Last 7 Days

1,856
Quick preset (or use dates below)
Clear Filters
Showing 13,821 - 13,840 of 14,782 CVEs
CVE-2026-20962 MEDIUM - 4.4

Use of uninitialized resource in Dynamic Root of Trust for Measurement (DRTM) allows an authorized attacker to disclose information locally.

Vendor: microsoft
Product: windows_10_1809
Published: Jan 13, 2026
Source: NVD
CVE-2026-20959 MEDIUM - 5.4

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

Vendor: microsoft
Product: sharepoint_server
Published: Jan 13, 2026
Source: NVD
CVE-2026-20958 MEDIUM - 5.4

Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network.

Vendor: microsoft
Product: sharepoint_server
Published: Jan 13, 2026
Source: NVD
CVE-2026-20939 MEDIUM - 5.5

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD
CVE-2026-20937 MEDIUM - 5.5

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD
CVE-2026-20936 MEDIUM - 4.3

Out-of-bounds read in Windows NDIS allows an authorized attacker to disclose information with a physical attack.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD
CVE-2026-20935 MEDIUM - 6.2

Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an unauthorized attacker to disclose information locally.

Vendor: microsoft
Product: windows_11_23h2
Published: Jan 13, 2026
Source: NVD
CVE-2026-20932 MEDIUM - 5.5

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD
CVE-2026-20927 MEDIUM - 5.3

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to deny service over a network.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD
CVE-2026-20925 MEDIUM - 6.5

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD
CVE-2026-20876 MEDIUM - 6.7

Heap-based buffer overflow in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_11_23h2
Published: Jan 13, 2026
Source: NVD
CVE-2026-20872 MEDIUM - 6.5

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD
CVE-2026-20862 MEDIUM - 5.5

Exposure of sensitive information to an unauthorized actor in Windows Management Services allows an authorized attacker to disclose information locally.

Vendor: microsoft
Product: windows_10_1809
Published: Jan 13, 2026
Source: NVD
CVE-2026-20851 MEDIUM - 6.2

Out-of-bounds read in Capability Access Management Service (camsvc) allows an unauthorized attacker to disclose information locally.

Vendor: microsoft
Product: windows_11_24h2
Published: Jan 13, 2026
Source: NVD
CVE-2026-20847 MEDIUM - 6.5

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to perform spoofing over a network.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD
CVE-2026-20839 MEDIUM - 5.5

Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to disclose information locally.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD
CVE-2026-20838 MEDIUM - 5.5

Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally.

Vendor: microsoft
Product: windows_11_23h2
Published: Jan 13, 2026
Source: NVD
CVE-2026-20835 MEDIUM - 5.5

Out-of-bounds read in Capability Access Management Service (camsvc) allows an authorized attacker to disclose information locally.

Vendor: microsoft
Product: windows_11_24h2
Published: Jan 13, 2026
Source: NVD
CVE-2026-20834 MEDIUM - 4.6

Absolute path traversal in Windows Shell allows an unauthorized attacker to perform spoofing with a physical attack.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD
CVE-2026-20833 MEDIUM - 5.5

Use of a broken or risky cryptographic algorithm in Windows Kerberos allows an authorized attacker to disclose information locally.

Vendor: microsoft
Product: windows_server_2008
Published: Jan 13, 2026
Source: NVD