CVE Database
Comprehensive vulnerability intelligence with advanced analytics
CVE-2026-20844
HighUse after free in Windows Clipboard Server allows an unauthorized attacker to elevate privileges locally.
CVE-2026-20843
HighImproper access control in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally.
CVE-2026-20842
HighUse after free in Windows DWM allows an authorized attacker to elevate privileges locally.
CVE-2026-20840
HighHeap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.
CVE-2026-20839
MediumImproper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to disclose information locally.
CVE-2026-20838
MediumGeneration of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally.
CVE-2026-20837
HighHeap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.
CVE-2026-20836
HighConcurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-20835
MediumOut-of-bounds read in Capability Access Management Service (camsvc) allows an authorized attacker to disclose information locally.
CVE-2026-20834
MediumAbsolute path traversal in Windows Shell allows an unauthorized attacker to perform spoofing with a physical attack.
CVE-2026-20833
MediumUse of a broken or risky cryptographic algorithm in Windows Kerberos allows an authorized attacker to disclose information locally.
CVE-2026-20832
HighWindows Remote Procedure Call Interface Definition Language (IDL) Elevation of Privilege Vulnerability
CVE-2026-20831
HighTime-of-check time-of-use (toctou) race condition in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-20830
HighConcurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally.
CVE-2026-20829
MediumOut-of-bounds read in Windows TPM allows an authorized attacker to disclose information locally.
CVE-2026-20828
MediumOut-of-bounds read in Windows Internet Connection Sharing (ICS) allows an unauthorized attacker to disclose information with a physical attack.
CVE-2026-20827
MediumExposure of sensitive information to an unauthorized actor in Tablet Windows User Interface (TWINUI) Subsystem allows an authorized attacker to disclose information locally.
CVE-2026-20826
HighConcurrent execution using shared resource with improper synchronization ('race condition') in Tablet Windows User Interface (TWINUI) Subsystem allows an authorized attacker to elevate privileges locally.
CVE-2026-20825
MediumImproper access control in Windows Hyper-V allows an authorized attacker to disclose information locally.
CVE-2026-20824
MediumProtection mechanism failure in Windows Remote Assistance allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-20823
MediumExposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
CVE-2026-20822
HighUse after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2026-20821
MediumExposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an unauthorized attacker to disclose information locally.
CVE-2026-20820
HighHeap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.