Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2026-20843

    Improper access control in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally.... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 13, 2026

  • 7.0

    HIGH
    CVE-2026-20842

    Use after free in Windows DWM allows an authorized attacker to elevate privileges locally.... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 13, 2026

  • 7.8

    HIGH
    CVE-2026-20840

    Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 13, 2026

  • 5.5

    MEDIUM
    CVE-2026-20839

    Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to disclose information locally.... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 13, 2026

  • 5.5

    MEDIUM
    CVE-2026-20838

    Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally.... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 13, 2026

  • 7.8

    HIGH
    CVE-2026-20837

    Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 13, 2026

  • 7.0

    HIGH
    CVE-2026-20836

    Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally.... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 13, 2026

  • 5.5

    MEDIUM
    CVE-2026-20835

    Out-of-bounds read in Capability Access Management Service (camsvc) allows an authorized attacker to disclose information locally.... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 13, 2026

  • 4.6

    MEDIUM
    CVE-2026-20834

    Absolute path traversal in Windows Shell allows an unauthorized attacker to perform spoofing with a physical attack.... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 13, 2026

  • 5.5

    MEDIUM
    CVE-2026-20833

    Use of a broken or risky cryptographic algorithm in Windows Kerberos allows an authorized attacker to disclose information locally.... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 13, 2026

  • 7.8

    HIGH
    CVE-2026-20832

    Windows Remote Procedure Call Interface Definition Language (IDL) Elevation of Privilege Vulnerability... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 13, 2026

  • 7.8

    HIGH
    CVE-2026-20831

    Time-of-check time-of-use (toctou) race condition in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 13, 2026

  • 7.0

    HIGH
    CVE-2026-20830

    Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally.... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 13, 2026

  • 5.5

    MEDIUM
    CVE-2026-20829

    Out-of-bounds read in Windows TPM allows an authorized attacker to disclose information locally.... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 13, 2026

  • 4.6

    MEDIUM
    CVE-2026-20828

    Out-of-bounds read in Windows Internet Connection Sharing (ICS) allows an unauthorized attacker to disclose information with a physical attack.... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 13, 2026

  • 5.5

    MEDIUM
    CVE-2026-20827

    Exposure of sensitive information to an unauthorized actor in Tablet Windows User Interface (TWINUI) Subsystem allows an authorized attacker to disclose information locally.... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 13, 2026

  • 7.8

    HIGH
    CVE-2026-20826

    Concurrent execution using shared resource with improper synchronization ('race condition') in Tablet Windows User Interface (TWINUI) Subsystem allows an authorized attacker to elevate privileges locally.... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 13, 2026

  • 4.4

    MEDIUM
    CVE-2026-20825

    Improper access control in Windows Hyper-V allows an authorized attacker to disclose information locally.... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 13, 2026

  • 5.5

    MEDIUM
    CVE-2026-20824

    Protection mechanism failure in Windows Remote Assistance allows an unauthorized attacker to bypass a security feature locally.... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 13, 2026

  • 5.5

    MEDIUM
    CVE-2026-20823

    Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 13, 2026
Showing 20 of 4498 Results