CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-0386 Improper access control in Windows Deployment Services allows an unauthorized attacker to execute code over an adjacent network. | 7.5 | HIGH | — | 0 |
| CVE-2026-20804 Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally. | 7.7 | HIGH | — | 0 |
| CVE-2026-20808 Concurrent execution using shared resource with improper synchronization ('race condition') in Printer Association Object allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | — | 0 |
| CVE-2026-20809 Time-of-check time-of-use (toctou) race condition in Windows Kernel Memory allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2026-21300 Substance3D - Modeler versions 1.22.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. Exploitation of this issue requires user in... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-20810 Free of memory not on the heap in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2026-20811 Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2026-20812 Improper input validation in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to perform tampering over a network. | 6.5 | MEDIUM | — | 0 |
| CVE-2026-20814 Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | — | 0 |
| CVE-2026-21301 Substance3D - Modeler versions 1.22.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. Exploitation of this issue requires user in... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-20815 Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally... | 7.0 | HIGH | — | 0 |
| CVE-2026-20816 Time-of-check time-of-use (toctou) race condition in Windows Installer allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2026-20817 Improper handling of insufficient permissions or privileges in Windows Error Reporting allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2026-20818 Insertion of sensitive information into log file in Windows Kernel allows an unauthorized attacker to disclose information locally. | 6.2 | MEDIUM | — | 0 |
| CVE-2026-20819 Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | — | 0 |
| CVE-2021-47775 YouTube Video Grabber, now referred to as YouTube Downloader, 1.9.9.1 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the Structured Exception H... | 8.4 | HIGH | — | 0 |
| CVE-2026-20820 Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2026-20821 Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an unauthorized attacker to disclose information locally. | 6.2 | MEDIUM | — | 0 |
| CVE-2026-20822 Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2026-20823 Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-20824 Protection mechanism failure in Windows Remote Assistance allows an unauthorized attacker to bypass a security feature locally. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-20825 Improper access control in Windows Hyper-V allows an authorized attacker to disclose information locally. | 4.4 | MEDIUM | — | 0 |
| CVE-2026-20826 Concurrent execution using shared resource with improper synchronization ('race condition') in Tablet Windows User Interface (TWINUI) Subsystem allows an authorized attacker to elevate privileges loca... | 7.8 | HIGH | — | 0 |
| CVE-2026-20827 Exposure of sensitive information to an unauthorized actor in Tablet Windows User Interface (TWINUI) Subsystem allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | — | 0 |
| CVE-2021-47777 Build Smart ERP 21.0817 contains an unauthenticated SQL injection vulnerability in the 'eidValue' parameter of the login validation endpoint. Attackers can inject stacked SQL queries using payloads li... | 8.2 | HIGH | — | 0 |
| CVE-2026-20828 Out-of-bounds read in Windows Internet Connection Sharing (ICS) allows an unauthorized attacker to disclose information with a physical attack. | 4.6 | MEDIUM | — | 0 |
| CVE-2026-20829 Out-of-bounds read in Windows TPM allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-20830 Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally... | 7.0 | HIGH | — | 0 |
| CVE-2026-20831 Time-of-check time-of-use (toctou) race condition in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2026-20832 Windows Remote Procedure Call Interface Definition Language (IDL) Elevation of Privilege Vulnerability | 7.8 | HIGH | — | 0 |
| CVE-2026-20833 Use of a broken or risky cryptographic algorithm in Windows Kerberos allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-20834 Absolute path traversal in Windows Shell allows an unauthorized attacker to perform spoofing with a physical attack. | 4.6 | MEDIUM | — | 0 |
| CVE-2026-20835 Out-of-bounds read in Capability Access Management Service (camsvc) allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-20836 Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | — | 0 |
| CVE-2026-20842 Use after free in Windows DWM allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | — | 0 |
| CVE-2026-20837 Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally. | 7.8 | HIGH | — | 0 |
| CVE-2026-20838 Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-20839 Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-20840 Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally. | 7.8 | HIGH | — | 0 |
| CVE-2026-21302 Substance3D - Modeler versions 1.22.4 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sens... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-20843 Improper access control in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2026-20844 Use after free in Windows Clipboard Server allows an unauthorized attacker to elevate privileges locally. | 7.4 | HIGH | — | 0 |
| CVE-2026-20847 Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to perform spoofing over a network. | 6.5 | MEDIUM | — | 0 |
| CVE-2026-20848 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network. | 7.5 | HIGH | — | 0 |
| CVE-2026-20849 Reliance on untrusted inputs in a security decision in Windows Kerberos allows an authorized attacker to elevate privileges over a network. | 7.5 | HIGH | — | 0 |
| CVE-2026-20851 Out-of-bounds read in Capability Access Management Service (camsvc) allows an unauthorized attacker to disclose information locally. | 6.2 | MEDIUM | — | 0 |
| CVE-2026-20852 Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally. | 7.7 | HIGH | — | 0 |
| CVE-2026-20853 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows WalletService allows an unauthorized attacker to elevate privileges locally. | 7.4 | HIGH | — | 0 |
| CVE-2026-20854 Use after free in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to execute code over a network. | 7.5 | HIGH | — | 0 |
| CVE-2023-7343 HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to t... | 7.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.