Autor: Peter Leibling

CVE-2026-20938 Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability

Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.

CVE-2026-20837 Windows Media Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.

CVE-2026-20839 Windows Client-Side Caching (CSC) Service Information Disclosure Vulnerability

Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to disclose information locally.

CVE-2026-20946 Microsoft Excel Remote Code Execution Vulnerability

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-20840 Windows NTFS Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.

CVE-2026-20953 Microsoft Office Remote Code Execution Vulnerability

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-20842 Microsoft DWM Core Library Elevation of Privilege Vulnerability

Use after free in Windows DWM allows an authorized attacker to elevate privileges locally.

CVE-2026-20956 Microsoft Excel Remote Code Execution Vulnerability

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-20844 Windows Clipboard Server Elevation of Privilege Vulnerability

Use after free in Windows Clipboard Server allows an unauthorized attacker to elevate privileges locally.

CVE-2026-20947 Microsoft SharePoint Server Remote Code Execution Vulnerability

Improper neutralization of special elements used in an sql command (’sql injection‘) in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.