Allgemein – Seite 226

CVE-2026-20948 Microsoft Word Remote Code Execution Vulnerability

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-20922 Windows NTFS Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.

CVE-2026-20952 Microsoft Office Remote Code Execution Vulnerability

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-20829 TPM Trustlet Information Disclosure Vulnerability

Out-of-bounds read in Windows TPM allows an authorized attacker to disclose information locally.

CVE-2026-20830 Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization (‚race condition‘) in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally.

CVE-2026-20939 Windows File Explorer Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

CVE-2026-20925 NTLM Hash Disclosure Spoofing Vulnerability

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-20831 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Time-of-check time-of-use (toctou) race condition in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2026-20866 Windows Management Services Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization (‚race condition‘) in Windows Management Services allows an authorized attacker to elevate privileges locally.

CVE-2026-20918 Windows Management Services Elevation of Privilege Vulnerability