Threat Entry Updated 2026-01-15

CVE-2026-20823 - Windows 10 Version 22H2 Plugin

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

PLUGIN Windows 10 Version 22H2

CVE-2026-20823

MEDIUM CVSS 5.5 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-15

CVE-2026-20825 - Windows 10 Version 22H2 Plugin

Improper access control in Windows Hyper-V allows an authorized attacker to disclose information locally.

PLUGIN Windows 10 Version 22H2

CVE-2026-20825

MEDIUM CVSS 4.4 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-14

CVE-2026-20817 - Windows 10 Version 22H2 Plugin

Improper handling of insufficient permissions or privileges in Windows Error Reporting allows an authorized attacker to elevate privileges locally.

PLUGIN Windows 10 Version 22H2

CVE-2026-20817

HIGH CVSS 7.8 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-14

CVE-2026-20816 - Windows 10 Version 22H2 Plugin

Time-of-check time-of-use (toctou) race condition in Windows Installer allows an authorized attacker to elevate privileges locally.

PLUGIN Windows 10 Version 22H2

CVE-2026-20816

HIGH CVSS 7.8 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-14

CVE-2026-20814 - Windows 10 Version 22H2 Plugin

Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally.

PLUGIN Windows 10 Version 22H2

CVE-2026-20814

HIGH CVSS 7.0 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-14

CVE-2026-20810 - Windows 10 Version 22H2 Plugin

Free of memory not on the heap in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

PLUGIN Windows 10 Version 22H2

CVE-2026-20810

HIGH CVSS 7.8 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-14

CVE-2026-20809 - Windows 10 Version 22H2 Plugin

Time-of-check time-of-use (toctou) race condition in Windows Kernel Memory allows an authorized attacker to elevate privileges locally.

PLUGIN Windows 10 Version 22H2

CVE-2026-20809

HIGH CVSS 7.8 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-14

CVE-2026-20812 - Windows 10 Version 22H2 Plugin

Improper input validation in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to perform tampering over a network.

PLUGIN Windows 10 Version 22H2

CVE-2026-20812

MEDIUM CVSS 6.5 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-14

CVE-2026-20805 - Windows 10 Version 22H2 Plugin

Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.

PLUGIN Windows 10 Version 22H2

CVE-2026-20805

MEDIUM CVSS 5.5 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-14

CVE-2026-20804 - Windows 10 Version 22H2 Plugin

Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally.

PLUGIN Windows 10 Version 22H2

CVE-2026-20804

HIGH CVSS 7.7 2026-01-13

Risk Score

Open Full Technical Breakdown