Threat Entry Updated 2026-01-15

CVE-2026-20827 - Windows 11 version 22H3 Plugin

Exposure of sensitive information to an unauthorized actor in Tablet Windows User Interface (TWINUI) Subsystem allows an authorized attacker to disclose information locally.

PLUGIN Windows 11 version 22H3

CVE-2026-20827

MEDIUM CVSS 5.5 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-15

CVE-2026-20828 - Windows 11 version 22H3 Plugin

Out-of-bounds read in Windows Internet Connection Sharing (ICS) allows an unauthorized attacker to disclose information with a physical attack.

PLUGIN Windows 11 version 22H3

CVE-2026-20828

MEDIUM CVSS 4.6 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-14

CVE-2026-20822 - Windows 11 version 22H3 Plugin

Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

PLUGIN Windows 11 version 22H3

CVE-2026-20822

HIGH CVSS 7.8 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-14

CVE-2026-20820 - Windows 11 version 22H3 Plugin

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

PLUGIN Windows 11 version 22H3

CVE-2026-20820

HIGH CVSS 7.8 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-14

CVE-2026-20821 - Windows 11 version 22H3 Plugin

Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an unauthorized attacker to disclose information locally.

PLUGIN Windows 11 version 22H3

CVE-2026-20821

MEDIUM CVSS 6.2 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-15

CVE-2026-20824 - Windows 11 version 22H3 Plugin

Protection mechanism failure in Windows Remote Assistance allows an unauthorized attacker to bypass a security feature locally.

PLUGIN Windows 11 version 22H3

CVE-2026-20824

MEDIUM CVSS 5.5 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-15

CVE-2026-20823 - Windows 11 version 22H3 Plugin

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

PLUGIN Windows 11 version 22H3

CVE-2026-20823

MEDIUM CVSS 5.5 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-15

CVE-2026-20825 - Windows 11 version 22H3 Plugin

Improper access control in Windows Hyper-V allows an authorized attacker to disclose information locally.

PLUGIN Windows 11 version 22H3

CVE-2026-20825

MEDIUM CVSS 4.4 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-14

CVE-2026-20817 - Windows 11 version 22H3 Plugin

Improper handling of insufficient permissions or privileges in Windows Error Reporting allows an authorized attacker to elevate privileges locally.

PLUGIN Windows 11 version 22H3

CVE-2026-20817

HIGH CVSS 7.8 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-14

CVE-2026-20816 - Windows 11 version 22H3 Plugin

Time-of-check time-of-use (toctou) race condition in Windows Installer allows an authorized attacker to elevate privileges locally.

PLUGIN Windows 11 version 22H3

CVE-2026-20816

HIGH CVSS 7.8 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-14

CVE-2026-20814 - Windows 11 version 22H3 Plugin

Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally.

PLUGIN Windows 11 version 22H3

CVE-2026-20814

HIGH CVSS 7.0 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-14

CVE-2026-20819 - Windows 11 version 22H3 Plugin

Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to disclose information locally.

PLUGIN Windows 11 version 22H3

CVE-2026-20819

MEDIUM CVSS 5.5 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-14

CVE-2026-20811 - Windows 11 version 22H3 Plugin

Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

PLUGIN Windows 11 version 22H3

CVE-2026-20811

HIGH CVSS 7.8 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-14

CVE-2026-20809 - Windows 11 version 22H3 Plugin

Time-of-check time-of-use (toctou) race condition in Windows Kernel Memory allows an authorized attacker to elevate privileges locally.

PLUGIN Windows 11 version 22H3

CVE-2026-20809

HIGH CVSS 7.8 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-14

CVE-2026-20812 - Windows 11 version 22H3 Plugin

Improper input validation in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to perform tampering over a network.

PLUGIN Windows 11 version 22H3

CVE-2026-20812

MEDIUM CVSS 6.5 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-14

CVE-2026-20805 - Windows 11 version 22H3 Plugin

Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.

PLUGIN Windows 11 version 22H3

CVE-2026-20805

MEDIUM CVSS 5.5 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-14

CVE-2026-20804 - Windows 11 version 22H3 Plugin

Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally.

PLUGIN Windows 11 version 22H3

CVE-2026-20804

HIGH CVSS 7.7 2026-01-13

Risk Score

Open Full Technical Breakdown