Threat Entry Updated 2026-02-05

CVE-2026-21226 - Azure Core shared client library for Python Plugin

Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network.

PLUGIN Azure Core shared client library for Python

CVE-2026-21226

HIGH CVSS 7.5 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-14

CVE-2026-21265 - Windows 10 Version 1607 Plugin

Windows Secure Boot stores Microsoft certificates in the UEFI KEK and DB. These original certificates are approaching expiration, and devices containing affected certificate versions must update them to maintain Secure Boot functionality and avoid compromising security by losing security fixes related to Windows boot manager or Secure Boot. The operating system’s certificate update protection mechanism relies on firmware components that might contain defects, which can cause certificate trust updates to fail or behave unpredictably. This leads to potential disruption of the Secure Boot trust chain and requires careful validation and…

PLUGIN Windows 10 Version 1607

CVE-2026-21265

MEDIUM CVSS 6.4 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-14

CVE-2026-20963 - Microsoft SharePoint Enterprise Server 2016 Plugin

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

PLUGIN Microsoft SharePoint Enterprise Server 2016

CVE-2026-20963

HIGH CVSS 8.8 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-14

CVE-2026-21224 - Azure Connected Machine Agent Plugin

Stack-based buffer overflow in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.

PLUGIN Azure Connected Machine Agent

CVE-2026-21224

HIGH CVSS 7.8 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-16

CVE-2026-20965 - Windows Admin Center in Azure Portal Plugin

Improper verification of cryptographic signature in Windows Admin Center allows an authorized attacker to elevate privileges locally.

PLUGIN Windows Admin Center in Azure Portal

CVE-2026-20965

HIGH CVSS 7.5 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-16

CVE-2026-21221 - Windows 11 Version 24H2 Plugin

Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally.

PLUGIN Windows 11 Version 24H2

CVE-2026-21221

HIGH CVSS 7.0 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-02-09

CVE-2026-21219 - Windows SDK Plugin

Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.

PLUGIN Windows SDK

CVE-2026-21219

HIGH CVSS 7.0 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-14

CVE-2026-20962 - Windows 10 Version 1809 Plugin

Use of uninitialized resource in Dynamic Root of Trust for Measurement (DRTM) allows an authorized attacker to disclose information locally.

PLUGIN Windows 10 Version 1809

CVE-2026-20962

MEDIUM CVSS 4.4 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-14

CVE-2026-20953 - Microsoft 365 Apps for Enterprise Plugin

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

PLUGIN Microsoft 365 Apps for Enterprise

CVE-2026-20953

HIGH CVSS 8.4 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-14

CVE-2026-20957 - Microsoft 365 Apps for Enterprise Plugin

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

PLUGIN Microsoft 365 Apps for Enterprise

CVE-2026-20957

HIGH CVSS 7.8 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-14

CVE-2026-20956 - Microsoft 365 Apps for Enterprise Plugin

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

PLUGIN Microsoft 365 Apps for Enterprise

CVE-2026-20956

HIGH CVSS 7.8 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-14

CVE-2026-20955 - Microsoft 365 Apps for Enterprise Plugin

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

PLUGIN Microsoft 365 Apps for Enterprise

CVE-2026-20955

HIGH CVSS 7.8 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-14

CVE-2026-20958 - Microsoft SharePoint Enterprise Server 2016 Plugin

Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network.

PLUGIN Microsoft SharePoint Enterprise Server 2016

CVE-2026-20958

MEDIUM CVSS 5.4 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-14

CVE-2026-20959 - Microsoft SharePoint Enterprise Server 2016 Plugin

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

PLUGIN Microsoft SharePoint Enterprise Server 2016

CVE-2026-20959

MEDIUM CVSS 4.6 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-16

CVE-2026-20947 - Microsoft SharePoint Enterprise Server 2016 Plugin

Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

PLUGIN Microsoft SharePoint Enterprise Server 2016

CVE-2026-20947

HIGH CVSS 8.8 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-14

CVE-2026-20952 - Microsoft 365 Apps for Enterprise Plugin

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

PLUGIN Microsoft 365 Apps for Enterprise

CVE-2026-20952

HIGH CVSS 8.4 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-14

CVE-2026-20951 - Microsoft SharePoint Enterprise Server 2016 Plugin

Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.

PLUGIN Microsoft SharePoint Enterprise Server 2016

CVE-2026-20951

HIGH CVSS 7.8 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-14

CVE-2026-20950 - Microsoft 365 Apps for Enterprise Plugin

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

PLUGIN Microsoft 365 Apps for Enterprise

CVE-2026-20950

HIGH CVSS 7.8 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-16

CVE-2026-20949 - Microsoft 365 Apps for Enterprise Plugin

Improper access control in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally.

PLUGIN Microsoft 365 Apps for Enterprise

CVE-2026-20949

HIGH CVSS 7.8 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-16

CVE-2026-20948 - Microsoft 365 Apps for Enterprise Plugin

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

PLUGIN Microsoft 365 Apps for Enterprise

CVE-2026-20948

HIGH CVSS 7.8 2026-01-13

Risk Score

Open Full Technical Breakdown