Threat Entry Updated 2026-01-14

CVE-2026-20814 - Windows 10 Version 1607 Plugin

Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally.

PLUGIN Windows 10 Version 1607

CVE-2026-20814

HIGH CVSS 7.0 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-14

CVE-2026-20818 - Windows Server 2016 Plugin

Insertion of sensitive information into log file in Windows Kernel allows an unauthorized attacker to disclose information locally.

PLUGIN Windows Server 2016

CVE-2026-20818

MEDIUM CVSS 6.2 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-14

CVE-2026-20819 - Windows 11 version 22H3 Plugin

Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to disclose information locally.

PLUGIN Windows 11 version 22H3

CVE-2026-20819

MEDIUM CVSS 5.5 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-14

CVE-2026-20811 - Windows 11 version 22H3 Plugin

Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

PLUGIN Windows 11 version 22H3

CVE-2026-20811

HIGH CVSS 7.8 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-14

CVE-2026-20810 - Windows 10 Version 1809 Plugin

Free of memory not on the heap in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

PLUGIN Windows 10 Version 1809

CVE-2026-20810

HIGH CVSS 7.8 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-14

CVE-2026-20809 - Windows 10 Version 1607 Plugin

Time-of-check time-of-use (toctou) race condition in Windows Kernel Memory allows an authorized attacker to elevate privileges locally.

PLUGIN Windows 10 Version 1607

CVE-2026-20809

HIGH CVSS 7.8 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-14

CVE-2026-20808 - Windows 11 Version 24H2 Plugin

Concurrent execution using shared resource with improper synchronization ('race condition') in Printer Association Object allows an authorized attacker to elevate privileges locally.

PLUGIN Windows 11 Version 24H2

CVE-2026-20808

HIGH CVSS 7.0 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-14

CVE-2026-20812 - Windows 10 Version 1607 Plugin

Improper input validation in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to perform tampering over a network.

PLUGIN Windows 10 Version 1607

CVE-2026-20812

MEDIUM CVSS 6.5 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-14

CVE-2026-20805 - Windows 10 Version 1607 Plugin

Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.

PLUGIN Windows 10 Version 1607

CVE-2026-20805

MEDIUM CVSS 5.5 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-14

CVE-2026-20804 - Windows 10 Version 1607 Plugin

Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally.

PLUGIN Windows 10 Version 1607

CVE-2026-20804

HIGH CVSS 7.7 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-14

CVE-2026-0386 - Windows Server 2008 R2 Service Pack 1 Plugin

Improper access control in Windows Deployment Services allows an unauthorized attacker to execute code over an adjacent network.

PLUGIN Windows Server 2008 R2 Service Pack 1

CVE-2026-0386

HIGH CVSS 7.5 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-16

CVE-2026-20803 - Microsoft SQL Server 2022 for x64-based Systems (CU 22) Plugin

Missing authentication for critical function in SQL Server allows an authorized attacker to elevate privileges over a network.

PLUGIN Microsoft SQL Server 2022 for x64-based Systems (CU 22)

CVE-2026-20803

HIGH CVSS 7.2 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-02-20

CVE-2026-0408 - EX2800 Plugin

A path traversal vulnerability in NETGEAR WiFi range extenders allows an attacker with LAN authentication to access the router's IP and review the contents of the dynamically generated webproc file, which records the username and password submitted to the router GUI.

PLUGIN EX2800

CVE-2026-0408

MEDIUM CVSS 6.1 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-02-20

CVE-2026-0407 - EX2800 Plugin

An insufficient authentication vulnerability in NETGEAR WiFi range extenders allows a network adjacent attacker with WiFi authentication or a physical Ethernet port connection to bypass the authentication process and access the admin panel.

PLUGIN EX2800

CVE-2026-0407

MEDIUM CVSS 6.1 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-02-20

CVE-2026-0406 - XR1000v2 Plugin

An insufficient input validation vulnerability in the NETGEAR XR1000v2 allows attackers connected to the router's LAN to execute OS command injections.

PLUGIN XR1000v2

CVE-2026-0406

MEDIUM CVSS 6.1 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-02-12

CVE-2026-0405 - NBR750 Plugin

An authentication bypass vulnerability in NETGEAR Orbi devices allows users connected to the local network to access the router web interface as an admin.

PLUGIN NBR750

CVE-2026-0405

MEDIUM CVSS 6.1 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-02-12

CVE-2026-0404 - RBR750 Plugin

An insufficient input validation vulnerability in NETGEAR Orbi devices' DHCPv6 functionality allows network adjacent attackers authenticated over WiFi or on LAN to execute OS command injections on the router. DHCPv6 is not enabled by default.

PLUGIN RBR750

CVE-2026-0404

MEDIUM CVSS 4.8 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-02-20

CVE-2026-0403 - RBE970 Plugin

An insufficient input validation vulnerability in NETGEAR Orbi routers allows attackers connected to the router's LAN to execute OS command injections.

PLUGIN RBE970

CVE-2026-0403

LOW CVSS 1.1 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-22

CVE-2026-0892 - Thunderbird Plugin

Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 147 and Thunderbird < 147.

PLUGIN Thunderbird

CVE-2026-0892

CRITICAL CVSS 9.8 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-22

CVE-2026-0891 - Firefox ESR Plugin

Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.

PLUGIN Firefox ESR

CVE-2026-0891

HIGH CVSS 8.1 2026-01-13

Risk Score

Open Full Technical Breakdown