Microsoft Security Response Center Blog Alerts

CVE-2026-20932 Windows File Explorer Information Disclosure Vulnerability

Published January 14, 2026

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

CVE-2026-20810 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Published January 14, 2026

Free of memory not on the heap in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2026-20943 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability

Published January 14, 2026

Untrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-20924 Windows Management Services Elevation of Privilege Vulnerability

Published January 14, 2026

Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.

CVE-2026-20811 Win32k Elevation of Privilege Vulnerability

Published January 14, 2026

Access of resource using incompatible type (‘type confusion’) in Windows Win32K – ICOMP allows an authorized attacker to elevate privileges locally.

CVE-2026-20963 Microsoft SharePoint Remote Code Execution Vulnerability

Published January 14, 2026

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Chromium: CVE-2026-0628 Insufficient policy enforcement in WebView tag

Published January 12, 2026

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.

CVE-2024-57875 block: RCU protect disk->conv_zones_bitmap

Published January 9, 2026

Information published.

CVE-2025-55554 pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().

Published January 9, 2026

Information published.

CVE-2025-55551 An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.

Published January 9, 2026

Information published.

CVE-2026-20932 Windows File Explorer Information Disclosure Vulnerability

CVE-2026-20810 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

CVE-2026-20943 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability

CVE-2026-20924 Windows Management Services Elevation of Privilege Vulnerability

CVE-2026-20811 Win32k Elevation of Privilege Vulnerability

CVE-2026-20963 Microsoft SharePoint Remote Code Execution Vulnerability

Chromium: CVE-2026-0628 Insufficient policy enforcement in WebView tag

CVE-2024-57875 block: RCU protect disk->conv_zones_bitmap

CVE-2025-55554 pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().

CVE-2025-55551 An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.

Contact Info

Follow Us

Affiliations

More Info