NVD disclosure day

Published threat advisories for January 13, 2026

CVE advisoryKnown Exploit

CVE-2026-20963

Microsoft SharePoint Remote Code Execution Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A vulnerability in Microsoft SharePoint allows unauthorized attackers to execute code remotely over a network. This issue arises from the deserialization of untrusted data. Affected organizations face business risks including system compromise and potential data impact.

NVD published: • CISA KEV
CVE advisoryKnown Exploit

CVE-2026-20805

Microsoft Windows Information Disclosure Vulnerability

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A vulnerability in the Desktop Window Manager allows local attackers to disclose sensitive information. This could lead to unauthorized access to confidential data, posing a business risk. Organizations should identify and update affected Windows systems.

NVD published: • CISA KEV