on January 20, 2026 at 8:00 am — CVE-2026-20943 Microsoft Office Click-To-Run Remote Code Execution Vulnerability
Corrected the affected product name in the CVE title and in the FAQs. This is an informational change only.
on January 16, 2026 at 8:08 pm — Chromium: CVE-2026-0904 Incorrect security UI in Digital Credentials
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.
on January 16, 2026 at 8:00 am — CVE-2026-20960 Microsoft Power Apps Remote Code Execution Vulnerability
Improper authorization in Microsoft Power Apps allows an authorized attacker to execute code over a network.
on January 16, 2026 at 8:08 pm — Chromium: CVE-2026-0907 Incorrect security UI in Split View
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.
on January 16, 2026 at 8:08 pm — Chromium: CVE-2026-0906 Incorrect security UI
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.
on January 16, 2026 at 8:08 pm — Chromium: CVE-2026-0906 Incorrect security UI Read More »
on January 16, 2026 at 8:08 pm — Chromium: CVE-2026-0905 Insufficient policy enforcement in Network
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.