Total
334167 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-21253 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-02-20 | 7 High |
| Use after free in Mailslot File System allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-21255 | 1 Microsoft | 25 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 22 more | 2026-02-20 | 8.8 High |
| Improper access control in Windows Hyper-V allows an authorized attacker to bypass a security feature locally. | ||||
| CVE-2026-21256 | 1 Microsoft | 1 Visual Studio 2022 | 2026-02-20 | 8.8 High |
| Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-21257 | 1 Microsoft | 1 Visual Studio 2022 | 2026-02-20 | 8 High |
| Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-21261 | 1 Microsoft | 11 365 Apps, Excel, Excel 2016 and 8 more | 2026-02-20 | 5.5 Medium |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2026-21508 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-02-20 | 7 High |
| Improper authentication in Windows Storage allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-21511 | 1 Microsoft | 13 365 Apps, Office, Office 2019 and 10 more | 2026-02-20 | 7.5 High |
| Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-21516 | 1 Microsoft | 2 Gihub Copilot Plugin For Jetbrains Ides, Github Copilot | 2026-02-20 | 8.8 High |
| Improper neutralization of special elements used in a command ('command injection') in Github Copilot allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-21525 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-02-20 | 6.2 Medium |
| Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally. | ||||
| CVE-2026-21514 | 1 Microsoft | 6 365 Apps, Office 2021, Office 2024 and 3 more | 2026-02-20 | 7.8 High |
| Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally. | ||||
| CVE-2026-21529 | 1 Microsoft | 2 Azure Hdinsight, Azure Hdinsights | 2026-02-20 | 5.7 Medium |
| Improper neutralization of input during web page generation ('cross-site scripting') in Azure HDInsights allows an authorized attacker to perform spoofing over a network. | ||||
| CVE-2026-21537 | 1 Microsoft | 1 Defender For Endpoint | 2026-02-20 | 8.8 High |
| Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network. | ||||
| CVE-2026-21510 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-02-20 | 8.8 High |
| Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network. | ||||
| CVE-2026-21531 | 1 Microsoft | 2 Azure Ai Language Authoring, Azure Conversation Authoring Client Library | 2026-02-20 | 9.8 Critical |
| Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-21528 | 1 Microsoft | 1 Azure Iot Explorer | 2026-02-20 | 6.5 Medium |
| Binding to an unrestricted ip address in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-21527 | 1 Microsoft | 8 Exchange Server, Exchange Server 2016, Exchange Server 2019 and 5 more | 2026-02-20 | 6.5 Medium |
| User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-21535 | 1 Microsoft | 1 Teams | 2026-02-20 | 8.2 High |
| Improper access control in Microsoft Teams allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-0102 | 1 Microsoft | 1 Edge Chromium | 2026-02-20 | 3.1 Low |
| Under specific conditions, a malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent. This could result in disclosure of stored autofill data such as addresses, email, or phone number metadata. | ||||
| CVE-2026-21522 | 1 Microsoft | 3 Confcom, Confidental Containers, Microsoft Aci Confidential Containers | 2026-02-20 | 6.7 Medium |
| Improper neutralization of special elements used in a command ('command injection') in Azure Compute Gallery allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-21532 | 1 Microsoft | 1 Azure Functions | 2026-02-20 | 8.2 High |
| Azure Function Information Disclosure Vulnerability | ||||