CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0CVE-2026-21255 – Windows Hyper-V Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2026-21255
10 Feb 2026 — Improper access control in Windows Hyper-V allows an authorized attacker to bypass a security feature locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21255 • CWE-284: Improper Access Control •
CVSS: 7.0EPSS: 0%CPEs: 22EXPL: 0CVE-2026-21508 – Windows Storage Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-21508
10 Feb 2026 — Improper authentication in Windows Storage allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21508 • CWE-287: Improper Authentication CWE-426: Untrusted Search Path •
CVSS: 6.2EPSS: 2%CPEs: 22EXPL: 0CVE-2026-21525 – Microsoft Windows NULL Pointer Dereference Vulnerability
https://notcve.org/view.php?id=CVE-2026-21525
10 Feb 2026 — Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally. Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21525 • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 2%CPEs: 22EXPL: 0CVE-2026-21510 – Microsoft Windows Shell Protection Mechanism Failure Vulnerability
https://notcve.org/view.php?id=CVE-2026-21510
10 Feb 2026 — Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network. Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510 • CWE-693: Protection Mechanism Failure •
CVSS: 10.0EPSS: 4%CPEs: 22EXPL: 0CVE-2026-21513 – Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability
https://notcve.org/view.php?id=CVE-2026-21513
10 Feb 2026 — Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network. Microsoft MSHTML Framework contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21513 • CWE-693: Protection Mechanism Failure •
CVSS: 7.8EPSS: 1%CPEs: 22EXPL: 0CVE-2026-21533 – Microsoft Windows Improper Privilege Management Vulnerability
https://notcve.org/view.php?id=CVE-2026-21533
10 Feb 2026 — Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally. Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2026-21236 – Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-21236
10 Feb 2026 — Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21236 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.0EPSS: 0%CPEs: 15EXPL: 0CVE-2026-21234 – Windows Connected Devices Platform Service Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-21234
10 Feb 2026 — Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21234 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 0%CPEs: 17EXPL: 0CVE-2026-21235 – Windows Graphics Component Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-21235
10 Feb 2026 — Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the win32kfull driver. The issue results from the lack of validating the existence of an object prior to performing operation... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21235 • CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 12EXPL: 0CVE-2026-21242 – Windows Subsystem for Linux Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-21242
10 Feb 2026 — Use after free in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21242 • CWE-416: Use After Free •