CVSS: 3.3EPSS: 0%CPEs: 20EXPL: 0CVE-2026-21249 – Windows NTLM Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2026-21249
10 Feb 2026 — External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing locally. This vulnerability allows remote attackers to disclose NTLM responses on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of searchConnector-ms files. The issue results from the lack of proper input validation. An attacker ca... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21249 • CWE-73: External Control of File Name or Path •
CVSS: 7.0EPSS: 0%CPEs: 22EXPL: 0CVE-2026-21253 – Mailslot File System Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-21253
10 Feb 2026 — Use after free in Mailslot File System allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21253 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0CVE-2026-21255 – Windows Hyper-V Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2026-21255
10 Feb 2026 — Improper access control in Windows Hyper-V allows an authorized attacker to bypass a security feature locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21255 • CWE-284: Improper Access Control •
CVSS: 7.0EPSS: 0%CPEs: 22EXPL: 0CVE-2026-21508 – Windows Storage Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-21508
10 Feb 2026 — Improper authentication in Windows Storage allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21508 • CWE-287: Improper Authentication CWE-426: Untrusted Search Path •
CVSS: 6.2EPSS: 2%CPEs: 22EXPL: 0CVE-2026-21525 – Microsoft Windows NULL Pointer Dereference Vulnerability
https://notcve.org/view.php?id=CVE-2026-21525
10 Feb 2026 — Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally. Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21525 • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 2%CPEs: 22EXPL: 0CVE-2026-21510 – Microsoft Windows Shell Protection Mechanism Failure Vulnerability
https://notcve.org/view.php?id=CVE-2026-21510
10 Feb 2026 — Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network. Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510 • CWE-693: Protection Mechanism Failure •
CVSS: 10.0EPSS: 4%CPEs: 22EXPL: 0CVE-2026-21513 – Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability
https://notcve.org/view.php?id=CVE-2026-21513
10 Feb 2026 — Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network. Microsoft MSHTML Framework contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21513 • CWE-693: Protection Mechanism Failure •
CVSS: 7.8EPSS: 1%CPEs: 22EXPL: 0CVE-2026-21533 – Microsoft Windows Improper Privilege Management Vulnerability
https://notcve.org/view.php?id=CVE-2026-21533
10 Feb 2026 — Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally. Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2026-21236 – Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-21236
10 Feb 2026 — Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21236 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.0EPSS: 0%CPEs: 15EXPL: 0CVE-2026-21234 – Windows Connected Devices Platform Service Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-21234
10 Feb 2026 — Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21234 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •