CVSS: 3.3EPSS: 0%CPEs: 20EXPL: 0CVE-2026-21249 – Windows NTLM Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2026-21249
10 Feb 2026 — External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing locally. This vulnerability allows remote attackers to disclose NTLM responses on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of searchConnector-ms files. The issue results from the lack of proper input validation. An attacker ca... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21249 • CWE-73: External Control of File Name or Path •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2026-21251 – Cluster Client Failover (CCF) Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-21251
10 Feb 2026 — Use after free in Windows Cluster Client Failover allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21251 • CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 22EXPL: 0CVE-2026-21253 – Mailslot File System Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-21253
10 Feb 2026 — Use after free in Mailslot File System allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21253 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0CVE-2026-21255 – Windows Hyper-V Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2026-21255
10 Feb 2026 — Improper access control in Windows Hyper-V allows an authorized attacker to bypass a security feature locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21255 • CWE-284: Improper Access Control •
CVSS: 7.0EPSS: 0%CPEs: 22EXPL: 0CVE-2026-21508 – Windows Storage Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-21508
10 Feb 2026 — Improper authentication in Windows Storage allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21508 • CWE-287: Improper Authentication CWE-426: Untrusted Search Path •
CVSS: 6.2EPSS: 2%CPEs: 22EXPL: 0CVE-2026-21525 – Microsoft Windows NULL Pointer Dereference Vulnerability
https://notcve.org/view.php?id=CVE-2026-21525
10 Feb 2026 — Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally. Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21525 • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 2%CPEs: 22EXPL: 0CVE-2026-21510 – Microsoft Windows Shell Protection Mechanism Failure Vulnerability
https://notcve.org/view.php?id=CVE-2026-21510
10 Feb 2026 — Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network. Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510 • CWE-693: Protection Mechanism Failure •
CVSS: 10.0EPSS: 4%CPEs: 22EXPL: 0CVE-2026-21513 – Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability
https://notcve.org/view.php?id=CVE-2026-21513
10 Feb 2026 — Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network. Microsoft MSHTML Framework contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21513 • CWE-693: Protection Mechanism Failure •
CVSS: 7.8EPSS: 1%CPEs: 22EXPL: 0CVE-2026-21533 – Microsoft Windows Improper Privilege Management Vulnerability
https://notcve.org/view.php?id=CVE-2026-21533
10 Feb 2026 — Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally. Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2026-21236 – Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-21236
10 Feb 2026 — Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21236 • CWE-122: Heap-based Buffer Overflow •