CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2026-24285 – Win32k Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-24285
10 Mar 2026 — Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally. This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the win32kfull driver. The issue results from improper management of a reference count. An attacker can leverage this vulnerability to esca... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24285 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 0CVE-2026-25181 – GDI+ Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-25181
10 Mar 2026 — Out-of-bounds read in Windows GDI+ allows an unauthorized attacker to disclose information over a network. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. Interaction with the GDI library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of bitmap images. Crafted data in a bitmap header can trigger a read past the end of an allocated bu... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25181 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2026-24289 – Windows Kernel Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-24289
10 Mar 2026 — Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the ndis.sys driver. The issue results from the lack of validating the existence of an object prior to performing operations on the object.... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24289 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0CVE-2026-20846 – GDI+ Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2026-20846
10 Feb 2026 — Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20846 • CWE-126: Buffer Over-read •
CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 0CVE-2026-21222 – Windows Kernel Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-21222
10 Feb 2026 — Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21222 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2026-21231 – Windows Kernel Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-21231
10 Feb 2026 — Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21231 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2026-21238 – Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-21238
10 Feb 2026 — Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21238 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2026-21239 – Windows Kernel Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-21239
10 Feb 2026 — Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21239 • CWE-122: Heap-based Buffer Overflow •
CVSS: 3.3EPSS: 0%CPEs: 20EXPL: 0CVE-2026-21249 – Windows NTLM Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2026-21249
10 Feb 2026 — External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing locally. This vulnerability allows remote attackers to disclose NTLM responses on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of searchConnector-ms files. The issue results from the lack of proper input validation. An attacker ca... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21249 • CWE-73: External Control of File Name or Path •
CVSS: 7.0EPSS: 0%CPEs: 22EXPL: 0CVE-2026-21253 – Mailslot File System Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-21253
10 Feb 2026 — Use after free in Mailslot File System allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21253 • CWE-416: Use After Free •