CVSS: 7.0EPSS: 0%CPEs: 17EXPL: 0CVE-2026-23671 – Windows Bluetooth RFCOM Protocol Driver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-23671
10 Mar 2026 — Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23671 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 21EXPL: 0CVE-2026-23669 – RPC Runtime Library Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2026-23669
10 Mar 2026 — Use after free in Windows Print Spooler Components allows an authorized attacker to execute code over a network. Use after free in RPC Runtime allows an authorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23669 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 0CVE-2026-23668 – Windows Graphics Component Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-23668
10 Mar 2026 — Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the cdd.dll driver. The issue results from the l... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23668 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2026-24285 – Win32k Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-24285
10 Mar 2026 — Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally. This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the win32kfull driver. The issue results from improper management of a reference count. An attacker can leverage this vulnerability to esca... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24285 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 0CVE-2026-25181 – GDI+ Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-25181
10 Mar 2026 — Out-of-bounds read in Windows GDI+ allows an unauthorized attacker to disclose information over a network. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. Interaction with the GDI library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of bitmap images. Crafted data in a bitmap header can trigger a read past the end of an allocated bu... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25181 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2026-24289 – Windows Kernel Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-24289
10 Mar 2026 — Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the ndis.sys driver. The issue results from the lack of validating the existence of an object prior to performing operations on the object.... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24289 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0CVE-2026-20846 – GDI+ Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2026-20846
10 Feb 2026 — Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20846 • CWE-126: Buffer Over-read •
CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 0CVE-2026-21222 – Windows Kernel Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-21222
10 Feb 2026 — Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21222 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2026-21231 – Windows Kernel Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-21231
10 Feb 2026 — Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21231 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2026-21238 – Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-21238
10 Feb 2026 — Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21238 • CWE-284: Improper Access Control •