CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2026-23667 – Broadcast DVR Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-23667
10 Mar 2026 — Use after free in Broadcast DVR allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23667 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2026-24285 – Win32k Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-24285
10 Mar 2026 — Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally. This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the win32kfull driver. The issue results from improper management of a reference count. An attacker can leverage this vulnerability to esca... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24285 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 0CVE-2026-25181 – GDI+ Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-25181
10 Mar 2026 — Out-of-bounds read in Windows GDI+ allows an unauthorized attacker to disclose information over a network. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. Interaction with the GDI library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of bitmap images. Crafted data in a bitmap header can trigger a read past the end of an allocated bu... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25181 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2026-24289 – Windows Kernel Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-24289
10 Mar 2026 — Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the ndis.sys driver. The issue results from the lack of validating the existence of an object prior to performing operations on the object.... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24289 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0CVE-2026-20846 – GDI+ Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2026-20846
10 Feb 2026 — Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20846 • CWE-126: Buffer Over-read •
CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 0CVE-2026-21222 – Windows Kernel Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-21222
10 Feb 2026 — Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21222 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2026-21231 – Windows Kernel Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-21231
10 Feb 2026 — Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21231 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2026-21232 – Windows HTTP.sys Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-21232
10 Feb 2026 — Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21232 • CWE-822: Untrusted Pointer Dereference •
CVSS: 7.0EPSS: 0%CPEs: 12EXPL: 0CVE-2026-21237 – Windows Subsystem for Linux Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-21237
10 Feb 2026 — Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21237 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2026-21238 – Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-21238
10 Feb 2026 — Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21238 • CWE-284: Improper Access Control •