CVSS: 7.0EPSS: 0%CPEs: 22EXPL: 0CVE-2026-21508 – Windows Storage Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-21508
10 Feb 2026 — Improper authentication in Windows Storage allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21508 • CWE-287: Improper Authentication CWE-426: Untrusted Search Path •
CVSS: 6.2EPSS: 9%CPEs: 22EXPL: 0CVE-2026-21525 – Microsoft Windows NULL Pointer Dereference Vulnerability
https://notcve.org/view.php?id=CVE-2026-21525
10 Feb 2026 — Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally. Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21525 • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 4%CPEs: 22EXPL: 0CVE-2026-21510 – Microsoft Windows Shell Protection Mechanism Failure Vulnerability
https://notcve.org/view.php?id=CVE-2026-21510
10 Feb 2026 — Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network. Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510 • CWE-693: Protection Mechanism Failure •
CVSS: 10.0EPSS: 31%CPEs: 22EXPL: 0CVE-2026-21513 – Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability
https://notcve.org/view.php?id=CVE-2026-21513
10 Feb 2026 — Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network. Microsoft MSHTML Framework contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21513 • CWE-693: Protection Mechanism Failure •
CVSS: 7.8EPSS: 20%CPEs: 22EXPL: 0CVE-2026-21533 – Microsoft Windows Improper Privilege Management Vulnerability
https://notcve.org/view.php?id=CVE-2026-21533
10 Feb 2026 — Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally. Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2026-21236 – Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-21236
10 Feb 2026 — Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21236 • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 17EXPL: 0CVE-2026-21235 – Windows Graphics Component Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-21235
10 Feb 2026 — Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the win32kfull driver. The issue results from the lack of validating the existence of an object prior to performing operation... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21235 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2026-21246 – Windows Graphics Component Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-21246
10 Feb 2026 — Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21246 • CWE-122: Heap-based Buffer Overflow •
CVSS: 4.6EPSS: 0%CPEs: 24EXPL: 0CVE-2026-20936 – Windows NDIS Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-20936
13 Jan 2026 — Out-of-bounds read in Windows NDIS allows an authorized attacker to disclose information with a physical attack. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20936 • CWE-125: Out-of-bounds Read •
CVSS: 8.0EPSS: 0%CPEs: 24EXPL: 0CVE-2026-20931 – Windows Telephony Service Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2026-20931
13 Jan 2026 — External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20931 • CWE-73: External Control of File Name or Path •