Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.3 HIGH
CVE-2026-21235 — Windows Graphics Component Elevation of Privilege Vulnerability

Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 +5 more | Memory Corruption
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
7.0 HIGH
CVE-2026-21234 — Windows Connected Devices Platform Service Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.

windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 +6 more | Race Condition
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
7.8 HIGH
CVE-2026-21232 — Windows HTTP.sys Elevation of Privilege Vulnerability

Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.

windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 windows_11_25h2 +1 more | Memory Corruption
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
7.8 HIGH
CVE-2026-21231 — Windows Kernel Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.

windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 +10 more | Race Condition
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
8.8 HIGH
CVE-2026-21229 — Power BI Remote Code Execution Vulnerability

Improper input validation in Power BI allows an authorized attacker to execute code over a network.

power_bi_report_server | Remote | Injection
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
8.1 HIGH
CVE-2026-21228 — Azure Local Remote Code Execution Vulnerability

Improper certificate validation in Azure Local allows an unauthorized attacker to execute code over a network.

azure_local | Remote | Authentication
Feb 10, 2026 Feb 25, 2026
Feb 10, 2026
Feb 25, 2026
5.5 MEDIUM
CVE-2026-21222 — Windows Kernel Information Disclosure Vulnerability

Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.

windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 +8 more | Information Disclosure
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
7.5 HIGH
CVE-2026-21218 — .NET Spoofing Vulnerability

Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network.

linux_kernel macos .net windows | Remote | Authentication
Feb 10, 2026 Feb 12, 2026
Feb 10, 2026
Feb 12, 2026
7.5 HIGH
CVE-2026-20846 — GDI+ Denial of Service Vulnerability

Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network.

windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 +10 more | Remote | Memory Corruption
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
8.8 HIGH
CVE-2026-20841 — Windows Notepad App Remote Code Execution Vulnerability

Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code locally.

window_notepad windows_notepad | Remote | Injection
Feb 10, 2026 Feb 25, 2026
Feb 10, 2026
Feb 25, 2026
6.9 MEDIUM
CVE-2026-1997 — Certain HP OfficeJet Pro Printers - Information Disclosure

Certain HP OfficeJet Pro printers may expose information if Cross‑Origin Resource Sharing (CORS) is misconfigured, potentially allowing unauthorized web origins to access device resource. CORS is di…

y0s18a_firmware y0s19a_firmware g5j38a_firmware d9l63a_firmware d9l64a_firmware t0g70a_firmware +76 more | Remote | Misconfiguration
Feb 10, 2026 Feb 12, 2026
Feb 10, 2026
Feb 12, 2026
6.9 MEDIUM
CVE-2026-1996 — Certain HP OfficeJet Pro Printers – Denial of Service

Certain HP OfficeJet Pro printers may be vulnerable to potential denial of service when the IPP requests are mishandled, failing to establish a TCP connection.

d9l18a_firmware j6x76a_firmware j6x80a_firmware k7s37a_firmware m9l65a_firmware m9l70a_firmware +28 more | Remote | Denial of Service
Feb 10, 2026 Feb 24, 2026
Feb 10, 2026
Feb 24, 2026
7.2 HIGH
CVE-2026-0653 — Insecure Access Control on TP-Link Tapo D235 and C260

On TP-Link Tapo C260 v1, a guest‑level authenticated user can bypass intended access restrictions by sending crafted requests to a synchronization endpoint. This allows modification of protected devi…

tapo_c260_firmware tapo_c260 | Remote | Authorization
Feb 10, 2026 Feb 13, 2026
Feb 10, 2026
Feb 13, 2026
8.8 HIGH
CVE-2026-0652 — Remote Code Execution on TP-Link Tapo C260 by Guest User

On TP-Link Tapo C260 v1, command injection vulnerability exists due to improper sanitization in certain POST parameters during configuration synchronization. An authenticated attacker can execute arb…

tapo_c260_firmware tapo_c260 | Remote | Injection
Feb 10, 2026 Feb 13, 2026
Feb 10, 2026
Feb 13, 2026
7.8 HIGH
CVE-2026-0651 — Path Traversal on TP-Link Tapo D235 and C260 via Local https

On TP-Link Tapo C260 v1, path traversal is possible due to improper handling of specific GET request paths via https, allowing local unauthenticated probing of filesystem paths. An attacker on the lo…

tapo_c260_firmware tapo_c260 | Path Traversal
Feb 10, 2026 Feb 13, 2026
Feb 10, 2026
Feb 13, 2026
4.3 MEDIUM
CVE-2026-25530 — Kanboard is missing authorization check in getSwimlane API allows cross-project data acce…

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, the getSwimlane API method lacks project-level authorization, allowing authenticated users to access swimlane d…

kanboard | Remote | Authorization
Feb 10, 2026 Feb 13, 2026
Feb 10, 2026
Feb 13, 2026
8.0 HIGH
CVE-2026-24885 — Kanboard Affected by Cross-Site Request Forgery (CSRF) via Content-Type Misconfiguration …

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a Cross-Site Request Forgery (CSRF) vulnerability exists in the ProjectPermissionController within the Kanboard…

kanboard | Remote | Cross-Site Request Forgery
Feb 10, 2026 Feb 13, 2026
Feb 10, 2026
Feb 13, 2026
6.7 MEDIUM
CVE-2025-36522 — Intel Chipset Software Local Privilege Escalation

Incorrect default permissions for some Intel(R) Chipset Software before version 10.1.20266.8668 or later. within Ring 3: User Applications may allow an escalation of privilege. System software advers…

| Authorization
Feb 10, 2026 Feb 10, 2026
Feb 10, 2026
Feb 10, 2026
6.7 MEDIUM
CVE-2025-36511 — Intel Memory and Storage Tool Privilege Escalation Vulnerability

Incorrect default permissions for some Intel(R) Memory and Storage Tool before version 2.5.2 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an a…

| Misconfiguration
Feb 10, 2026 Feb 10, 2026
Feb 10, 2026
Feb 10, 2026
6.7 MEDIUM
CVE-2025-35999 — Intel(R) Server Boards and Intel(R) Server Systems System Firmware Update Utility (SysFwU…

Incorrect permission assignment for critical resource for some System Firmware Update Utility (SysFwUpdt) for Intel(R) Server Boards and Intel(R) Server Systems Based before version 16.0.12. within R…

| Authorization
Feb 10, 2026 Feb 10, 2026
Feb 10, 2026
Feb 10, 2026
Showing 20 of 5090 Results