Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.8 HIGH
CVE-2026-21518 — GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability

Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a networ…

visual_studio_code visual_studio_code_copilot_chat_extension | Remote | Injection
Feb 10, 2026 Feb 23, 2026
Feb 10, 2026
Feb 23, 2026
7.0 HIGH
CVE-2026-21517 — Windows App for Mac Installer Elevation of Privilege Vulnerability

Improper link resolution before file access ('link following') in Windows App for Mac allows an authorized attacker to elevate privileges locally.

windows_app windows_app_for_mac | Path Traversal
Feb 10, 2026 Feb 25, 2026
Feb 10, 2026
Feb 25, 2026
8.8 HIGH
CVE-2026-21516 — GitHub Copilot for Jetbrains Remote Code Execution Vulnerability

Improper neutralization of special elements used in a command ('command injection') in Github Copilot allows an unauthorized attacker to execute code over a network.

gihub_copilot_plugin_for_jetbrains_ides github_copilot | Remote | Injection
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
7.8 HIGH
CVE-2026-21514 — Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability -…

Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.

365_apps office_long_term_servicing_channel office_macos_2024 office_macos_2021 office_2024 office_2021 | CISA KEV | Authorization
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
8.8 HIGH
CVE-2026-21513 — Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability - [Actively Exploit…

Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.

windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 +10 more | CISA KEV Remote | Authentication
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
6.5 MEDIUM
CVE-2026-21512 — Azure DevOps Server Cross-Site Scripting Vulnerability

Server-side request forgery (ssrf) in Azure DevOps Server allows an authorized attacker to perform spoofing over a network.

azure_devops_server azure_devops_server_2022 | Remote | Server-Side Request Forgery
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
7.5 HIGH
CVE-2026-21511 — Microsoft Outlook Spoofing Vulnerability

Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.

office word sharepoint_server 365_apps office_long_term_servicing_channel office_macos_2024 +7 more | Remote | Information Disclosure
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
8.8 HIGH
CVE-2026-21510 — Microsoft Windows Shell Protection Mechanism Failure Vulnerability - [Actively Exploited]

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 +10 more | CISA KEV Remote | Authentication
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
7.0 HIGH
CVE-2026-21508 — Windows Storage Elevation of Privilege Vulnerability

Improper authentication in Windows Storage allows an authorized attacker to elevate privileges locally.

windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 +10 more | Authentication
Feb 10, 2026 Feb 12, 2026
Feb 10, 2026
Feb 12, 2026
5.5 MEDIUM
CVE-2026-21358 — InDesign Desktop | Heap-based Buffer Overflow (CWE-122)

InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in application denial-of-service. An attacker could exploit this vulner…

macos windows indesign | Memory Corruption
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
7.8 HIGH
CVE-2026-21357 — InDesign Desktop | Heap-based Buffer Overflow (CWE-122)

InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploit…

macos windows indesign | Memory Corruption
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
7.8 HIGH
CVE-2026-21351 — After Effects | Use After Free (CWE-416)

After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue req…

macos windows after_effects | Memory Corruption
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
5.5 MEDIUM
CVE-2026-21350 — After Effects | NULL Pointer Dereference (CWE-476)

After Effects versions 25.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to cras…

macos windows after_effects | Denial of Service
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
5.5 MEDIUM
CVE-2026-21340 — Substance3D - Designer | Out-of-bounds Read (CWE-125)

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose se…

substance_3d_designer | Memory Corruption
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
5.5 MEDIUM
CVE-2026-21339 — Substance3D - Designer | Out-of-bounds Read (CWE-125)

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose se…

substance_3d_designer | Memory Corruption
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
5.5 MEDIUM
CVE-2026-21338 — Substance3D - Designer | NULL Pointer Dereference (CWE-476)

Substance3D - Designer versions 15.1.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerabil…

substance_3d_designer | Denial of Service
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
5.5 MEDIUM
CVE-2026-21337 — Substance3D - Designer | Out-of-bounds Read (CWE-125)

Substance3D - Designer versions 15.1.0 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sens…

substance_3d_designer | Memory Corruption
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
5.5 MEDIUM
CVE-2026-21336 — Substance3D - Designer | NULL Pointer Dereference (CWE-476)

Substance3D - Designer versions 15.1.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerabil…

substance_3d_designer | Denial of Service
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
7.8 HIGH
CVE-2026-21335 — Substance3D - Designer | Out-of-bounds Write (CWE-787)

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation …

substance_3d_designer | Memory Corruption
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
7.8 HIGH
CVE-2026-21334 — Substance3D - Designer | Out-of-bounds Write (CWE-787)

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation …

substance_3d_designer | Memory Corruption
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
Showing 20 of 5090 Results