Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.8 HIGH
CVE-2026-21537 — Microsoft Defender for Endpoint Linux Extension Remote Code Execution Vulnerability

Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network.

defender_for_endpoint | Injection
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
7.8 HIGH
CVE-2026-21533 — Microsoft Windows Improper Privilege Management Vulnerability - [Actively Exploited]

Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 +10 more | CISA KEV | Authorization
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
9.8 CRITICAL
CVE-2026-21531 — Azure SDK for Python Remote Code Execution Vulnerability

Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over a network.

azure_ai_language_authoring azure_conversation_authoring_client_library | Remote | Injection
Feb 10, 2026 Feb 12, 2026
Feb 10, 2026
Feb 12, 2026
5.7 MEDIUM
CVE-2026-21529 — Azure HDInsight Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Azure HDInsights allows an authorized attacker to perform spoofing over a network.

azure_hdinsights azure_hdinsight | Remote | Cross-Site Scripting
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
6.5 MEDIUM
CVE-2026-21528 — Azure IoT Explorer Information Disclosure Vulnerability

Binding to an unrestricted ip address in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.

azure_iot_explorer | Remote | Information Disclosure
Feb 10, 2026 Feb 19, 2026
Feb 10, 2026
Feb 19, 2026
6.5 MEDIUM
CVE-2026-21527 — Microsoft Exchange Server Spoofing Vulnerability

User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

exchange_server exchange_server_se exchange_server_2019 exchange_server_2016 | Remote | Authentication
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
6.2 MEDIUM
CVE-2026-21525 — Microsoft Windows NULL Pointer Dereference Vulnerability - [Actively Exploited]

Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally.

windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 +10 more | CISA KEV | Denial of Service
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
8.0 HIGH
CVE-2026-21523 — GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability

Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network.

visual_studio_code visual_studio_code_copilot_chat_extension | Remote | Race Condition
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
6.7 MEDIUM
CVE-2026-21522 — Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability

Improper neutralization of special elements used in a command ('command injection') in Azure Compute Gallery allows an authorized attacker to elevate privileges locally.

microsoft_aci_confidential_containers confcom | Injection
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
7.8 HIGH
CVE-2026-21519 — Microsoft Windows Type Confusion Vulnerability - [Actively Exploited]

Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.

windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 +8 more | CISA KEV | Memory Corruption
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
8.8 HIGH
CVE-2026-21518 — GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability

Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a networ…

visual_studio_code visual_studio_code_copilot_chat_extension | Remote | Injection
Feb 10, 2026 Feb 23, 2026
Feb 10, 2026
Feb 23, 2026
7.0 HIGH
CVE-2026-21517 — Windows App for Mac Installer Elevation of Privilege Vulnerability

Improper link resolution before file access ('link following') in Windows App for Mac allows an authorized attacker to elevate privileges locally.

windows_app windows_app_for_mac | Path Traversal
Feb 10, 2026 Feb 25, 2026
Feb 10, 2026
Feb 25, 2026
8.8 HIGH
CVE-2026-21516 — GitHub Copilot for Jetbrains Remote Code Execution Vulnerability

Improper neutralization of special elements used in a command ('command injection') in Github Copilot allows an unauthorized attacker to execute code over a network.

gihub_copilot_plugin_for_jetbrains_ides github_copilot | Remote | Injection
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
7.8 HIGH
CVE-2026-21514 — Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability -…

Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.

365_apps office_long_term_servicing_channel office_macos_2024 office_macos_2021 office_2024 office_2021 | CISA KEV | Authorization
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
8.8 HIGH
CVE-2026-21513 — Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability - [Actively Exploit…

Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.

windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 +10 more | CISA KEV Remote | Authentication
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
6.5 MEDIUM
CVE-2026-21512 — Azure DevOps Server Cross-Site Scripting Vulnerability

Server-side request forgery (ssrf) in Azure DevOps Server allows an authorized attacker to perform spoofing over a network.

azure_devops_server azure_devops_server_2022 | Remote | Server-Side Request Forgery
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
7.5 HIGH
CVE-2026-21511 — Microsoft Outlook Spoofing Vulnerability

Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.

office word sharepoint_server 365_apps office_long_term_servicing_channel office_macos_2024 +7 more | Remote | Information Disclosure
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
8.8 HIGH
CVE-2026-21510 — Microsoft Windows Shell Protection Mechanism Failure Vulnerability - [Actively Exploited]

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 +10 more | CISA KEV Remote | Authentication
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
7.0 HIGH
CVE-2026-21508 — Windows Storage Elevation of Privilege Vulnerability

Improper authentication in Windows Storage allows an authorized attacker to elevate privileges locally.

windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 +10 more | Authentication
Feb 10, 2026 Feb 12, 2026
Feb 10, 2026
Feb 12, 2026
5.5 MEDIUM
CVE-2026-21358 — InDesign Desktop | Heap-based Buffer Overflow (CWE-122)

InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in application denial-of-service. An attacker could exploit this vulner…

macos windows indesign | Memory Corruption
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
Showing 20 of 5087 Results