Latest CVE Feed
-
7.5
HIGHCVE-2026-25577
Emmett is a framework designed to simplify your development process. Prior to 1.3.11, the cookies property in mmett_core.http.wrappers.Request does not handle CookieError exceptions when parsing malformed Cookie headers. This allows unauthenticated attack... Read more
Affected Products :- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Denial of Service
-
7.3
HIGHCVE-2026-24045
Docmost is open-source collaborative wiki and documentation software. From g and before 0.25.0, the public share page functionality in Docmost does not properly HTML-escape page titles before inserting them into meta tags and the title tag. This allows St... Read more
Affected Products : docmost- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2026-23655
Cleartext storage of sensitive information in Azure Compute Gallery allows an authorized attacker to disclose information over a network.... Read more
Affected Products : microsoft_aci_confidential_containers- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Information Disclosure
-
8.8
HIGHCVE-2026-21537
Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network.... Read more
Affected Products : defender_for_endpoint- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Injection
-
7.8
HIGHCVE-2026-21533
Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +5 more products- Actively Exploited
- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2026-21531
Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : azure_ai_language_authoring- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Injection
-
5.7
MEDIUMCVE-2026-21529
Improper neutralization of input during web page generation ('cross-site scripting') in Azure HDInsights allows an authorized attacker to perform spoofing over a network.... Read more
Affected Products : azure_hdinsights- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2026-21528
Binding to an unrestricted ip address in Azure IoT SDK allows an unauthorized attacker to disclose information over a network.... Read more
Affected Products :- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2026-21527
User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.... Read more
- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authentication
-
6.2
MEDIUMCVE-2026-21525
Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +5 more products- Actively Exploited
- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Denial of Service
-
8.0
HIGHCVE-2026-21523
Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network.... Read more
Affected Products : visual_studio_code- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Race Condition
-
6.7
MEDIUMCVE-2026-21522
Improper neutralization of special elements used in a command ('command injection') in Azure Compute Gallery allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : microsoft_aci_confidential_containers- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Injection
-
7.8
HIGHCVE-2026-21519
Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 windows_11_24h2 +3 more products- Actively Exploited
- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2026-21518
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network.... Read more
Affected Products : visual_studio_code- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Injection
-
7.0
HIGHCVE-2026-21517
Improper link resolution before file access ('link following') in Windows App for Mac allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_app_for_mac- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Path Traversal
-
8.8
HIGHCVE-2026-21516
Improper neutralization of special elements used in a command ('command injection') in Github Copilot allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : gihub_copilot_plugin_for_jetbrains_ides- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Injection
-
7.8
HIGHCVE-2026-21514
Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.... Read more
- Actively Exploited
- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authorization
-
8.8
HIGHCVE-2026-21513
Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +5 more products- Actively Exploited
- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2026-21512
Server-side request forgery (ssrf) in Azure DevOps Server allows an authorized attacker to perform spoofing over a network.... Read more
Affected Products : azure_devops_server_2022- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Server-Side Request Forgery
-
7.5
HIGHCVE-2026-21511
Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.... Read more
- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Information Disclosure