Total CVEs

141,249

Critical Severity

3,795

High Severity

13,708

Last 7 Days

2,221
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 11,441 - 11,460 of 13,404 CVEs
CVE-2026-21244 HIGH - 7.3

Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.

Vendor: microsoft
Product: windows_10_1607
Published: Feb 10, 2026
Source: NVD
CVE-2026-21243 HIGH - 7.5

Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.

Vendor: microsoft
Product: windows_server_2019
Published: Feb 10, 2026
Source: NVD
CVE-2026-21242 HIGH - 7.0

Use after free in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_21h2
Published: Feb 10, 2026
Source: NVD
CVE-2026-21241 HIGH - 7.0

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_11_23h2
Published: Feb 10, 2026
Source: NVD
CVE-2026-21240 HIGH - 7.8

Time-of-check time-of-use (toctou) race condition in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1809
Published: Feb 10, 2026
Source: NVD
CVE-2026-21239 HIGH - 7.8

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: Feb 10, 2026
Source: NVD
CVE-2026-21238 HIGH - 7.8

Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: Feb 10, 2026
Source: NVD
CVE-2026-21237 HIGH - 7.0

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_21h2
Published: Feb 10, 2026
Source: NVD
CVE-2026-21236 HIGH - 7.8

Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: Feb 10, 2026
Source: NVD
CVE-2026-21235 HIGH - 7.3

Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: Feb 10, 2026
Source: NVD
CVE-2026-21234 HIGH - 7.0

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1809
Published: Feb 10, 2026
Source: NVD
CVE-2026-21232 HIGH - 7.8

Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_11_23h2
Published: Feb 10, 2026
Source: NVD
CVE-2026-21231 HIGH - 7.8

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: Feb 10, 2026
Source: NVD
CVE-2026-21229 HIGH - 8.0

Improper input validation in Power BI allows an authorized attacker to execute code over a network.

Vendor: microsoft
Product: power_bi_report_server
Published: Feb 10, 2026
Source: NVD
CVE-2026-21228 HIGH - 8.1

Improper certificate validation in Azure Local allows an unauthorized attacker to execute code over a network.

Published: Feb 10, 2026
Source: NVD
CVE-2026-21218 HIGH - 7.5

Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network.

Vendor: nuget
Product: System.Security.Cryptography.Cose
Published: Feb 10, 2026
Source: NVD
CVE-2026-20846 HIGH - 7.5

Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network.

Vendor: microsoft
Product: windows_10_1607
Published: Feb 10, 2026
Source: NVD
CVE-2026-20841 HIGH - 8.8

Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network.

Published: Feb 10, 2026
Source: NVD
CVE-2026-0652 HIGH - 8.8

On TP-Link Tapo C260 v1, command injection vulnerability exists due to improper sanitization in certain POST parameters during configuration synchronization. An authenticated attacker can execute arbitrary system commands with high impact on confidentiality, integrity and availability. It may cause ...

Vendor: tp-link
Product: tapo_c260_firmware
Published: Feb 10, 2026
Source: NVD
CVE-2026-0651 HIGH - 7.8

On TP-Link Tapo C260 v1, path traversal is possible due to improper handling of specific GET request paths via https, allowing local unauthenticated probing of filesystem paths. An attacker on the local network can determine whether certain files exists on the device, with no read, write or code exe...

Vendor: tp-link
Product: tapo_c260_firmware
Published: Feb 10, 2026
Source: NVD