Total
333731 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-21516 | 1 Microsoft | 2 Gihub Copilot Plugin For Jetbrains Ides, Github Copilot | 2026-02-19 | 8.8 High |
| Improper neutralization of special elements used in a command ('command injection') in Github Copilot allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-21525 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-02-19 | 6.2 Medium |
| Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally. | ||||
| CVE-2026-21514 | 1 Microsoft | 6 365 Apps, Office 2021, Office 2024 and 3 more | 2026-02-19 | 7.8 High |
| Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally. | ||||
| CVE-2026-21529 | 1 Microsoft | 2 Azure Hdinsight, Azure Hdinsights | 2026-02-19 | 5.7 Medium |
| Improper neutralization of input during web page generation ('cross-site scripting') in Azure HDInsights allows an authorized attacker to perform spoofing over a network. | ||||
| CVE-2026-21537 | 1 Microsoft | 1 Defender For Endpoint | 2026-02-19 | 8.8 High |
| Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network. | ||||
| CVE-2026-21510 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-02-19 | 8.8 High |
| Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network. | ||||
| CVE-2026-21531 | 1 Microsoft | 2 Azure Ai Language Authoring, Azure Conversation Authoring Client Library | 2026-02-19 | 9.8 Critical |
| Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-21527 | 1 Microsoft | 8 Exchange Server, Exchange Server 2016, Exchange Server 2019 and 5 more | 2026-02-19 | 6.5 Medium |
| User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-0102 | 1 Microsoft | 1 Edge Chromium | 2026-02-19 | 3.1 Low |
| Under specific conditions, a malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent. This could result in disclosure of stored autofill data such as addresses, email, or phone number metadata. | ||||
| CVE-2026-21522 | 1 Microsoft | 3 Confcom, Confidental Containers, Microsoft Aci Confidential Containers | 2026-02-19 | 6.7 Medium |
| Improper neutralization of special elements used in a command ('command injection') in Azure Compute Gallery allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-21532 | 1 Microsoft | 1 Azure Functions | 2026-02-19 | 8.2 High |
| Azure Function Information Disclosure Vulnerability | ||||
| CVE-2026-24302 | 1 Microsoft | 1 Azure Arc | 2026-02-19 | 8.6 High |
| Azure Arc Elevation of Privilege Vulnerability | ||||
| CVE-2026-24300 | 1 Microsoft | 1 Azure Front Door | 2026-02-19 | 9.8 Critical |
| Azure Front Door Elevation of Privilege Vulnerability | ||||
| CVE-2026-0391 | 1 Microsoft | 1 Edge Chromium | 2026-02-19 | 6.5 Medium |
| User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-21513 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-02-19 | 8.8 High |
| Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network. | ||||
| CVE-2026-21533 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-02-19 | 7.8 High |
| Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-21229 | 1 Microsoft | 1 Power Bi Report Server | 2026-02-19 | 8 High |
| Improper input validation in Power BI allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-21523 | 1 Microsoft | 1 Visual Studio Code | 2026-02-19 | 8 High |
| Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-23655 | 1 Microsoft | 2 Confidental Containers, Microsoft Aci Confidential Containers | 2026-02-19 | 6.5 Medium |
| Cleartext storage of sensitive information in Azure Compute Gallery allows an authorized attacker to disclose information over a network. | ||||
| CVE-2026-21218 | 3 Apple, Linux, Microsoft | 4 Macos, Linux Kernel, .net and 1 more | 2026-02-19 | 7.5 High |
| Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network. | ||||