Microsoft: Security Vulnerabilities
Improper authentication in Windows Storage allows an authorized attacker to elevate privileges locally.
CVSS Score
7.0
EPSS Score
0.004
Published
2026-02-10
CVE-2026-21510
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
Known exploited
CVSS Score
8.8
EPSS Score
0.258
Published
2026-02-10
Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.
CVSS Score
7.5
EPSS Score
0.036
Published
2026-02-10
Server-side request forgery (ssrf) in Azure DevOps Server allows an authorized attacker to perform spoofing over a network.
CVSS Score
6.5
EPSS Score
0.01
Published
2026-02-10
CVE-2026-21513
Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.
Known exploited
CVSS Score
8.8
EPSS Score
0.154
Published
2026-02-10
CVE-2026-21514
Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.
Known exploited
CVSS Score
7.8
EPSS Score
0.015
Published
2026-02-10
Improper neutralization of special elements used in a command ('command injection') in Github Copilot allows an unauthorized attacker to execute code over a network.
CVSS Score
8.8
EPSS Score
0.008
Published
2026-02-10
After Effects versions 25.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS Score
5.5
EPSS Score
0.001
Published
2026-02-10
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS Score
7.8
EPSS Score
0.002
Published
2026-02-10
InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS Score
7.8
EPSS Score
0.002
Published
2026-02-10