Security Vulnerabilities
Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network.
CVSS Score
8.0
EPSS Score
0.0
Published
2026-02-10
CVE-2026-21525
Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally.
Known exploited
CVSS Score
6.2
EPSS Score
0.028
Published
2026-02-10
Improper authentication in Windows Storage allows an authorized attacker to elevate privileges locally.
CVSS Score
7.0
EPSS Score
0.0
Published
2026-02-10
CVE-2026-21510
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
Known exploited
CVSS Score
8.8
EPSS Score
0.047
Published
2026-02-10
Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.
CVSS Score
7.5
EPSS Score
0.002
Published
2026-02-10
Server-side request forgery (ssrf) in Azure DevOps Server allows an authorized attacker to perform spoofing over a network.
CVSS Score
6.5
EPSS Score
0.001
Published
2026-02-10
CVE-2026-21513
Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.
Known exploited
CVSS Score
8.8
EPSS Score
0.03
Published
2026-02-10
CVE-2026-21514
Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.
Known exploited
CVSS Score
7.8
EPSS Score
0.02
Published
2026-02-10
Improper neutralization of special elements used in a command ('command injection') in Github Copilot allows an unauthorized attacker to execute code over a network.
CVSS Score
8.8
EPSS Score
0.0
Published
2026-02-10
Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS Score
5.5
EPSS Score
0.0
Published
2026-02-10