Microsoft: Security Vulnerabilities
Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code locally.
CVSS Score
7.8
EPSS Score
0.001
Published
2026-02-10
Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network.
CVSS Score
7.5
EPSS Score
0.001
Published
2026-02-10
Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-02-10
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Xerox CentreWare on Windows allows Stored XSS.This issue affects CentreWare: through 7.0.6.
Consider
upgrading Xerox® CentreWare Web® to v7.2.2.25 via the software available on Xerox.com
CVSS Score
5.3
EPSS Score
0.0
Published
2026-02-06
User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
CVSS Score
6.5
EPSS Score
0.001
Published
2026-02-05
Azure Function Information Disclosure Vulnerability
CVSS Score
8.2
EPSS Score
0.001
Published
2026-02-05
Azure Front Door Elevation of Privilege Vulnerability
CVSS Score
9.8
EPSS Score
0.001
Published
2026-02-05
Improper access control in Azure Arc allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
8.6
EPSS Score
0.001
Published
2026-02-05
Heap buffer overflow in libvpx in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS Score
8.8
EPSS Score
0.0
Published
2026-02-03
Type Confusion in V8 in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS Score
8.8
EPSS Score
0.001
Published
2026-02-03