7.8
CVE-2026-21240 - Windows HTTP.sys Elevation of Privilege Vulnerability
Time-of-check time-of-use (toctou) race condition in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.
7.5
CVE-2026-21243 - Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.
7.3
CVE-2026-21244 - Windows Hyper-V Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.
7.8
CVE-2026-21245 - Windows Kernel Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
3.3
CVE-2026-21249 - Windows NTLM Spoofing Vulnerability
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing locally.
7.8
CVE-2026-21250 - Windows HTTP.sys Elevation of Privilege Vulnerability
Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.
7.8
CVE-2026-21251 - Cluster Client Failover (CCF) Elevation of Privilege Vulnerability
Use after free in Windows Cluster Client Failover allows an authorized attacker to elevate privileges locally.
7
CVE-2026-21253 - Mailslot File System Elevation of Privilege Vulnerability
Use after free in Mailslot File System allows an authorized attacker to elevate privileges locally.
8.8
CVE-2026-21255 - Windows Hyper-V Security Feature Bypass Vulnerability
Improper access control in Windows Hyper-V allows an authorized attacker to bypass a security feature locally.
8.8
CVE-2026-21256 - GitHub Copilot and Visual Studio Remote Code Execution Vulnerability
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network.