Common Vulnerabilities and Exposures (CVE)

CVE-2025-59510

Feb 13, 2026 20:45:44 UTC

Improper link resolution before file access ('link following') in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to deny service locally.

CVE-2025-59509

Feb 13, 2026 20:45:43 UTC

Insertion of sensitive information into sent data in Windows Speech allows an authorized attacker to disclose information locally.

CVE-2025-59508

Feb 13, 2026 20:45:42 UTC

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.

CVE-2025-59507

Feb 13, 2026 20:45:42 UTC

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.

CVE-2025-59506

Feb 13, 2026 20:45:41 UTC

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally.

CVE-2025-59505

Feb 13, 2026 20:45:41 UTC

Double free in Windows Smart Card allows an authorized attacker to elevate privileges locally.

CVE-2025-59504

Feb 13, 2026 20:45:40 UTC

Heap-based buffer overflow in Azure Monitor Agent allows an unauthorized attacker to execute code locally.

CVE-2025-64656

Feb 13, 2026 20:45:39 UTC

Out-of-bounds read in Application Gateway allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-21509

Feb 13, 2026 20:41:07 UTC

Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.

CVE-2026-21264

Feb 13, 2026 20:41:07 UTC

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Account allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-21521

Feb 13, 2026 20:41:06 UTC

Improper neutralization of escape, meta, or control sequences in Copilot allows an unauthorized attacker to disclose information over a network.

CVE-2026-21227

Feb 13, 2026 20:41:06 UTC

Improper limitation of a pathname to a restricted directory ('path traversal') in Azure Logic Apps allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-24307

Feb 13, 2026 20:41:05 UTC

Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to disclose information over a network.

CVE-2026-24305

Feb 13, 2026 20:41:04 UTC

Azure Entra ID Elevation of Privilege Vulnerability

CVE-2026-21524

Feb 13, 2026 20:41:04 UTC

Exposure of sensitive information to an unauthorized actor in Azure Data Explorer allows an unauthorized attacker to disclose information over a network.