Common Vulnerabilities and Exposures (CVE)

CVE-2026-2634

Feb 27, 2026 20:55:35 UTC

Malicious scripts could cause desynchronization between the address bar and web content before a response is received in Firefox iOS, allowing attacker-controlled pages to be presented under spoofed domains. This vulnerability affects Firef...

CVE-2026-27572

Feb 27, 2026 20:55:29 UTC

Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.6, 36.0.6, 4.0.04, 41.0.4, and 42.0.0, Wasmtime's implementation of the `wasi:http/types.fields` resource is susceptible to panics when too many fields are added to the set of he...

CVE-2026-21523

Feb 27, 2026 20:55:27 UTC

Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network.

CVE-2026-21518

Feb 27, 2026 20:55:26 UTC

Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network.

CVE-2026-26119

Feb 27, 2026 20:55:26 UTC

Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

CVE-2026-20841

Feb 27, 2026 20:55:25 UTC

Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code locally.

CVE-2026-20846

Feb 27, 2026 20:55:25 UTC

Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network.

CVE-2026-21222

Feb 27, 2026 20:55:24 UTC

Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.

CVE-2026-21228

Feb 27, 2026 20:55:24 UTC

Improper certificate validation in Azure Local allows an unauthorized attacker to execute code over a network.

CVE-2026-21231

Feb 27, 2026 20:55:23 UTC

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2026-21232

Feb 27, 2026 20:55:22 UTC

Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.

CVE-2026-21237

Feb 27, 2026 20:55:22 UTC

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.

CVE-2026-21238

Feb 27, 2026 20:55:21 UTC

Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2026-21239

Feb 27, 2026 20:55:21 UTC

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2026-21241

Feb 27, 2026 20:55:20 UTC

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.