Security Vulnerabilities - CVEs Published In February 2026
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network.
CVSS Score
8.0
EPSS Score
0.0
Published
2026-02-10
Improper input validation in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVSS Score
5.5
EPSS Score
0.001
Published
2026-02-10
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-02-10
Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.
CVSS Score
7.5
EPSS Score
0.001
Published
2026-02-10
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-02-10
Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.
CVSS Score
7.3
EPSS Score
0.001
Published
2026-02-10
Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.
CVSS Score
7.3
EPSS Score
0.004
Published
2026-02-10
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing locally.
CVSS Score
3.3
EPSS Score
0.001
Published
2026-02-10
Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.006
Published
2026-02-10
Use after free in Windows Cluster Client Failover allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-02-10