Microsoft: >> Windows 10 21h2 Security Vulnerabilities
Improper access control in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.
CVSS Score
5.5
EPSS Score
0.0
Published
2026-04-14
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.
CVSS Score
5.5
EPSS Score
0.001
Published
2026-04-14
Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network.
CVSS Score
4.3
EPSS Score
0.001
Published
2026-04-14
Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.
CVSS Score
5.5
EPSS Score
0.001
Published
2026-04-14
Improper privilege management in Microsoft Windows allows an authorized attacker to deny service locally.
CVSS Score
5.5
EPSS Score
0.0
Published
2026-04-14
Improper neutralization of special elements used in a command ('command injection') in Windows Snipping Tool allows an unauthorized attacker to execute code locally.
CVSS Score
7.8
EPSS Score
0.001
Published
2026-04-14
Use after free in Windows User Interface Core allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-04-14
Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate privileges locally.
CVSS Score
8.4
EPSS Score
0.0
Published
2026-04-14
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-04-14
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-04-14