NVD disclosure day
CVE-2026-21533
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
A privilege escalation vulnerability in Windows Remote Desktop allows local attackers to gain elevated system access. This can lead to unauthorized data access, modification, or system disruption, posing a significant business risk. Organizations should prioritize applying vendor updates to affected Windows systems.
CVE-2026-21525
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
A null pointer dereference in the Windows Remote Access Connection Manager allows a local attacker to cause a denial of service. This impacts various Windows versions and could disrupt service availability. Organizations should identify and mitigate affected systems to manage business risk.
CVE-2026-21519
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
A local privilege escalation vulnerability exists in the Desktop Window Manager. An authorized local attacker can exploit this type confusion flaw to gain elevated system control. This poses a risk to affected organizations by potentially enabling unauthorized access to data or actions.
CVE-2026-21514
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
A security flaw in Microsoft Office Word allows a local attacker to bypass security features. This could impact data confidentiality, integrity, and availability. The risk involves unauthorized access and data modification on affected systems.
CVE-2026-21513
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
A protection mechanism failure in the MSHTML framework allows an attacker to bypass security features over a network. This could affect data confidentiality, integrity, and system availability. Organizations should identify affected systems and apply vendor-provided fixes.
CVE-2026-21510
Halo Surface Signal: 2 out of 5 — less likely to be public-facing.
A protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network. This impacts organizations by enabling potential system compromise and data access. The realistic business risk is significant due to the exploitability and high severity rating.
CVE-2026-1603
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A vulnerability in Ivanti Endpoint Manager allows remote attackers to access stored credentials, posing a risk of data exposure and unauthorized access. Organizations using this product should prioritize applying vendor-supplied updates to mitigate business risk.
CVE-2025-11242
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A critical Server-Side Request Forgery vulnerability exists in Okulistik software, enabling attackers to trick the application into making unintended network requests. This could expose internal system information or grant access to unintended resources. The primary concern is to determine if this software is in use an