915 Total CVEs
494 AI Analyzed
42 CISA KEV
170 Critical
All Vendors
Showing 1-915 of 915 CVEs
CVE-2026-9984
Analyzed
8.8
Microsoft Chrome on

Use after free in UI in Google Chrome on Windows prior to 148

2026-05-30
CVE-2026-9945
Analyzed
8.8
Microsoft Chrome on

Use after free in Media in Google Chrome on Windows prior to 148

2026-05-30
CVE-2026-9928
Analyzed
8.8
Microsoft Chrome on

Out of bounds read in ANGLE in Google Chrome on Windows prior to 148

2026-05-30
CVE-2026-9890
Analyzed
8.3
Microsoft Chrome

Use after free in XR in Google Chrome on Windows prior to 148

2026-06-04
CVE-2026-9118
Analyzed
8.8
Microsoft Chrome on

Use after free in XR in Google Chrome on Windows prior to 148

2026-05-21
CVE-2026-9112
Analyzed
8.8
Microsoft Chrome on

Use after free in GPU in Google Chrome on Windows prior to 148

2026-05-21
CVE-2026-8797
Analyzed
8.5
Microsoft ExpressUpdate Agent for Windows

An access control deficiency vulnerability exists in ExpressUpdate Agent for Windows

2026-06-26
CVE-2026-8574
Analyzed
8.3
Microsoft Chrome on

Use after free in Core in Google Chrome on Windows prior to 148

2026-05-15
CVE-2026-8573
8.3
Microsoft Chrome on

Integer overflow in Codecs in Google Chrome on Windows prior to 148

2026-05-15
CVE-2026-8555
Analyzed
8.8
Microsoft Chrome on

Use after free in GTK in Google Chrome on Windows prior to 148

2026-05-15
CVE-2026-8542
Analyzed
8.3
Microsoft Chrome on

Use after free in Core in Google Chrome on Windows prior to 148

2026-05-15
CVE-2026-8531
Analyzed
8.8
Microsoft Chrome on

Heap buffer overflow in WebML in Google Chrome on Windows prior to 148

2026-05-15
CVE-2026-8530
Analyzed
8.3
Microsoft Chrome on

Use after free in Network in Google Chrome on Windows prior to 148

2026-05-15
CVE-2026-8519
Analyzed
8.8
Microsoft Chrome on

Integer overflow in ANGLE in Google Chrome on Windows prior to 148

2026-05-15
CVE-2026-8148
7.8
Microsoft Multiple Products

NAVER MYBOX Explorer for Windows before 3

2026-05-09
CVE-2026-8000
8.8
Microsoft Chrome on

Insufficient validation of untrusted input in ChromeDriver in Google Chrome on Windows prior to 148

2026-05-07
CVE-2026-7994
7.8
Microsoft Chrome on

Inappropriate implementation in Chromoting in Google Chrome on Windows prior to 148

2026-05-07
CVE-2026-7990
7.8
Microsoft Chrome on

Insufficient validation of untrusted input in Updater in Google Chrome on Windows prior to 148

2026-05-07
CVE-2026-7973
8.8
Microsoft Chrome on

Integer overflow in Dawn in Google Chrome on Windows prior to 148

2026-05-07
CVE-2026-7928
8.8
Microsoft Chrome on

Use after free in WebRTC in Google Chrome on Windows prior to 148

2026-05-07
CVE-2026-7925
7.8
Microsoft Chrome on

Use after free in Chromoting in Google Chrome on Windows prior to 148

2026-05-07
CVE-2026-7917
8.3
Microsoft Chrome on

Use after free in Fullscreen in Google Chrome on Windows prior to 148

2026-05-07
CVE-2026-7914
8.3
Microsoft Chrome on

Type Confusion in Accessibility in Google Chrome on Windows prior to 148

2026-05-07
CVE-2026-7911
8.3
Microsoft Chrome on

Use after free in Aura in Google Chrome on Windows prior to 148

2026-05-07
CVE-2026-7903
8.8
Microsoft Chrome on

Integer overflow in ANGLE in Google Chrome on Mac,Windows prior to 148

2026-05-07
CVE-2026-7791
7.8
Microsoft Multiple Products

Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpaces for Windows before 2

2026-05-05
CVE-2026-7461
7.2
Microsoft Multiple Products

Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on Windows before...

2026-05-01
CVE-2026-7344
Analyzed
8.8
Microsoft Chrome on

Use after free in Accessibility in Google Chrome on Windows prior to 147

2026-04-30
CVE-2026-6921
Analyzed
8.3
Microsoft Chrome on

Race in GPU in Google Chrome on Windows prior to 147

2026-04-24
CVE-2026-6359
8.8
Microsoft Chrome on

Use after free in Video in Google Chrome on Windows prior to 147

2026-04-16
CVE-2026-6311
Analyzed
8.3
Microsoft Chrome on

Uninitialized Use in Accessibility in Google Chrome on Windows prior to 147

2026-04-16
CVE-2026-58298
Analyzed
7.2
Microsoft Edge (Chromium-based)

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacke...

2026-07-05
CVE-2026-58295
Analyzed
8.3
Microsoft Edge (Chromium-based)

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security...

2026-07-04
CVE-2026-58294
Analyzed
7.5
Microsoft Edge (Chromium-based)

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network

2026-07-05
CVE-2026-58293
Analyzed
8.1
Microsoft Edge (Chromium-based)

External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network

2026-07-04
CVE-2026-58292
Analyzed
7.5
Microsoft Edge (Chromium-based)

Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network

2026-07-05
CVE-2026-58290
Analyzed
7.5
Microsoft Edge (Chromium-based)

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over...

2026-07-05
CVE-2026-58289
Analyzed
9
Microsoft Edge (Chromium-based)

A type confusion vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized remote attacker to execute arbitrary code.

2026-07-04
CVE-2026-58288
Analyzed
8.3
Microsoft Edge (Chromium-based)

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network

2026-07-04
CVE-2026-58287
Analyzed
8.3
Microsoft Edge (Chromium-based)

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network

2026-07-04
CVE-2026-58286
Analyzed
8.1
Microsoft Edge (Chromium-based)

Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network

2026-07-04
CVE-2026-58285
Analyzed
8.3
Microsoft Edge

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over...

2026-07-04
CVE-2026-58284
Analyzed
8.3
Microsoft Edge

Improper authorization in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network

2026-07-04
CVE-2026-58283
Analyzed
8.1
Microsoft Edge (Chromium-based)

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing o...

2026-07-04
CVE-2026-58282
Analyzed
8.1
Microsoft Edge (Chromium-based)

Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network

2026-07-04
CVE-2026-58276
Analyzed
7.5
Microsoft Edge (Chromium-based)

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network

2026-07-05
CVE-2026-57993
Analyzed
7.4
Microsoft Edge (Chromium-based)

Server-side request forgery (ssrf) in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network

2026-07-05
CVE-2026-57992
Analyzed
7.5
Microsoft Edge (Chromium-based)

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network

2026-07-05
CVE-2026-57991
Analyzed
7.4
Microsoft Edge (Chromium-based)

Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose informat...

2026-07-05
CVE-2026-57988
Analyzed
7.1
Microsoft Edge (Chromium-based)

Relative path traversal in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network

2026-07-05
CVE-2026-57986
Analyzed
7.5
Microsoft Edge (Chromium-based)

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network

2026-07-05
CVE-2026-57985
Analyzed
7.6
Microsoft Edge (Chromium-based)

Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network

2026-07-05
CVE-2026-57984
Analyzed
7.5
Microsoft Edge (Chromium-based)

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network

2026-07-05
CVE-2026-57983
Analyzed
8.7
Microsoft Edge

Improper authorization in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network

2026-07-04
CVE-2026-57981
Analyzed
8.8
Microsoft Edge

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network

2026-07-04
CVE-2026-57977
Analyzed
7.1
Microsoft Edge (Chromium-based)

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacke...

2026-07-05
CVE-2026-57975
Analyzed
7.5
Microsoft Edge (Chromium-based)

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over...

2026-07-05
CVE-2026-57974
Analyzed
8.8
Microsoft Edge (Chromium-based)

Integer overflow or wraparound in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network

2026-07-04
CVE-2026-57100
Analyzed
9.9
Microsoft Entra Provisioning Service

A Server-Side Request Forgery (SSRF) vulnerability in the Microsoft Entra Provisioning Service (SyncFabric) allows an authorized attacker to elevate p...

2026-07-03
CVE-2026-56645
Analyzed
8.8
Microsoft Edge

Heap-based buffer overflow in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network

2026-07-04
CVE-2026-56425
Analyzed
9.3
Microsoft AAD Authentication Plugin

The Azure Active Directory (AAD) authentication plugin for MISP contains multiple OAuth 2.0 implementation flaws, including session token leakage and...

2026-06-23
CVE-2026-54998
Analyzed
8.8
Microsoft Exchange Online

Incorrect authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network

2026-07-03
CVE-2026-54424
Analyzed
8.4
Microsoft Parsec

An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Privilege

2026-07-04
CVE-2026-54104
Analyzed
8.8
Microsoft EPDS & CBCA EDS

The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civilian Board of Contract Appeals (CBCA) Electronic Do...

2026-06-19 Patch
CVE-2026-54100
Analyzed
8.3
Microsoft OpenShift Container Platform (Windows Machine Config Operator)

A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform

2026-06-23
CVE-2026-54099
Analyzed
8.8
Microsoft OpenShift Container Platform (Windows Machine Config Operator)

A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform

2026-06-23
CVE-2026-53406
Analyzed
7.8
Microsoft Contact Center

Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for Windows before version 7

2026-06-14
CVE-2026-5277
7.5
Microsoft Chrome on

Integer overflow in ANGLE in Google Chrome on Windows prior to 146

2026-04-02
CVE-2026-50521
Analyzed
8.3
Microsoft Edge (Chromium-based)

Use after free in Microsoft Edge (Chromium-based) allows an authorized attacker to execute code over a network

2026-07-03
CVE-2026-48584
Analyzed
9.9
Microsoft Azure Synapse

An execution with unnecessary privileges vulnerability in Azure Synapse allows authenticated attackers to escalate privileges over a network.

2026-06-20
CVE-2026-48567
Analyzed
10
Microsoft Azure HorizonDB

An authentication bypass vulnerability in Azure HorizonDB allows unauthorized attackers to spoof credentials and elevate privileges over a network.

2026-06-05
CVE-2026-47653
Analyzed
8.8
Microsoft Remote Desktop Client

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network

2026-06-10
CVE-2026-47645
Analyzed
8.8
Microsoft 365 Copilot Business Chat

Url redirection to untrusted site ('open redirect') in Microsoft 365 Copilot's Business Chat allows an unauthorized attacker to elevate privileges ove...

2026-06-20
CVE-2026-47643
Analyzed
9.8
Microsoft Azure Stack Edge

Azure Stack Edge contains a path traversal vulnerability that allows unauthenticated remote attackers to execute arbitrary code over the network.

2026-06-10
CVE-2026-47635
Analyzed
8.4
Microsoft Office

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally

2026-06-12
CVE-2026-47631
Analyzed
8.1
Microsoft Exchange Server

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to p...

2026-06-16
CVE-2026-47298
Analyzed
8
Microsoft Office SharePoint

Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network

2026-06-14
CVE-2026-47291
Analyzed
9.8
Microsoft Windows HTTP.sys

An integer overflow or wraparound vulnerability in the Windows HTTP.sys driver allows unauthorized attackers to execute arbitrary code over a network.

2026-06-10
CVE-2026-47289
Analyzed
8.8
Microsoft Remote Desktop Client

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network

2026-06-10
CVE-2026-46414
Analyzed
8.8
Microsoft UFO open

Microsoft UFO open-source framework for intelligent automation across devices and platforms

2026-05-28
CVE-2026-45659
KEV Analyzed
8.8
Microsoft Office SharePoint

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network

2026-05-27
CVE-2026-45657
Analyzed
9.8
Microsoft Windows Kernel

A use-after-free vulnerability in the Windows Kernel allows unauthenticated attackers to execute arbitrary code over the network.

2026-06-10
CVE-2026-45648
Analyzed
8.8
Microsoft Active Directory Domain Services

Stack-based buffer overflow in Active Directory Domain Services allows an authorized attacker to execute code over a network

2026-06-10
CVE-2026-45641
Analyzed
8.4
Microsoft Windows Hyper-V

Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally

2026-06-12
CVE-2026-45607
Analyzed
8.4
Microsoft Windows Hyper-V

Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally

2026-06-12
CVE-2026-45584
Analyzed
8.1
Microsoft Defender allows

Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network

2026-05-21
CVE-2026-45539
Analyzed
7.4
Microsoft APM is

Microsoft APM is an open-source, community-driven dependency manager for AI agents

2026-05-17
CVE-2026-45504
Analyzed
8.8
Microsoft Exchange Server

Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network

2026-06-10
CVE-2026-45503
Analyzed
8.1
Microsoft Exchange Server

Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network

2026-06-16
CVE-2026-45499
Analyzed
9.9
Microsoft Azure OpenAI

A Server-Side Request Forgery (SSRF) vulnerability in Azure OpenAI allows an authorized attacker to escalate privileges over a network.

2026-07-03
CVE-2026-45498
KEV
9.5
Microsoft Defender

Microsoft Defender Denial of Service Vulnerability - Active in CISA KEV catalog.

2026-05-21
CVE-2026-45495
Analyzed
8.8
Microsoft Edge

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

2026-05-19
CVE-2026-45484
Analyzed
8.8
Microsoft Office SharePoint

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network

2026-06-10
CVE-2026-45480
Analyzed
10
Microsoft Azure Active Directory

An improper authentication vulnerability in Microsoft Azure Active Directory enables unauthenticated attackers to escalate privileges over a network.

2026-06-20
CVE-2026-45474
Analyzed
8.4
Microsoft Office

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally

2026-06-20
CVE-2026-45472
Analyzed
8.4
Microsoft Office

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally

2026-06-20
CVE-2026-45463
Analyzed
8.4
Microsoft Office

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally

2026-06-20
CVE-2026-45461
Analyzed
8.4
Microsoft Office

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally

2026-06-20
CVE-2026-45458
Analyzed
8.4
Microsoft Office

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally

2026-06-12
CVE-2026-45456
Analyzed
8.4
Microsoft Office

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally

2026-06-12
CVE-2026-45108
Analyzed
8.4
Microsoft Azure Entra

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune

2026-05-29
CVE-2026-45034
Analyzed
9.2
Microsoft PhpSpreadsheet

An input validation flaw in PhpSpreadsheet allows attackers to bypass wrapper protections, leading to potential Remote Code Execution (RCE) via phar d...

2026-06-23
CVE-2026-44822
Analyzed
8.2
Microsoft Office Excel

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network

2026-06-12
CVE-2026-44815
Analyzed
9.8
Microsoft Windows DHCP Client

A stack-based buffer overflow in the Windows DHCP Client allows unauthenticated remote attackers to execute code via crafted network packets.

2026-06-10
CVE-2026-44810
Analyzed
8.4
Microsoft Windows

Improper authentication in Windows Cryptographic Services allows an unauthorized attacker to elevate privileges locally

2026-06-12
CVE-2026-44641
Analyzed
7.1
Microsoft APM is

Microsoft APM is an open-source, community-driven dependency manager for AI agents

2026-05-17
CVE-2026-4452
8.8
Microsoft Chrome on

Integer overflow in ANGLE in Google Chrome on Windows prior to 146

2026-03-21
CVE-2026-44339
8.6
Microsoft system

PraisonAI is a multi-agent teams system

2026-05-09
CVE-2026-44338
7.3
Microsoft system

PraisonAI is a multi-agent teams system

2026-05-10
CVE-2026-44336
Analyzed
9.6
Microsoft system

PraisonAI's MCP server fails to sanitize file paths in tool arguments, allowing unauthenticated attackers to perform arbitrary file writes and achieve...

2026-05-09
CVE-2026-44335
Analyzed
9.8
Microsoft system

PraisonAI contains a logical flaw in its URL checking mechanism that allows unauthenticated attackers to perform Server-Side Request Forgery (SSRF) at...

2026-05-09
CVE-2026-42985
Analyzed
8.8
Microsoft Remote Desktop Client

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network

2026-06-10
CVE-2026-42898
Analyzed
9.9
Microsoft Dynamics

Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a...

2026-05-13
CVE-2026-42897
KEV Analyzed
8.1
Microsoft Exchange Server

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to p...

2026-05-16
CVE-2026-42835
Analyzed
8.1
Microsoft Teams for Android

Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Teams for Android allows an authorized...

2026-06-14
CVE-2026-42834
Analyzed
7.8
Microsoft Portal Windows

Improper link resolution before file access ('link following') in Azure Portal Windows Admin Center allows an authorized attacker to elevate privilege...

2026-05-21
CVE-2026-42833
Analyzed
9.1
Microsoft Dynamics

An execution with unnecessary privileges vulnerability in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute arbitrary code...

2026-05-13
CVE-2026-42826
Analyzed
10
Microsoft DevOps allows

An exposure of sensitive information in Azure DevOps allows an unauthenticated attacker to disclose data over a network.

2026-05-08
CVE-2026-42823
Analyzed
9.9
Microsoft Logic Apps

Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.

2026-05-13
CVE-2026-42822
Analyzed
10
Microsoft Local Disconnected

Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to perform privilege escalation over the network.

2026-05-19
CVE-2026-42151
Analyzed
7.5
Microsoft AD remote

Prometheus is an open-source monitoring system and time series database

2026-05-05
CVE-2026-41615
Analyzed
9.6
Microsoft Authenticator allows

A vulnerability in Microsoft Authenticator allows an unauthorized attacker to disclose sensitive information over the network.

2026-05-15
CVE-2026-41497
Analyzed
9.8
Microsoft system

PraisonAI fails to validate commands in parse_mcp_command(), allowing unauthenticated attackers to execute arbitrary system commands via subprocesses.

2026-05-09
CVE-2026-41496
8.1
Microsoft system

PraisonAI is a multi-agent teams system

2026-05-09
CVE-2026-41485
7.7
Microsoft Multiple Products

Kyverno is a policy engine designed for cloud native platform engineering teams

2026-04-24
CVE-2026-41405
7.5
Microsoft webhook request

OpenClaw before 2026

2026-04-29
CVE-2026-41323
8.1
Microsoft Multiple Products

Kyverno is a policy engine designed for cloud native platform engineering teams

2026-04-24
CVE-2026-41106
Analyzed
9.3
Microsoft Microsoft 365 Copilot

An open redirect vulnerability in Microsoft 365 Copilot could be leveraged by an unauthorized attacker to facilitate privilege escalation over a netwo...

2026-07-03
CVE-2026-41105
8.1
Microsoft Notification Service

Server-side request forgery (ssrf) in Azure Notification Service allows an authorized attacker to elevate privileges over a network

2026-05-08
CVE-2026-41103
Analyzed
9.1
Microsoft SSO Plugin

Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate priv...

2026-05-13
CVE-2026-41096
Analyzed
9.8
Microsoft Windows DNS

Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.

2026-05-13
CVE-2026-41094
8.8
Microsoft Data Formulator

Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network

2026-05-13
CVE-2026-41091
KEV
7.8
Microsoft Defender allows

Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally

2026-05-21
CVE-2026-41089
Analyzed
9.8
Microsoft Windows Netlogon

A stack-based buffer overflow in the Windows Netlogon service allows an unauthorized attacker to execute arbitrary code over the network.

2026-05-13
CVE-2026-41086
8.8
Microsoft Multiple Products

Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network

2026-05-13
CVE-2026-4108
7.3
Microsoft Exchange Reporter

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Non-Owner Mailbox Permission report

2026-04-05
CVE-2026-4107
7.3
Microsoft Exchange Reporter

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Folder Message Count and Size report

2026-04-05
CVE-2026-41068
7.7
Microsoft Multiple Products

Kyverno is a policy engine designed for cloud native platform engineering teams

2026-04-24
CVE-2026-40868
8.1
Microsoft Multiple Products

Kyverno is a policy engine designed for cloud native platform engineering teams

2026-04-22
CVE-2026-40420
Analyzed
8.8
Microsoft Office Click

Improper access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally

2026-05-13
CVE-2026-40415
8.1
Microsoft Multiple Products

Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network

2026-05-13
CVE-2026-40403
8.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally

2026-05-13
CVE-2026-40402
Analyzed
9.3
Microsoft Windows Hyper-V

A use-after-free vulnerability in Windows Hyper-V allows an unauthorized attacker to elevate privileges on the local system.

2026-05-13
CVE-2026-40379
Analyzed
9.3
Microsoft Entra ID

Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized attacker to perform spoofing over a network.

2026-05-13
CVE-2026-40371
Analyzed
8.8
Microsoft Dynamics 365

Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to elevate privilege...

2026-06-10
CVE-2026-40367
8.4
Microsoft Office Word

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally

2026-05-13
CVE-2026-40366
8.4
Microsoft Office Word

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally

2026-05-13
CVE-2026-40365
Analyzed
8.8
Microsoft Office SharePoint

Insufficient granularity of access control in Microsoft Office SharePoint allows an authorized attacker to execute code over a network

2026-05-13
CVE-2026-40364
8.4
Microsoft Office Word

Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally

2026-05-13
CVE-2026-40363
8.4
Microsoft Office allows

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally

2026-05-13
CVE-2026-40361
Analyzed
8.4
Microsoft Office Word

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally

2026-05-13
CVE-2026-40358
8.4
Microsoft Office allows

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally

2026-05-13
CVE-2026-40357
8.8
Microsoft Office SharePoint

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network

2026-05-13
CVE-2026-40321
8
Microsoft ecosystem

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem

2026-04-18
CVE-2026-40288
Analyzed
9.8
Microsoft system

PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the workflow engine is vulnerable to a...

2026-04-14
CVE-2026-40287
8.4
Microsoft system

PraisonAI is a multi-agent teams system

2026-04-14
CVE-2026-40158
8.6
Microsoft system

PraisonAI is a multi-agent teams system

2026-04-11
CVE-2026-40156
7.8
Microsoft system

PraisonAI is a multi-agent teams system

2026-04-11
CVE-2026-40154
Analyzed
9.3
Microsoft system

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI treats remotely fetched template files as trusted executable code without integri...

2026-04-10
CVE-2026-40150
7.7
Microsoft system

PraisonAIAgents is a multi-agent teams system

2026-04-10
CVE-2026-40149
7.9
Microsoft system

PraisonAI is a multi-agent teams system

2026-04-10
CVE-2026-40116
7.5
Microsoft system

PraisonAI is a multi-agent teams system

2026-04-11
CVE-2026-40113
8.4
Microsoft system

PraisonAI is a multi-agent teams system

2026-04-10
CVE-2026-40088
Analyzed
9.6
Microsoft system

PraisonAI is a multi-agent teams system. Prior to 4.5.121, the execute_command function and workflow shell execution are exposed to user-controlled in...

2026-04-10
CVE-2026-3991
7.8
Microsoft Data Loss

Symantec Data Loss Prevention Windows Endpoint, prior to 25

2026-03-31
CVE-2026-39891
8.8
Microsoft system

PraisonAI is a multi-agent teams system

2026-04-09
CVE-2026-39890
Analyzed
9.8
Microsoft system

PraisonAI versions prior to 4.5.115 are vulnerable to RCE via insecure YAML parsing, allowing execution of arbitrary JavaScript.

2026-04-09
CVE-2026-39889
7.5
Microsoft system

PraisonAI is a multi-agent teams system

2026-04-10
CVE-2026-39888
Analyzed
9.9
Microsoft system

PraisonAI versions prior to 1.5.115 contain a sandbox escape vulnerability in its Python code execution tool, allowing arbitrary code execution.

2026-04-09
CVE-2026-39836
7.5
Microsoft Multiple Products

The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0)

2026-05-09
CVE-2026-39355
Analyzed
9.9
Microsoft to themselves

A broken access control flaw in the Genealogy PHP application allows authenticated users to transfer ownership of arbitrary non-personal team workspac...

2026-04-08
CVE-2026-39305
Analyzed
9
Microsoft system

A Path Traversal vulnerability in the PraisonAI Action Orchestrator allows attackers to read or write arbitrary files on the host system.

2026-04-08
CVE-2026-3880
7.3
Microsoft Exchange Reporter

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Public Folder Client Permissions report

2026-04-05
CVE-2026-3879
7.3
Microsoft Exchange Reporter

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Equipment Mailbox Details report

2026-04-05
CVE-2026-3818
7.3
Microsoft Multiple Products

A flaw has been found in Tiandy Easy7 CMS Windows 7

2026-03-10
CVE-2026-35439
8.8
Microsoft Office SharePoint

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network

2026-05-13
CVE-2026-35438
Analyzed
8.3
Microsoft Multiple Products

Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network

2026-05-13
CVE-2026-35436
Analyzed
8.8
Microsoft Office Click

Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally

2026-05-13
CVE-2026-35435
8.6
Microsoft AI Foundry

Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network

2026-05-08
CVE-2026-35431
Analyzed
10
Microsoft Entra ID

A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Entra ID Entitlement Management allows unauthorized attackers to perform spoofing over...

2026-04-24
CVE-2026-35430
Analyzed
8.8
Microsoft Privileged Identity Management

Authorization bypass through user-controlled key in Azure Privileged Identity Management (PIM) allows an authorized attacker to elevate privileges ove...

2026-05-27
CVE-2026-35428
Analyzed
9.6
Microsoft Cloud Shell

A command injection vulnerability in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network.

2026-05-08
CVE-2026-34955
Analyzed
8.8
Microsoft system

PraisonAI is a multi-agent teams system

2026-04-04
CVE-2026-34954
Analyzed
8.6
Microsoft system

PraisonAI is a multi-agent teams system

2026-04-04
CVE-2026-34953
Analyzed
9.1
Microsoft system

A critical authentication bypass in PraisonAI's OAuthManager allows unauthenticated attackers to gain full access to all registered tools and agent ca...

2026-04-04
CVE-2026-34952
Analyzed
9.1
Microsoft system

PraisonAI Gateway prior to 4.5.97 lacks authentication for WebSocket and info endpoints. Attackers can enumerate AI agents and send arbitrary messages...

2026-04-04
CVE-2026-34938
Analyzed
10
Microsoft system

PraisonAI agents prior to 1.5.90 contain a sandbox bypass in the execute_code() function. Attackers can execute arbitrary OS commands on the host by b...

2026-04-04
CVE-2026-34937
Analyzed
7.8
Microsoft system

PraisonAI is a multi-agent teams system

2026-04-04
CVE-2026-34936
Analyzed
7.7
Microsoft system

PraisonAI is a multi-agent teams system

2026-04-04
CVE-2026-34935
Analyzed
9.8
Microsoft system

PraisonAI CLI versions 4.5.15 through 4.5.68 are vulnerable to OS command injection via the --mcp argument. The argument is passed to the system shell...

2026-04-04
CVE-2026-34934
Analyzed
9.8
Microsoft system

PraisonAI prior to 4.5.90 is vulnerable to SQL injection in the get_all_user_threads function. Attackers can gain full database access by injecting ma...

2026-04-04
CVE-2026-34838
Analyzed
9.9
Microsoft Group-Office

A vulnerability in the AbstractSettingsCollection model of Group-Office leads to insecure deserialization, allowing authenticated attackers to achieve...

2026-04-03
CVE-2026-34445
8.6
Microsoft Multiple Products

Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability

2026-04-02
CVE-2026-34332
8
Microsoft Multiple Products

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network

2026-05-13
CVE-2026-34329
8.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network

2026-05-13
CVE-2026-34327
8.2
Microsoft Partner Center

Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a...

2026-05-08
CVE-2026-3422
Analyzed
9.8
Microsoft U-Office Force

An insecure deserialization vulnerability in U-Office Force allows unauthenticated remote attackers to execute arbitrary code via crafted serialized c...

2026-03-02
CVE-2026-33980
8.3
Microsoft Data Explorer

Azure Data Explorer MCP Server is a Model Context Protocol (MCP) server that enables AI assistants to execute KQL queries and explore Azure Data Explo...

2026-03-28
CVE-2026-33844
Analyzed
9
Microsoft Cassandra allows

Improper input validation in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.

2026-05-08
CVE-2026-33833
8.2
Microsoft Machine Learning

Improper neutralization of special elements in output used by a downstream component ('injection') in Azure Machine Learning allows an unauthorized at...

2026-05-13
CVE-2026-33827
8.1
Microsoft Multiple Products

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execu...

2026-04-15
CVE-2026-33826
8
Microsoft Multiple Products

Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network

2026-04-15
CVE-2026-33825
KEV
9.5
Microsoft Defender

Microsoft Defender Insufficient Granularity of Access Control Vulnerability - Active in CISA KEV catalog.

2026-04-23
CVE-2026-33824
Analyzed
9.8
Microsoft Multiple Products

Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.

2026-04-15
CVE-2026-33823
Analyzed
9.6
Microsoft Teams allows

Improper authorization in Microsoft Teams permits an authorized attacker to perform unauthorized information disclosure over a network.

2026-05-08
CVE-2026-33819
Analyzed
10
Microsoft Bing allows

A deserialization vulnerability in Microsoft Bing allows an unauthorized remote attacker to execute arbitrary code via the network.

2026-04-24
CVE-2026-33755
8.8
Microsoft Multiple Products

Group-Office is an enterprise customer relationship management and groupware tool

2026-03-28
CVE-2026-33519
Analyzed
9.8
Microsoft and Kubernetes

An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly...

2026-04-22
CVE-2026-33518
Analyzed
9.8
Microsoft that allows

An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to crea...

2026-04-22
CVE-2026-33454
Analyzed
9.4
Microsoft Camel

The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter strategy used by the component (MailHeaderFilterStr...

2026-04-28
CVE-2026-33453
Analyzed
10
Microsoft Camel Camel

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Apache Camel Camel-Coap component. Apache Camel's cam...

2026-04-28
CVE-2026-33117
Analyzed
9.1
Microsoft SDK allows

Improper authentication in Azure SDK allows an unauthorized attacker to bypass a security feature over a network.

2026-05-13
CVE-2026-33115
8.4
Microsoft Office Word

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally

2026-04-15
CVE-2026-33114
8.4
Microsoft Office Word

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally

2026-04-15
CVE-2026-33112
8.8
Microsoft Office SharePoint

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network

2026-05-13
CVE-2026-33111
7.5
Microsoft Edge

Improper neutralization of special elements used in a command ('command injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker t...

2026-05-09
CVE-2026-33110
8.8
Microsoft Office SharePoint

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network

2026-05-13
CVE-2026-33109
Analyzed
9.9
Microsoft Cassandra allows

Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute arbitrary code.

2026-05-08
CVE-2026-33107
Analyzed
10
Microsoft Databricks allows

A Server-Side Request Forgery (SSRF) vulnerability in Azure Databricks allows unauthenticated attackers to elevate privileges and access internal netw...

2026-04-03
CVE-2026-33105
Analyzed
10
Microsoft Azure Kubernetes

A critical improper authorization vulnerability in Microsoft Azure Kubernetes Service allows unauthenticated attackers to elevate privileges over a ne...

2026-04-03
CVE-2026-32680
7.8
Microsoft Multiple Products

The installer of RATOC RAID Monitoring Manager for Windows allows to customize the installation folder

2026-03-26
CVE-2026-32679
7.8
Microsoft Multiple Products

The installers of LiveOn Meet Client for Windows (Downloader5Installer

2026-04-23
CVE-2026-32631
7.4
Microsoft Multiple Products

Git for Windows is the Windows port of Git

2026-04-17
CVE-2026-32225
8.8
Microsoft Multiple Products

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network

2026-04-15
CVE-2026-32221
8.4
Microsoft Graphics Component

Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code locally

2026-04-15
CVE-2026-32213
Analyzed
10
Microsoft AI Foundry

Improper authorization in Azure AI Foundry allows unauthenticated network attackers to escalate privileges, potentially compromising AI models and sen...

2026-04-03
CVE-2026-32211
Analyzed
9.1
Microsoft MCP Server

A missing authentication vulnerability in Azure MCP Server allows unauthenticated attackers to disclose sensitive information over a network.

2026-04-03
CVE-2026-32210
Analyzed
9.3
Microsoft Dynamics

A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a netwo...

2026-04-24
CVE-2026-32208
Analyzed
8.8
Microsoft Edge

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an authorized attacker...

2026-06-20
CVE-2026-32207
8.8
Microsoft Machine Learning

Improper neutralization of input during web page generation ('cross-site scripting') in Azure Machine Learning allows an unauthorized attacker to perf...

2026-05-08
CVE-2026-32202
KEV
9.5
Microsoft Windows

Microsoft Windows Protection Mechanism Failure Vulnerability - Active in CISA KEV catalog.

2026-04-29
CVE-2026-32201
KEV
9.5
Microsoft SharePoint Server

Microsoft SharePoint Server Improper Input Validation Vulnerability - Active in CISA KEV catalog.

2026-04-15
CVE-2026-32194
Analyzed
9.8
Microsoft Bing Images

A command injection vulnerability in Microsoft Bing Images allows an unauthorized attacker to execute arbitrary code via network-based requests.

2026-03-20
CVE-2026-32193
Analyzed
8.8
Microsoft Azure Kubernetes Service

Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Azure Kubernetes Service allows an authorized attacker to...

2026-06-10
CVE-2026-32191
Analyzed
9.8
Microsoft Bing Images

An OS command injection vulnerability in Microsoft Bing Images allows an unauthenticated attacker to execute arbitrary code over a network.

2026-03-20
CVE-2026-32190
8.4
Microsoft Office allows

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally

2026-04-15
CVE-2026-32173
Analyzed
8.6
Microsoft SRE Agent

Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information over a network

2026-04-03
CVE-2026-32172
8
Microsoft Power Apps

Uncontrolled search path element in Microsoft Power Apps allows an unauthorized attacker to execute code over a network

2026-04-24
CVE-2026-32171
8.8
Microsoft Logic Apps

Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network

2026-04-15
CVE-2026-32169
Analyzed
10
Microsoft Cloud Shell

A server-side request forgery (SSRF) vulnerability in Azure Cloud Shell allows an unauthenticated attacker to elevate privileges over a network.

2026-03-20
CVE-2026-32162
8.4
Microsoft Multiple Products

Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate privileges locally

2026-04-15
CVE-2026-32160
7.8
Microsoft Multiple Products

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacke...

2026-04-15
CVE-2026-32159
7.8
Microsoft Multiple Products

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacke...

2026-04-15
CVE-2026-32158
7.8
Microsoft Multiple Products

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacke...

2026-04-15
CVE-2026-32153
7.8
Microsoft Windows Speech

Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally

2026-04-15
CVE-2026-32091
8.4
Microsoft Brokering File

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an unauthorized...

2026-04-15
CVE-2026-32090
7.8
Microsoft Multiple Products

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech Brokered Api allows an authorized attack...

2026-04-15
CVE-2026-32089
7.8
Microsoft Multiple Products

Use after free in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally

2026-04-15
CVE-2026-32078
7.8
Microsoft Multiple Products

Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally

2026-04-15
CVE-2026-32077
7.8
Microsoft Multiple Products

Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally

2026-04-15
CVE-2026-32076
7.8
Microsoft Multiple Products

Out-of-bounds read in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally

2026-04-15
CVE-2026-32074
7.8
Microsoft Multiple Products

Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally

2026-04-15
CVE-2026-32069
7.8
Microsoft Multiple Products

Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally

2026-04-15
CVE-2026-31979
8.8
Microsoft Azure Entra

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune

2026-03-12
CVE-2026-31957
Analyzed
10
Microsoft Azure Entra

Himmelblau allows unauthenticated remote attackers to bypass tenant-scoped authentication when no tenant domain is configured, enabling unauthorized a...

2026-03-12
CVE-2026-31952
7.6
Microsoft Multiple Products

Xibo is an open source digital signage platform with a web content management system and Windows display player software

2026-04-24
CVE-2026-30903
Analyzed
9.6
Microsoft Workplace for

A path traversal vulnerability in the Mail feature of Zoom Workplace for Windows allows unauthenticated users to conduct an escalation of privilege vi...

2026-03-12
CVE-2026-30902
7.8
Microsoft Clients for

Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local acce...

2026-03-13
CVE-2026-30900
7.8
Microsoft Clients for

Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation...

2026-03-13
CVE-2026-30478
8.8
Microsoft Multiple Products

A Dynamic-link Library Injection vulnerability in GatewayGeo MapServer for Windows version 5 allows attackers to escalate privileges via a crafted exe...

2026-04-10
CVE-2026-30332
Analyzed
7.5
Microsoft Multiple Products

A Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability in Balena Etcher for Windows prior to v2

2026-04-03
CVE-2026-30303
Analyzed
9.8
Microsoft Axon Code

Axon Code is vulnerable to OS command injection on Windows systems because its auto-approval module incorrectly uses a Unix parser, allowing unauthent...

2026-03-28
CVE-2026-30302
Analyzed
10
Microsoft CodeRider-Kilo

CodeRider-Kilo contains an OS command injection vulnerability due to improper parsing of Windows escape sequences using a Unix-based library, allowing...

2026-03-28
CVE-2026-3000
Analyzed
9.8
Microsoft IDExpert Windows Logon Agent

IDExpert Windows Logon Agent is vulnerable to unauthenticated remote code execution via unauthorized remote DLL downloads and execution.

2026-03-02
CVE-2026-2999
Analyzed
9.8
Microsoft IDExpert Windows Logon Agent

A remote code execution vulnerability in IDExpert Windows Logon Agent allows unauthenticated attackers to force arbitrary file downloads and execution...

2026-03-02
CVE-2026-28760
7.8
Microsoft Multiple Products

The installer of RATOC RAID Monitoring Manager for Windows searches the current directory to load certain DLLs

2026-03-26
CVE-2026-28756
7.3
Microsoft Exchange Reporter

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions based on Distribution Groups report

2026-04-05
CVE-2026-28754
7.3
Microsoft Exchange Reporter

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Distribution Lists report

2026-04-05
CVE-2026-28703
7.3
Microsoft Exchange Reporter

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Mails Exchanged Between Users report

2026-04-05
CVE-2026-28500
8.6
Microsoft Multiple Products

Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability

2026-03-18
CVE-2026-28391
Analyzed
9.8
Microsoft OpenClaw

OpenClaw prior to 2026.2.2 is vulnerable to command injection because it fails to sanitize Windows cmd.exe metacharacters, allowing attackers to bypas...

2026-03-06
CVE-2026-28215
Analyzed
9.1
Microsoft OAuth application

A critical flaw in Hoppscotch allows unauthenticated attackers to overwrite infrastructure configurations via the onboarding endpoint, leading to SSO...

2026-02-27
CVE-2026-27928
8.7
Microsoft Multiple Products

Improper input validation in Windows Hello allows an unauthorized attacker to bypass a security feature over a network

2026-04-15
CVE-2026-27927
7.8
Microsoft Multiple Products

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Projected File System allows an authorized atta...

2026-04-15
CVE-2026-27920
7.8
Microsoft Multiple Products

Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally

2026-04-15
CVE-2026-27919
7.8
Microsoft Multiple Products

Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally

2026-04-15
CVE-2026-27918
7.8
Microsoft Multiple Products

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate...

2026-04-15
CVE-2026-27916
7.8
Microsoft Multiple Products

Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally

2026-04-15
CVE-2026-27915
7.8
Microsoft Multiple Products

Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally

2026-04-15
CVE-2026-27914
7.8
Microsoft Management Console

Improper access control in Microsoft Management Console allows an authorized attacker to elevate privileges locally

2026-04-15
CVE-2026-27912
8
Microsoft Multiple Products

Improper authorization in Windows Kerberos allows an authorized attacker to elevate privileges over an adjacent network

2026-04-15
CVE-2026-27911
7.8
Microsoft Multiple Products

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attack...

2026-04-15
CVE-2026-27910
7.8
Microsoft Multiple Products

Improper handling of insufficient permissions or privileges in Windows Installer allows an authorized attacker to elevate privileges locally

2026-04-15
CVE-2026-27909
7.8
Microsoft Windows Search

Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally

2026-04-15
CVE-2026-27907
7.8
Microsoft Multiple Products

Integer underflow (wrap or wraparound) in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally

2026-04-15
CVE-2026-27655
7.3
Microsoft Exchange Reporter

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions Based on Mailboxes report

2026-04-05
CVE-2026-26959
7.8
Microsoft Multiple Products

ADB Explorer is a fluent UI for ADB on Windows

2026-02-20
CVE-2026-26306
7.8
Microsoft Multiple Products

The installer for OM Workspace (Windows Edition) Ver 2

2026-03-25
CVE-2026-2628
Analyzed
9.8
Microsoft All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login (WordPress Plugin)

The All-in-One Microsoft 365 SSO Login plugin for WordPress allows unauthenticated attackers to bypass authentication and gain full administrative acc...

2026-03-03
CVE-2026-2627
Analyzed
7.8
Microsoft shared

A security flaw has been discovered in Softland FBackup up to 9

2026-02-18
CVE-2026-26208
Analyzed
7.8
Microsoft ADB Explorer

ADB Explorer is a fluent UI for ADB on Windows

2026-02-14
CVE-2026-26184
7.8
Microsoft Multiple Products

Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally

2026-04-15
CVE-2026-26183
7.8
Microsoft Multiple Products

Improper access control in Windows RPC API allows an authorized attacker to elevate privileges locally

2026-04-15
CVE-2026-26181
7.8
Microsoft Brokering File

Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally

2026-04-15
CVE-2026-26180
7.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally

2026-04-15
CVE-2026-26179
7.8
Microsoft Multiple Products

Double free in Windows Kernel allows an authorized attacker to elevate privileges locally

2026-04-15
CVE-2026-26178
8.8
Microsoft Multiple Products

Integer size truncation in Windows Advanced Rasterization Platform (WARP) allows an unauthorized attacker to elevate privileges locally

2026-04-15
CVE-2026-26176
7.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Client Side Caching driver (csc

2026-04-15
CVE-2026-26172
7.8
Microsoft Multiple Products

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacke...

2026-04-15
CVE-2026-26170
7.8
Microsoft PowerShell allows

Improper input validation in Microsoft PowerShell allows an authorized attacker to elevate privileges locally

2026-04-15
CVE-2026-26168
7.8
Microsoft Multiple Products

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an...

2026-04-15
CVE-2026-26167
8.8
Microsoft Multiple Products

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacke...

2026-04-15
CVE-2026-26163
7.8
Microsoft Multiple Products

Double free in Windows Kernel allows an authorized attacker to elevate privileges locally

2026-04-15
CVE-2026-26162
7.8
Microsoft Multiple Products

Access of resource using incompatible type ('type confusion') in Windows OLE allows an authorized attacker to elevate privileges locally

2026-04-15
CVE-2026-26161
7.8
Microsoft Multiple Products

Untrusted pointer dereference in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally

2026-04-15
CVE-2026-26160
7.8
Microsoft Multiple Products

Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally

2026-04-15
CVE-2026-26159
7.8
Microsoft Multiple Products

Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally

2026-04-15
CVE-2026-26156
7.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Hyper-V allows an unauthorized attacker to execute code locally

2026-04-15
CVE-2026-26153
7.8
Microsoft Multiple Products

Out-of-bounds read in Windows Encrypting File System (EFS) allows an authorized attacker to elevate privileges locally

2026-04-15
CVE-2026-26150
8.6
Microsoft Purview allows

Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network

2026-04-24
CVE-2026-26149
Analyzed
9
Microsoft Power Apps

Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to bypass a security feature over...

2026-04-15
CVE-2026-26148
8.1
Microsoft Entra ID

External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally

2026-03-11
CVE-2026-26143
7.8
Microsoft PowerShell allows

Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally

2026-04-15
CVE-2026-26141
7.8
Microsoft Arc allows

Improper authentication in Azure Arc allows an authorized attacker to elevate privileges locally

2026-03-11
CVE-2026-26139
8.6
Microsoft Purview allows

Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network

2026-03-20
CVE-2026-26138
8.6
Microsoft Purview allows

Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network

2026-03-20
CVE-2026-26137
Analyzed
8.9
Microsoft Multiple Products

Server-side request forgery (ssrf) in Microsoft 365 Copilot's Business Chat allows an authorized attacker to elevate privileges over a network

2026-03-20
CVE-2026-26135
Analyzed
9.6
Microsoft Custom Locations

A Server-Side Request Forgery (SSRF) in the Azure Custom Locations Resource Provider allows authenticated attackers to elevate privileges over a netwo...

2026-04-03
CVE-2026-26134
7.8
Microsoft Office allows

Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileges locally

2026-03-11
CVE-2026-26132
7.8
Microsoft Multiple Products

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally

2026-03-11
CVE-2026-26128
7.8
Microsoft Multiple Products

Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally

2026-03-11
CVE-2026-26119
Analyzed
8.8
Microsoft Windows Admin Center

Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network

2026-02-18
CVE-2026-26118
8.8
Microsoft MCP Server

Server-side request forgery (ssrf) in Azure MCP Server allows an authorized attacker to elevate privileges over a network

2026-03-11
CVE-2026-26117
7.8
Microsoft Windows Virtual

Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges lo...

2026-03-11
CVE-2026-26114
8.8
Microsoft Office SharePoint

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network

2026-03-11
CVE-2026-26113
8.4
Microsoft Office allows

Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally

2026-03-11
CVE-2026-26112
7.8
Microsoft Office Excel

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally

2026-03-11
CVE-2026-26111
8.8
Microsoft Multiple Products

Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network

2026-03-11
CVE-2026-26110
8.4
Microsoft Office allows

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally

2026-03-11
CVE-2026-26109
8.4
Microsoft Office Excel

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally

2026-03-11
CVE-2026-26108
7.8
Microsoft Office Excel

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally

2026-03-11
CVE-2026-26107
7.8
Microsoft Office Excel

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally

2026-03-11
CVE-2026-26106
8.8
Microsoft Office SharePoint

Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network

2026-03-11
CVE-2026-26105
8.1
Microsoft Office SharePoint

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to...

2026-03-11
CVE-2026-26030
Analyzed
9.9
Microsoft Semantic Kernel Python SDK

A remote code execution vulnerability exists in Microsoft’s Semantic Kernel Python SDK due to improper filtering in the `InMemoryVectorStore` componen...

2026-02-20
CVE-2026-25961
Analyzed
7.5
Microsoft SumatraPDF

SumatraPDF is a multi-format reader for Windows

2026-02-10
CVE-2026-25925
7.8
Microsoft Multiple Products

PowerDocu contains a Windows GUI executable to perform technical documentations

2026-02-10
CVE-2026-25880
Analyzed
7.8
Microsoft SumatraPDF

SumatraPDF is a multi-format reader for Windows

2026-02-10
CVE-2026-25592
Analyzed
9.9
Microsoft Semantic Kernel .NET SDK

Microsoft Semantic Kernel .NET SDK contains an arbitrary file write flaw in the SessionsPythonPlugin. Attackers can exploit DownloadFileAsync or Uploa...

2026-02-07
CVE-2026-25190
7.8
Microsoft path in

Untrusted search path in Windows GDI allows an unauthorized attacker to execute code locally

2026-03-11
CVE-2026-25189
7.8
Microsoft Multiple Products

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally

2026-03-11
CVE-2026-25188
8.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to elevate privileges over an adjacent network

2026-03-11
CVE-2026-25176
7.8
Microsoft Multiple Products

Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally

2026-03-11
CVE-2026-25175
7.8
Microsoft Multiple Products

Out-of-bounds read in Windows NTFS allows an authorized attacker to elevate privileges locally

2026-03-11
CVE-2026-25174
7.8
Microsoft Multiple Products

Out-of-bounds read in Windows Extensible File Allocation allows an authorized attacker to elevate privileges locally

2026-03-11
CVE-2026-25173
8
Microsoft Multiple Products

Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network

2026-03-11
CVE-2026-25172
8.8
Microsoft Multiple Products

Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network

2026-03-11
CVE-2026-25166
7.8
Microsoft Multiple Products

Deserialization of untrusted data in Windows System Image Manager allows an authorized attacker to execute code locally

2026-03-11
CVE-2026-25165
7.8
Microsoft Multiple Products

Null pointer dereference in Windows Performance Counters allows an authorized attacker to elevate privileges locally

2026-03-11
CVE-2026-24838
Analyzed
9.1
Microsoft Multiple Products

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, m...

2026-01-28
CVE-2026-24837
Analyzed
7.6
Microsoft Multiple Products

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem

2026-01-28
CVE-2026-24836
Analyzed
7.6
Microsoft Multiple Products

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem

2026-01-28
CVE-2026-24833
Analyzed
7.6
Microsoft Multiple Products

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem

2026-01-28
CVE-2026-24306
Analyzed
9.8
Microsoft Multiple Products

Improper access control in Azure Front Door (AFD) allows an unauthorized attacker to elevate privileges over a network.

2026-01-23
CVE-2026-24305
Analyzed
9.3
Microsoft Multiple Products

Azure Entra ID Elevation of Privilege Vulnerability

2026-01-23
CVE-2026-24304
Analyzed
9.9
Microsoft Multiple Products

Improper access control in Azure Resource Manager allows an authorized attacker to elevate privileges over a network.

2026-01-23
CVE-2026-24303
Analyzed
9.6
Microsoft Partner Center

Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.

2026-04-24
CVE-2026-24302
Analyzed
8.6
Microsoft Arc Elevation

Azure Arc Elevation of Privilege Vulnerability

2026-02-06
CVE-2026-24300
Analyzed
9.8
Microsoft Front Door

A critical elevation of privilege vulnerability in Azure Front Door allows attackers to gain unauthorized access levels. Successful exploitation could...

2026-02-06
CVE-2026-24294
7.8
Microsoft Multiple Products

Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally

2026-03-11
CVE-2026-24293
7.8
Microsoft Multiple Products

Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally

2026-03-11
CVE-2026-24291
7.8
Microsoft Multiple Products

Incorrect permission assignment for critical resource in Windows Accessibility Infrastructure (ATBroker

2026-03-11
CVE-2026-24290
7.8
Microsoft Multiple Products

Improper access control in Windows Projected File System allows an authorized attacker to elevate privileges locally

2026-03-11
CVE-2026-24289
7.8
Microsoft Multiple Products

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally

2026-03-11
CVE-2026-24287
7.8
Microsoft Multiple Products

External control of file name or path in Windows Kernel allows an authorized attacker to elevate privileges locally

2026-03-11
CVE-2026-24283
8.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows File Server allows an authorized attacker to elevate privileges locally

2026-03-11
CVE-2026-24141
7.8
Microsoft contains

NVIDIA Model Optimizer for Windows and Linux contains a vulnerability in the ONNX quantization feature, where a user could cause unsafe deserializatio...

2026-03-25
CVE-2026-24016
Analyzed
7.8
Microsoft Multiple Products

The installer of ServerView Agents for Windows provided by Fsas Technologies Inc

2026-01-21
CVE-2026-23856
7.8
Microsoft Multiple Products

Dell iDRAC Service Module (iSM) for Windows, versions prior to 6

2026-02-13
CVE-2026-23772
7.3
Microsoft Servers

Dell Storage Manager - Replay Manager for Microsoft Servers, version(s) 8

2026-04-17
CVE-2026-23673
7.8
Microsoft Multiple Products

Out-of-bounds read in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally

2026-03-11
CVE-2026-23672
7.8
Microsoft Multiple Products

Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability

2026-03-11
CVE-2026-23669
8.8
Microsoft Multiple Products

Use after free in Windows Print Spooler Components allows an authorized attacker to execute code over a network

2026-03-11
CVE-2026-23665
7.8
Microsoft Virtual Machines

Heap-based buffer overflow in Azure Linux Virtual Machines allows an authorized attacker to elevate privileges locally

2026-03-11
CVE-2026-23660
7.8
Microsoft Portal Windows

Improper access control in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally

2026-03-11
CVE-2026-23659
8.6
Microsoft Data Factory

Exposure of sensitive information to an unauthorized actor in Azure Data Factory allows an unauthorized attacker to disclose information over a networ...

2026-03-20
CVE-2026-23658
8.6
Microsoft DevOps allows

Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate privileges over a network

2026-03-20
CVE-2026-23657
7.8
Microsoft Office Word

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally

2026-04-15
CVE-2026-23512
Analyzed
8.6
Microsoft Multiple Products

SumatraPDF is a multi-format reader for Windows

2026-01-15
CVE-2026-22048
Analyzed
7.1
Microsoft Entra ID

StorageGRID (formerly StorageGRID Webscale) versions prior to 11

2026-02-18
CVE-2026-22035
Analyzed
7.7
Microsoft Multiple Products

Greenshot is an open source Windows screenshot utility

2026-01-08
CVE-2026-21672
8.8
Microsoft Backup

A vulnerability allowing local privilege escalation on Windows-based Veeam Backup & Replication servers

2026-03-13
CVE-2026-21537
Analyzed
8.8
Microsoft Defender for

Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adja...

2026-02-11
CVE-2026-21536
Analyzed
9.8
Microsoft Devices Pricing

A remote code execution vulnerability exists in the Microsoft Devices Pricing Program. An attacker could exploit this to execute arbitrary code on the...

2026-03-06
CVE-2026-21535
Analyzed
8.2
Microsoft Teams allows

Improper access control in Microsoft Teams allows an unauthorized attacker to disclose information over a network

2026-02-20
CVE-2026-21533
KEV Analyzed
7.8
Microsoft Windows Remote Desktop

Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally

2026-02-11
CVE-2026-21532
Analyzed
8.2
Microsoft Function Information

Azure Function Information Disclosure Vulnerability

2026-02-06
CVE-2026-21531
Analyzed
9.8
Microsoft SDK allows

A deserialization vulnerability in the Azure SDK allows an unauthenticated attacker to execute arbitrary code over a network by sending specially craf...

2026-02-11
CVE-2026-21525
KEV
9.5
Microsoft Windows

Microsoft Windows NULL Pointer Dereference Vulnerability - Active in CISA KEV catalog.

2026-02-11
CVE-2026-21524
Analyzed
7.4
Microsoft Multiple Products

Exposure of sensitive information to an unauthorized actor in Azure Data Explorer allows an unauthorized attacker to disclose information over a netwo...

2026-01-24
CVE-2026-21519
KEV Analyzed
7.8
Microsoft Desktop Window Manager (DWM)

Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally

2026-02-11
CVE-2026-21515
Analyzed
9.9
Microsoft IOT Central

Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network.

2026-04-25
CVE-2026-21514
KEV Analyzed
7.8
Microsoft Office Word

Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally

2026-02-11
CVE-2026-21513
KEV Analyzed
8.8
Microsoft MSHTML Framework

Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network

2026-02-11
CVE-2026-21510
KEV Analyzed
8.8
Microsoft Windows Shell

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network

2026-02-11
CVE-2026-21509
KEV Analyzed
7.8
Microsoft Multiple Products

Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally

2026-01-27
CVE-2026-21408
Analyzed
7.3
Microsoft Multiple Products

beat-access for Windows version 3

2026-01-27
CVE-2026-21264
Analyzed
9.3
Microsoft Multiple Products

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Account allows an unauthorized attacker to perform s...

2026-01-23
CVE-2026-21259
Analyzed
7.8
Microsoft Office Excel

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally

2026-02-11
CVE-2026-21255
8.8
Microsoft Multiple Products

Improper access control in Windows Hyper-V allows an authorized attacker to bypass a security feature locally

2026-02-11
CVE-2026-21251
7.8
Microsoft Multiple Products

Use after free in Windows Cluster Client Failover allows an authorized attacker to elevate privileges locally

2026-02-11
CVE-2026-21250
7.8
Microsoft Multiple Products

Untrusted pointer dereference in Windows HTTP

2026-02-11
CVE-2026-21246
Analyzed
7.8
Microsoft Graphics Component

Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally

2026-02-11
CVE-2026-21245
7.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally

2026-02-11
CVE-2026-21240
7.8
Microsoft Multiple Products

Time-of-check time-of-use (toctou) race condition in Windows HTTP

2026-02-11
CVE-2026-21239
7.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally

2026-02-11
CVE-2026-21238
7.8
Microsoft Multiple Products

Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally

2026-02-11
CVE-2026-21236
7.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally

2026-02-11
CVE-2026-21232
7.8
Microsoft Multiple Products

Untrusted pointer dereference in Windows HTTP

2026-02-11
CVE-2026-21231
7.8
Microsoft Multiple Products

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate...

2026-02-11
CVE-2026-21228
Analyzed
8.1
Microsoft Local allows

Improper certificate validation in Azure Local allows an unauthorized attacker to execute code over a network

2026-02-11
CVE-2026-21227
Analyzed
8.2
Microsoft Multiple Products

Improper limitation of a pathname to a restricted directory ('path traversal') in Azure Logic Apps allows an unauthorized attacker to elevate privileg...

2026-01-23
CVE-2026-20963
KEV Analyzed
8.8
Microsoft Multiple Products

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network

2026-01-14
CVE-2026-20960
Analyzed
8
Microsoft Multiple Products

Improper authorization in Microsoft Power Apps allows an authorized attacker to execute code over a network

2026-01-17
CVE-2026-20953
Analyzed
8.4
Microsoft Multiple Products

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally

2026-01-14
CVE-2026-20952
Analyzed
8.4
Microsoft Multiple Products

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally

2026-01-14
CVE-2026-20947
Analyzed
8.8
Microsoft Multiple Products

Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to e...

2026-01-14
CVE-2026-20944
Analyzed
8.4
Microsoft Multiple Products

Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to execute code locally

2026-01-14
CVE-2026-20931
8
Microsoft Multiple Products

External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network

2026-01-14
CVE-2026-20930
7.8
Microsoft Multiple Products

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attack...

2026-04-15
CVE-2026-20868
Analyzed
8.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network

2026-01-14
CVE-2026-20861
7.8
Microsoft Multiple Products

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attack...

2026-01-15
CVE-2026-20860
7.8
Microsoft Multiple Products

Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevat...

2026-01-15
CVE-2026-20859
7.8
Microsoft Multiple Products

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally

2026-01-15
CVE-2026-20858
7.8
Microsoft Multiple Products

Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally

2026-01-15
CVE-2026-20857
7.8
Microsoft Multiple Products

Untrusted pointer dereference in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally

2026-01-15
CVE-2026-20856
8.1
Microsoft Multiple Products

Improper input validation in Windows Server Update Service allows an unauthorized attacker to execute code over a network

2026-01-14
CVE-2026-20843
Analyzed
7.8
Microsoft Multiple Products

Improper access control in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally

2026-01-15
CVE-2026-20841
8.8
Microsoft Multiple Products

Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute...

2026-02-11
CVE-2026-20840
7.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally

2026-01-15
CVE-2026-20837
Analyzed
7.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally

2026-01-15
CVE-2026-20832
Analyzed
7.8
Microsoft Multiple Products

Windows Remote Procedure Call Interface Definition Language (IDL) Elevation of Privilege Vulnerability

2026-01-14
CVE-2026-20831
7.8
Microsoft Multiple Products

Time-of-check time-of-use (toctou) race condition in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges...

2026-01-14
CVE-2026-20826
7.8
Microsoft Multiple Products

Concurrent execution using shared resource with improper synchronization ('race condition') in Tablet Windows User Interface (TWINUI) Subsystem allows...

2026-01-14
CVE-2026-20822
Analyzed
7.8
Microsoft Multiple Products

Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally

2026-01-14
CVE-2026-20820
Analyzed
7.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally

2026-01-14
CVE-2026-20817
7.8
Microsoft Multiple Products

Improper handling of insufficient permissions or privileges in Windows Error Reporting allows an authorized attacker to elevate privileges locally

2026-01-14
CVE-2026-20816
7.8
Microsoft Multiple Products

Time-of-check time-of-use (toctou) race condition in Windows Installer allows an authorized attacker to elevate privileges locally

2026-01-14
CVE-2026-20811
7.8
Microsoft Multiple Products

Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally

2026-01-14
CVE-2026-20810
7.8
Microsoft Multiple Products

Free of memory not on the heap in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally

2026-01-14
CVE-2026-20809
7.8
Microsoft Multiple Products

Time-of-check time-of-use (toctou) race condition in Windows Kernel Memory allows an authorized attacker to elevate privileges locally

2026-01-14
CVE-2026-20805
KEV
9.5
Microsoft Windows

Microsoft Windows Information Disclosure Vulnerability - Active in CISA KEV catalog.

2026-01-14
CVE-2026-20049
Analyzed
7.7
Microsoft Secure Firewall

A vulnerability in the processing of Galois/Counter Mode (GCM)-encrypted Internet Key Exchange version 2 (IKEv2) IPsec traffic of Cisco Secure Firewal...

2026-03-05
CVE-2026-20012
Analyzed
8.6
Microsoft IOS Software

A vulnerability in the Internet Key Exchange version 2 (IKEv2) feature of Cisco IOS Software, Cisco IOS XE Software, Cisco Secure Firewall Adaptive Se...

2026-03-26
CVE-2026-14087
Analyzed
8.8
Microsoft Chrome for Windows

Heap buffer overflow in WebNN in Google Chrome on Windows prior to 150

2026-07-02
CVE-2026-13849
Analyzed
8.6
Microsoft Chrome

Insufficient validation of untrusted input in Chromoting in Google Chrome on Windows prior to 150

2026-07-02
CVE-2026-13038
Analyzed
8.8
Microsoft Chrome

Use after free in Autofill in Google Chrome on Windows prior to 149

2026-06-25
CVE-2026-12466
Analyzed
8.8
Microsoft Chrome

Heap buffer overflow in WebRTC in Google Chrome on Windows prior to 149

2026-06-18
CVE-2026-12437
Analyzed
8.3
Microsoft Chrome

Use after free in WebShare in Google Chrome on Windows prior to 149

2026-06-20
CVE-2026-12035
Analyzed
8.8
Microsoft Chrome

Use after free in Views in Google Chrome on Windows prior to 149

2026-06-13
CVE-2026-12031
Analyzed
8.3
Microsoft Chrome

Inappropriate implementation in Views in Google Chrome on Windows prior to 149

2026-06-12
CVE-2026-12029
Analyzed
8.3
Microsoft Chrome

Use after free in Video in Google Chrome on Windows prior to 149

2026-06-12
CVE-2026-12018
Analyzed
8.8
Microsoft Chrome on Windows

Inappropriate implementation in Mojo in Google Chrome on Windows prior to 149

2026-06-12
CVE-2026-12013
Analyzed
8.8
Microsoft Chrome

Use after free in Media in Google Chrome on Windows prior to 149

2026-06-12
CVE-2026-12011
Analyzed
8.3
Microsoft Chrome

Use after free in WebMIDI in Google Chrome on Windows prior to 149

2026-06-12
CVE-2026-12007
Analyzed
8.8
Microsoft Chrome

Use after free in Core in Google Chrome on Windows prior to 149

2026-06-12
CVE-2026-11680
Analyzed
8.8
Microsoft Chrome

Use after free in Media in Google Chrome on Windows prior to 149

2026-06-09
CVE-2026-11679
Analyzed
8.3
Microsoft Chrome

Use after free in Codecs in Google Chrome on Windows prior to 149

2026-06-09
CVE-2026-11648
Analyzed
8.8
Microsoft Chrome

Use after free in FullScreen in Google Chrome on Windows prior to 149

2026-06-10
CVE-2026-11147
Analyzed
8.8
Microsoft Chrome

Use after free in WebML in Google Chrome on Windows prior to 149

2026-06-05
CVE-2026-11117
Analyzed
8.8
Microsoft Chrome

Use after free in Views in Google Chrome on Windows prior to 149

2026-06-05
CVE-2026-11103
Analyzed
7.8
Microsoft Chrome

Inappropriate implementation in Installer in Google Chrome on Windows prior to 149

2026-06-08
CVE-2026-11060
Analyzed
8.8
Microsoft Chrome

Use after free in Media in Google Chrome on Windows prior to 149

2026-06-05
CVE-2026-11055
Analyzed
8.8
Microsoft Chrome

Use after free in ANGLE in Google Chrome on Windows prior to 149

2026-06-05
CVE-2026-11041
Analyzed
8.8
Microsoft Chrome

Insufficient validation of untrusted input in Media in Google Chrome on Windows prior to 149

2026-06-06
CVE-2026-10978
Analyzed
8.8
Microsoft Chrome

Use after free in Chromoting in Google Chrome on Windows prior to 149

2026-06-05
CVE-2026-10955
Analyzed
8.8
Microsoft Chrome

Type Confusion in ANGLE in Google Chrome on Windows prior to 149

2026-06-06
CVE-2026-10940
Analyzed
8.3
Microsoft Chrome for Windows

Race in Codecs in Google Chrome on Windows prior to 149

2026-06-09
CVE-2026-10914
Analyzed
8.8
Microsoft Chrome

Use after free in ANGLE in Google Chrome on Windows prior to 149

2026-06-05
CVE-2026-10913
Analyzed
8.8
Microsoft Chrome

Use after free in ANGLE in Google Chrome on Windows prior to 149

2026-06-05
CVE-2026-10745
Analyzed
7.9
Microsoft Instant Privilege Access

Improper output neutralization for logs vulnerability in upKeeper Solutions upKeeper Instant Privilege Access on Windows allows Log Injection-Tamperin...

2026-06-24
CVE-2026-10000
Analyzed
8.3
Microsoft Chrome

Use after free in Passwords in Google Chrome on Windows prior to 148

2026-06-04
CVE-2025-9844
Analyzed
8.8
Microsoft Multiple Products

Uncontrolled Search Path Element vulnerability in Salesforce Salesforce CLI on Windows allows Replace Trusted Executable

2025-09-23
CVE-2025-9491
Analyzed
7
Microsoft Multiple Products

Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability

2025-08-26
CVE-2025-9142
Analyzed
7.5
Microsoft Multiple Products

A local user can trigger Harmony SASE Windows client to write or delete files outside the intended certificate working directory

2026-01-16
CVE-2025-8069
Analyzed
7.8
Microsoft Multiple Products

During the AWS Client VPN client installation on Windows devices, the install process references the C:\usr\local\windows-x86_64-openssl-localbuild\ss...

2025-07-23
CVE-2025-7619
Analyzed
8.8
Microsoft Multiple Products

BatchSignCS, a background Windows application developed by WellChoose, has an Arbitrary File Write vulnerability

2025-07-14
CVE-2025-7472
Analyzed
7.5
Microsoft Multiple Products

A local privilege escalation vulnerability in the Intercept X for Windows installer prior version 1

2025-07-17
CVE-2025-7433
Analyzed
8.8
Microsoft Multiple Products

A local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device Encryption 2025

2025-07-17
CVE-2025-71316
Analyzed
9.8
Microsoft Windows

A command-line injection vulnerability in the Windows sqldiff.exe utility allows attackers to load arbitrary DLLs via crafted command-line arguments.

2026-06-05
CVE-2025-7008
Analyzed
7.8
Microsoft Avast Antivirus

Heap buffer out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed Windows PE file with

2026-06-14
CVE-2025-7007
Analyzed
7.5
Microsoft Multiple Products

NULL Pointer Dereference vulnerability in Avast Antivirus on MacOS, Avast Anitvirus on Linux when scanning a malformed Windows PE file causes the anti...

2025-12-02
CVE-2025-7004
Analyzed
7.8
Microsoft Avast Antivirus

Heap buffer out-of-bounds write vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Local Execution of Code or Denial...

2026-06-14
CVE-2025-69627
8.4
Microsoft Multiple Products

Nitro PDF Pro for Windows 14

2026-04-15
CVE-2025-69624
7.5
Microsoft Multiple Products

Nitro PDF Pro for Windows 14

2026-04-14
CVE-2025-68623
8.8
Microsoft DirectX End

In Microsoft DirectX End-User Runtime Web Installer 9

2026-03-12
CVE-2025-67781
Analyzed
9.9
Microsoft Multiple Products

An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Local unprivileged users can manipulate privilege...

2025-12-18
CVE-2025-67506
Analyzed
9.8
Microsoft Multiple Products

PipesHub is a fully extensible workplace AI platform for enterprise search and workflow automation. Versions prior to 0.1.0-beta expose POST /api/v1/r...

2025-12-11
CVE-2025-67460
Analyzed
7.8
Microsoft Multiple Products

Protection Mechanism Failure of Software Downgrade in Zoom Rooms for Windows before 6

2025-12-11
CVE-2025-66769
7.5
Microsoft Multiple Products

A NULL pointer dereference in Nitro PDF Pro for Windows v14

2026-04-14
CVE-2025-66495
Analyzed
7.8
Microsoft Multiple Products

A use-after-free vulnerability exists in the annotation handling of Foxit PDF Reader before 2025

2025-12-20
CVE-2025-65115
8.8
Microsoft Multiple Products

Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows,...

2026-04-07
CVE-2025-65041
Analyzed
10
Microsoft Multiple Products

Improper authorization in Microsoft Partner Center allows an unauthorized attacker to elevate privileges over a network.

2025-12-19
CVE-2025-65037
Analyzed
10
Microsoft Multiple Products

Improper control of generation of code ('code injection') in Azure Container Apps allows an unauthorized attacker to execute code over a network.

2025-12-19
CVE-2025-64740
Analyzed
7.5
Microsoft Multiple Products

Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct...

2025-11-14
CVE-2025-64695
Analyzed
7.8
Microsoft Multiple Products

Uncontrolled search path element issue exists in the installer of LogStare Collector (for Windows)

2025-11-22
CVE-2025-64693
Analyzed
9.8
Microsoft Multiple Products

Security Point (Windows) of MaLion and MaLionCloud contains a heap-based buffer overflow vulnerability in processing Content-Length. Receiving a speci...

2025-11-26
CVE-2025-64680
7.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally

2025-12-11
CVE-2025-64679
7.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally

2025-12-11
CVE-2025-64678
Analyzed
8.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network

2025-12-10
CVE-2025-64677
Analyzed
8.2
Microsoft Multiple Products

Improper neutralization of input during web page generation ('cross-site scripting') in Office Out-of-Box Experience allows an unauthorized attacker t...

2025-12-19
CVE-2025-64675
Analyzed
8.3
Microsoft Multiple Products

Improper neutralization of input during web page generation ('cross-site scripting') in Azure Cosmos DB allows an unauthorized attacker to perform spo...

2025-12-19
CVE-2025-64672
8.8
Microsoft Multiple Products

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to p...

2025-12-10
CVE-2025-64669
Analyzed
7.8
Microsoft Multiple Products

Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges locally

2025-12-12
CVE-2025-64661
7.8
Microsoft Multiple Products

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate...

2025-12-10
CVE-2025-64657
Analyzed
9.8
Microsoft Multiple Products

Stack-based buffer overflow in Azure Application Gateway allows an unauthorized attacker to elevate privileges over a network.

2025-11-27
CVE-2025-64405
7.5
Microsoft Multiple Products

Apache OpenOffice documents can contain links

2025-11-14
CVE-2025-64404
7.5
Microsoft Multiple Products

Apache OpenOffice documents can contain links to other files

2025-11-14
CVE-2025-64403
Analyzed
8.1
Microsoft Multiple Products

Apache OpenOffice Calc spreadsheet can contain links to other files, in the form of "external data sources"

2025-11-13
CVE-2025-64401
7.5
Microsoft Multiple Products

Apache OpenOffice documents can contain links

2025-11-14
CVE-2025-64140
Analyzed
8.8
Microsoft Multiple Products

Jenkins Azure CLI Plugin 0

2025-10-29
CVE-2025-64095
Analyzed
10
Microsoft Multiple Products

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor...

2025-10-28
CVE-2025-63680
Analyzed
8.6
Microsoft Multiple Products

Nero BackItUp in the Nero Productline is vulnerable to a path parsing/UI rendering flaw (CWE-22) that, in combination with Windows ShellExecuteW fallb...

2025-11-15
CVE-2025-63406
Analyzed
8.8
Microsoft Multiple Products

An issue in Intermesh BV GroupOffice vulnerable before v

2025-11-15
CVE-2025-62931
Analyzed
8.8
Microsoft Multiple Products

Missing Authorization vulnerability in microsoftstart MSN Partner Hub microsoft-start allows Exploiting Incorrectly Configured Access Control Security...

2025-10-28
CVE-2025-62776
Analyzed
7.8
Microsoft Multiple Products

The installer of WTW EAGLE (for Windows) 3

2025-10-29
CVE-2025-62691
Analyzed
9.8
Microsoft Multiple Products

Security Point (Windows) of MaLion and MaLionCloud contains a stack-based buffer overflow vulnerability in processing HTTP headers. Receiving a specia...

2025-11-26
CVE-2025-62571
7.8
Microsoft Multiple Products

Improper input validation in Windows Installer allows an authorized attacker to elevate privileges locally

2025-12-10
CVE-2025-62564
7.8
Microsoft Multiple Products

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally

2025-12-10
CVE-2025-62563
7.8
Microsoft Multiple Products

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally

2025-12-10
CVE-2025-62562
Analyzed
7.8
Microsoft Multiple Products

Use after free in Microsoft Office Outlook allows an unauthorized attacker to execute code locally

2025-12-10
CVE-2025-62561
7.8
Microsoft Multiple Products

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally

2025-12-10
CVE-2025-62560
7.8
Microsoft Multiple Products

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally

2025-12-10
CVE-2025-62559
Analyzed
7.8
Microsoft Multiple Products

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally

2025-12-10
CVE-2025-62558
Analyzed
7.8
Microsoft Multiple Products

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally

2025-12-10
CVE-2025-62557
Analyzed
8.4
Microsoft Multiple Products

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally

2025-12-10
CVE-2025-62556
7.8
Microsoft Multiple Products

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally

2025-12-10
CVE-2025-62554
8.4
Microsoft Multiple Products

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally

2025-12-10
CVE-2025-62553
Analyzed
7.8
Microsoft Multiple Products

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally

2025-12-10
CVE-2025-62552
7.8
Microsoft Multiple Products

Relative path traversal in Microsoft Office Access allows an unauthorized attacker to execute code locally

2025-12-10
CVE-2025-62550
8.8
Microsoft Multiple Products

Out-of-bounds write in Azure Monitor Agent allows an authorized attacker to execute code over a network

2025-12-10
CVE-2025-62549
Analyzed
8.8
Microsoft Multiple Products

Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network

2025-12-10
CVE-2025-62474
Analyzed
7.8
Microsoft Multiple Products

Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally

2025-12-10
CVE-2025-62472
Analyzed
7.8
Microsoft Multiple Products

Use of uninitialized resource in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally

2025-12-10
CVE-2025-62470
Analyzed
7.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally

2025-12-10
CVE-2025-62467
7.8
Microsoft Multiple Products

Integer overflow or wraparound in Windows Projected File System allows an authorized attacker to elevate privileges locally

2025-12-10
CVE-2025-62466
7.8
Microsoft Multiple Products

Null pointer dereference in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally

2025-12-10
CVE-2025-62464
7.8
Microsoft Multiple Products

Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally

2025-12-10
CVE-2025-62462
7.8
Microsoft Multiple Products

Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally

2025-12-10
CVE-2025-62461
7.8
Microsoft Multiple Products

Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally

2025-12-10
CVE-2025-62459
Analyzed
8.3
Microsoft Multiple Products

Microsoft Defender Portal Spoofing Vulnerability

2025-11-20
CVE-2025-62458
Analyzed
7.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally

2025-12-10
CVE-2025-62457
7.8
Microsoft Multiple Products

Out-of-bounds read in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally

2025-12-10
CVE-2025-62456
Analyzed
8.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an authorized attacker to execute code over a network

2025-12-10
CVE-2025-62455
7.8
Microsoft Multiple Products

Improper input validation in Windows Message Queuing allows an authorized attacker to elevate privileges locally

2025-12-10
CVE-2025-62454
Analyzed
7.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally

2025-12-10
CVE-2025-62452
Analyzed
8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network

2025-11-13
CVE-2025-62221
KEV Analyzed
7.8
Microsoft Multiple Products

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally

2025-12-10
CVE-2025-62220
Analyzed
8.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Subsystem for Linux GUI allows an unauthorized attacker to execute code over a network

2025-11-13
CVE-2025-62216
7.8
Microsoft Multiple Products

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally

2025-11-13
CVE-2025-62215
KEV
9.5
Microsoft Windows

Microsoft Windows Race Condition Vulnerability - Active in CISA KEV catalog.

2025-11-13
CVE-2025-62207
Analyzed
8.6
Microsoft Multiple Products

Azure Monitor Elevation of Privilege Vulnerability

2025-11-20
CVE-2025-62205
7.8
Microsoft Multiple Products

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally

2025-11-13
CVE-2025-62204
Analyzed
8
Microsoft Multiple Products

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network

2025-11-13
CVE-2025-62203
Analyzed
7.8
Microsoft Multiple Products

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally

2025-11-13
CVE-2025-62201
Analyzed
7.8
Microsoft Multiple Products

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally

2025-11-13
CVE-2025-62200
7.8
Microsoft Multiple Products

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally

2025-11-13
CVE-2025-62199
Analyzed
7.8
Microsoft Multiple Products

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally

2025-11-13
CVE-2025-61973
Analyzed
8.8
Microsoft Multiple Products

A local privilege escalation vulnerability exists during the installation of Epic Games Store via the Microsoft Store

2026-01-16
CVE-2025-61582
Analyzed
7.5
Microsoft Multiple Products

TS3 Manager is modern web interface for maintaining Teamspeak3 servers

2025-10-02
CVE-2025-61303
Analyzed
9.8
Microsoft Multiple Products

Hatching Triage Sandbox Windows 10 build 2004 (2025-08-14) and Windows 10 LTSC 2021(2025-08-14) contains a vulnerability in its Windows behavioral ana...

2025-10-21
CVE-2025-60727
7.8
Microsoft Multiple Products

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally

2025-11-13
CVE-2025-60721
7.8
Microsoft Multiple Products

Privilege context switching error in Windows Administrator Protection allows an authorized attacker to elevate privileges locally

2025-11-13
CVE-2025-60720
7.8
Microsoft Multiple Products

Buffer over-read in Windows TDX

2025-11-13
CVE-2025-60718
7.8
Microsoft Multiple Products

Untrusted search path in Windows Administrator Protection allows an authorized attacker to elevate privileges locally

2025-11-13
CVE-2025-60715
Analyzed
8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network

2025-11-13
CVE-2025-60714
Analyzed
7.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows OLE allows an unauthorized attacker to execute code locally

2025-11-13
CVE-2025-60713
Analyzed
7.8
Microsoft Multiple Products

Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally

2025-11-13
CVE-2025-60710
KEV
7.8
Microsoft Multiple Products

Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges l...

2025-11-13
CVE-2025-60709
7.8
Microsoft Multiple Products

Out-of-bounds read in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally

2025-11-13
CVE-2025-60705
7.8
Microsoft Multiple Products

Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally

2025-11-13
CVE-2025-60703
Analyzed
7.8
Microsoft Multiple Products

Untrusted pointer dereference in Windows Remote Desktop allows an authorized attacker to elevate privileges locally

2025-11-13
CVE-2025-59775
Analyzed
7.5
Microsoft Multiple Products

Server-Side Request Forgery (SSRF) vulnerability  in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off  allows to pot...

2025-12-06
CVE-2025-59711
Analyzed
8.3
Microsoft BizTalk360

An issue was discovered in Biztalk360 before 11

2026-04-04
CVE-2025-59545
Analyzed
9
Microsoft Multiple Products

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, the Prompt modu...

2025-09-23
CVE-2025-59517
7.8
Microsoft Multiple Products

Improper access control in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally

2025-12-10
CVE-2025-59516
7.8
Microsoft Multiple Products

Missing authentication for critical function in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally

2025-12-10
CVE-2025-59514
7.8
Microsoft Multiple Products

Improper privilege management in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally

2025-11-13
CVE-2025-59511
7.8
Microsoft Multiple Products

External control of file name or path in Windows WLAN Service allows an authorized attacker to elevate privileges locally

2025-11-13
CVE-2025-59505
7.8
Microsoft Multiple Products

Double free in Windows Smart Card allows an authorized attacker to elevate privileges locally

2025-11-13
CVE-2025-59503
Analyzed
9.9
Microsoft Multiple Products

Server-side request forgery (ssrf) in Azure Compute Gallery allows an authorized attacker to elevate privileges over a network.

2025-10-23
CVE-2025-59500
Analyzed
7.7
Microsoft Multiple Products

Improper access control in Azure Notification Service allows an authorized attacker to elevate privileges over a network

2025-10-23
CVE-2025-59292
8.2
Microsoft Multiple Products

External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally

2025-10-14
CVE-2025-59291
8.2
Microsoft Multiple Products

External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally

2025-10-14
CVE-2025-59287
KEV Analyzed
9.8
Microsoft Multiple Products

Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

2025-10-14
CVE-2025-59278
7.8
Microsoft Multiple Products

Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally

2025-10-15
CVE-2025-59277
7.8
Microsoft Multiple Products

Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally

2025-10-14
CVE-2025-59275
7.8
Microsoft Multiple Products

Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally

2025-10-14
CVE-2025-59273
Analyzed
7.3
Microsoft Multiple Products

Improper access control in Azure Event Grid allows an unauthorized attacker to elevate privileges over a network

2025-10-23
CVE-2025-59255
7.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally

2025-10-14
CVE-2025-59254
7.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally

2025-10-14
CVE-2025-59251
Analyzed
7.6
Microsoft Multiple Products

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

2025-09-24
CVE-2025-59249
Analyzed
8.8
Microsoft Multiple Products

Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network

2025-10-14
CVE-2025-59247
Analyzed
8.8
Microsoft Multiple Products

Azure PlayFab Elevation of Privilege Vulnerability

2025-10-09
CVE-2025-59246
Analyzed
9.8
Microsoft Multiple Products

Azure Entra ID Elevation of Privilege Vulnerability

2025-10-09
CVE-2025-59245
Analyzed
9.8
Microsoft Multiple Products

Microsoft SharePoint Online Elevation of Privilege Vulnerability

2025-11-20
CVE-2025-59243
7.8
Microsoft Multiple Products

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally

2025-10-14
CVE-2025-59242
7.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally

2025-10-14
CVE-2025-59241
7.8
Microsoft Multiple Products

Improper link resolution before file access ('link following') in Windows Health and Optimized Experiences Service allows an authorized attacker to el...

2025-10-14
CVE-2025-59238
7.8
Microsoft Multiple Products

Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally

2025-10-14
CVE-2025-59237
Analyzed
8.8
Microsoft Multiple Products

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network

2025-10-14
CVE-2025-59236
Analyzed
8.4
Microsoft Multiple Products

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally

2025-10-14
CVE-2025-59234
7.8
Microsoft Multiple Products

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally

2025-10-14
CVE-2025-59233
7.8
Microsoft Multiple Products

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally

2025-10-14
CVE-2025-59231
7.8
Microsoft Multiple Products

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally

2025-10-14
CVE-2025-59230
KEV Analyzed
7.8
Microsoft Multiple Products

Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally

2025-10-14
CVE-2025-59228
8.8
Microsoft Multiple Products

Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network

2025-10-14
CVE-2025-59227
7.8
Microsoft Multiple Products

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally

2025-10-14
CVE-2025-59226
Analyzed
7.8
Microsoft Multiple Products

Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally

2025-10-14
CVE-2025-59225
Analyzed
7.8
Microsoft Multiple Products

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally

2025-10-14
CVE-2025-59224
Analyzed
7.8
Microsoft Multiple Products

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally

2025-10-14
CVE-2025-59223
Analyzed
7.8
Microsoft Multiple Products

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally

2025-10-14
CVE-2025-59222
Analyzed
7.8
Microsoft Multiple Products

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally

2025-10-14
CVE-2025-59220
Analyzed
7
Microsoft Multiple Products

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth Service allows an authorized attacker...

2025-09-18
CVE-2025-59218
Analyzed
9.6
Microsoft Multiple Products

Azure Entra ID Elevation of Privilege Vulnerability

2025-10-09
CVE-2025-59216
Analyzed
7
Microsoft Multiple Products

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attac...

2025-09-18
CVE-2025-59215
Analyzed
7
Microsoft Multiple Products

Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally

2025-09-18
CVE-2025-59213
Analyzed
8.4
Microsoft Multiple Products

Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an unauthorized attacke...

2025-10-14
CVE-2025-59207
7.8
Microsoft Multiple Products

Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally

2025-10-14
CVE-2025-59187
7.8
Microsoft Multiple Products

Improper input validation in Windows Kernel allows an authorized attacker to elevate privileges locally

2025-10-14
CVE-2025-59050
Analyzed
8.4
Microsoft Multiple Products

Greenshot is an open source Windows screenshot utility

2025-09-16
CVE-2025-59033
Analyzed
9.8
Microsoft Multiple Products

The Microsoft vulnerable driver block list is implemented as Windows Defender Application Control (WDAC) policy. On systems that do not have hyperviso...

2025-09-08
CVE-2025-58728
Analyzed
7.8
Microsoft Multiple Products

Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally

2025-10-14
CVE-2025-58724
7.8
Microsoft Multiple Products

Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally

2025-10-14
CVE-2025-58722
Analyzed
7.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows DWM allows an authorized attacker to elevate privileges locally

2025-10-14
CVE-2025-58720
7.8
Microsoft Multiple Products

Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information l...

2025-10-14
CVE-2025-58716
8.8
Microsoft Multiple Products

Improper input validation in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally

2025-10-14
CVE-2025-58715
8.8
Microsoft Multiple Products

Integer overflow or wraparound in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally

2025-10-14
CVE-2025-58714
7.8
Microsoft Multiple Products

Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally

2025-10-14
CVE-2025-58323
Analyzed
7.7
Microsoft Multiple Products

NAVER MYBOX Explorer for Windows before 3

2025-08-29
CVE-2025-58322
Analyzed
7.8
Microsoft Multiple Products

NAVER MYBOX Explorer for Windows before 3

2025-08-28
CVE-2025-58112
8.8
Microsoft Dynamics

Microsoft Dynamics 365 Customer Engagement (on-premises) 1612 (9

2026-03-20
CVE-2025-58107
Analyzed
7.5
Microsoft Exchange through

In Microsoft Exchange through 2019, Exchange ActiveSync (EAS) configurations on on-premises servers may transmit sensitive data from Samsung mobile de...

2026-03-03
CVE-2025-58074
Analyzed
8.8
Microsoft Store

A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store

2026-05-05
CVE-2025-57870
Analyzed
10
Microsoft Multiple Products

A SQL Injection vulnerability exists in Esri ArcGIS Server versions 11.3, 11.4 and 11.5 on Windows, Linux and Kubernetes. This vulnerability allows a...

2025-10-22
CVE-2025-57625
Analyzed
8.8
Microsoft Multiple Products

CYRISMA Sensor before 444 for Windows has an Insecure Folder and File Permissions vulnerability

2025-09-17
CVE-2025-56803
Analyzed
8.4
Microsoft Multiple Products

Figma Desktop for Windows version 125

2025-09-03
CVE-2025-55701
7.8
Microsoft Multiple Products

Improper validation of specified type of input in Microsoft Windows allows an authorized attacker to elevate privileges locally

2025-10-14
CVE-2025-55697
Analyzed
7.8
Microsoft Multiple Products

Heap-based buffer overflow in Azure Local allows an authorized attacker to elevate privileges locally

2025-10-14
CVE-2025-55694
7.8
Microsoft Multiple Products

Improper access control in Windows Error Reporting allows an authorized attacker to elevate privileges locally

2025-10-14
CVE-2025-55692
7.8
Microsoft Multiple Products

Improper input validation in Windows Error Reporting allows an authorized attacker to elevate privileges locally

2025-10-14
CVE-2025-55680
7.8
Microsoft Multiple Products

Time-of-check time-of-use (toctou) race condition in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locall...

2025-10-14
CVE-2025-55677
7.8
Microsoft Multiple Products

Untrusted pointer dereference in Windows Device Association Broker service allows an authorized attacker to elevate privileges locally

2025-10-14
CVE-2025-55339
7.8
Microsoft Multiple Products

Out-of-bounds read in Windows NDIS allows an authorized attacker to elevate privileges locally

2025-10-14
CVE-2025-55328
7.8
Microsoft Multiple Products

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevat...

2025-10-14
CVE-2025-55321
Analyzed
8.7
Microsoft Multiple Products

Improper neutralization of input during web page generation ('cross-site scripting') in Azure Monitor allows an authorized attacker to perform spoofin...

2025-10-09
CVE-2025-55317
7.8
Microsoft Multiple Products

Improper link resolution before file access ('link following') in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges local...

2025-09-09
CVE-2025-55316
7.8
Microsoft Multiple Products

External control of file name or path in Azure Arc allows an authorized attacker to elevate privileges locally

2025-09-09
CVE-2025-55312
Analyzed
7.8
Microsoft Multiple Products

An issue was discovered in Foxit PDF and Editor for Windows before 13

2025-12-12
CVE-2025-55244
Analyzed
9
Microsoft Multiple Products

Azure Bot Service Elevation of Privilege Vulnerability

2025-09-05
CVE-2025-55241
Analyzed
9
Microsoft Multiple Products

Azure Entra Elevation of Privilege Vulnerability

2025-09-05
CVE-2025-55233
7.8
Microsoft Multiple Products

Out-of-bounds read in Windows Projected File System allows an authorized attacker to elevate privileges locally

2025-12-10
CVE-2025-55232
Analyzed
9.8
Microsoft Multiple Products

Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an unauthorized attacker to execute code over a network.

2025-09-09
CVE-2025-55231
Analyzed
7.5
Microsoft Multiple Products

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Storage allows an unauthorized attacker to exec...

2025-08-21
CVE-2025-55230
Analyzed
7.8
Microsoft Multiple Products

Untrusted pointer dereference in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally

2025-08-21
CVE-2025-55228
7.8
Microsoft Multiple Products

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to...

2025-09-09
CVE-2025-55224
7.8
Microsoft Multiple Products

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to...

2025-09-09
CVE-2025-55077
Analyzed
7.4
Microsoft Multiple Products

Tyler Technologies ERP Pro 9 SaaS allows an authenticated user to escape the application and execute limited operating system commands within the remo...

2025-08-07
CVE-2025-54918
8.8
Microsoft Multiple Products

Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network

2025-09-09
CVE-2025-54916
7.8
Microsoft Multiple Products

Stack-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally

2025-09-09
CVE-2025-54914
Analyzed
10
Microsoft Multiple Products

Azure Networking Elevation of Privilege Vulnerability

2025-09-05
CVE-2025-54913
7.8
Microsoft Multiple Products

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows UI XAML Maps MapControlSettings allows an autho...

2025-09-09
CVE-2025-54912
7.8
Microsoft Multiple Products

Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally

2025-09-09
CVE-2025-54910
Analyzed
8.4
Microsoft Multiple Products

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally

2025-09-09
CVE-2025-54908
7.8
Microsoft Multiple Products

Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally

2025-09-09
CVE-2025-54907
7.8
Microsoft Multiple Products

Heap-based buffer overflow in Microsoft Office Visio allows an unauthorized attacker to execute code locally

2025-09-09
CVE-2025-54906
7.8
Microsoft Multiple Products

Free of memory not on the heap in Microsoft Office allows an unauthorized attacker to execute code locally

2025-09-09
CVE-2025-54904
Analyzed
7.8
Microsoft Multiple Products

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally

2025-09-09
CVE-2025-54903
Analyzed
7.8
Microsoft Multiple Products

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally

2025-09-09
CVE-2025-54902
7.8
Microsoft Multiple Products

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally

2025-09-09
CVE-2025-54900
Analyzed
7.8
Microsoft Multiple Products

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally

2025-09-09
CVE-2025-54899
7.8
Microsoft Multiple Products

Free of memory not on the heap in Microsoft Office Excel allows an unauthorized attacker to execute code locally

2025-09-09
CVE-2025-54898
7.8
Microsoft Multiple Products

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally

2025-09-09
CVE-2025-54897
Analyzed
8.8
Microsoft Multiple Products

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network

2025-09-09
CVE-2025-54896
Analyzed
7.8
Microsoft Multiple Products

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally

2025-09-09
CVE-2025-54895
7.8
Microsoft Multiple Products

Integer overflow or wraparound in Windows SPNEGO Extended Negotiation allows an authorized attacker to elevate privileges locally

2025-09-09
CVE-2025-54882
Analyzed
7.1
Microsoft Multiple Products

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune

2025-08-07
CVE-2025-54113
Analyzed
8.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network

2025-09-09
CVE-2025-54111
Analyzed
7.8
Microsoft Multiple Products

Use after free in Windows UI XAML Phone DatePickerFlyout allows an authorized attacker to elevate privileges locally

2025-09-09
CVE-2025-54110
8.8
Microsoft Multiple Products

Integer overflow or wraparound in Windows Kernel allows an authorized attacker to elevate privileges locally

2025-09-09
CVE-2025-54106
Analyzed
8.8
Microsoft Multiple Products

Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network

2025-09-09
CVE-2025-54102
Analyzed
7.8
Microsoft Multiple Products

Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally

2025-09-09
CVE-2025-54100
7.8
Microsoft Multiple Products

Improper neutralization of special elements used in a command ('command injection') in Windows PowerShell allows an unauthorized attacker to execute c...

2025-12-10
CVE-2025-54098
7.8
Microsoft Multiple Products

Improper access control in Windows Hyper-V allows an authorized attacker to elevate privileges locally

2025-09-09
CVE-2025-54092
7.8
Microsoft Multiple Products

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevat...

2025-09-09
CVE-2025-54091
7.8
Microsoft Multiple Products

Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to elevate privileges locally

2025-09-09
CVE-2025-53947
Analyzed
7.7
Microsoft Multiple Products

A local attacker with low privileges on the Windows system where the software is installed can exploit this vulnerability to corrupt sensitive data

2025-09-18
CVE-2025-53828
Analyzed
8.5
Microsoft SharePoint for ownCloud

SharePoint for ownCloud is an application for using SharePoint with the file storage, synchronization, and sharing application ownCloud Classic

2026-07-07
CVE-2025-53801
7.8
Microsoft Multiple Products

Untrusted pointer dereference in Windows DWM allows an authorized attacker to elevate privileges locally

2025-09-09
CVE-2025-53800
7.8
Microsoft Multiple Products

No cwe for this issue in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally

2025-09-09
CVE-2025-53795
Analyzed
9.1
Microsoft Multiple Products

Improper authorization in Microsoft PC Manager allows an unauthorized attacker to elevate privileges over a network.

2025-08-21
CVE-2025-53792
Analyzed
9.1
Microsoft Multiple Products

Azure Portal Elevation of Privilege Vulnerability

2025-08-07
CVE-2025-53789
7.8
Microsoft Multiple Products

Missing authentication for critical function in Windows StateRepository API allows an authorized attacker to elevate privileges locally

2025-08-13
CVE-2025-53787
Analyzed
8.2
Microsoft Multiple Products

Microsoft 365 Copilot BizChat Information Disclosure Vulnerability

2025-08-07
CVE-2025-53786
Analyzed
8
Microsoft Multiple Products

On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot Fix

2025-08-07
CVE-2025-53784
Analyzed
8.4
Microsoft Multiple Products

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally

2025-08-12
CVE-2025-53782
Analyzed
8.4
Microsoft Multiple Products

Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally

2025-10-14
CVE-2025-53778
8.8
Microsoft Multiple Products

Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network

2025-08-12
CVE-2025-53770
KEV
9.8
Microsoft SharePoint Server

Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft...

2025-07-21
CVE-2025-53767
Analyzed
10
Microsoft Multiple Products

Azure OpenAI Elevation of Privilege Vulnerability

2025-08-07
CVE-2025-53766
Analyzed
9.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.

2025-08-12
CVE-2025-53763
Analyzed
9.8
Microsoft Multiple Products

Improper access control in Azure Databricks allows an unauthorized attacker to elevate privileges over a network.

2025-08-21
CVE-2025-53761
7.8
Microsoft Multiple Products

Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally

2025-08-13
CVE-2025-53759
7.8
Microsoft Multiple Products

Use of uninitialized resource in Microsoft Office Excel allows an unauthorized attacker to execute code locally

2025-08-13
CVE-2025-53741
7.8
Microsoft Multiple Products

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally

2025-08-13
CVE-2025-53740
Analyzed
8.4
Microsoft Multiple Products

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally

2025-08-12
CVE-2025-53739
7.8
Microsoft Multiple Products

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally

2025-08-13
CVE-2025-53738
7.8
Microsoft Multiple Products

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally

2025-08-13
CVE-2025-53737
7.8
Microsoft Multiple Products

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally

2025-08-12
CVE-2025-53735
7.8
Microsoft Multiple Products

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally

2025-08-12
CVE-2025-53734
7.8
Microsoft Multiple Products

Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally

2025-08-12
CVE-2025-53733
8.4
Microsoft Multiple Products

Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally

2025-08-12
CVE-2025-53732
7.8
Microsoft Multiple Products

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally

2025-08-12
CVE-2025-53731
Analyzed
8.4
Microsoft Multiple Products

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally

2025-08-12
CVE-2025-53730
7.8
Microsoft Multiple Products

Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally

2025-08-12
CVE-2025-53729
7.8
Microsoft Multiple Products

Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally

2025-08-12
CVE-2025-53726
7.8
Microsoft Multiple Products

Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locall...

2025-08-12
CVE-2025-53725
7.8
Microsoft Multiple Products

Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locall...

2025-08-12
CVE-2025-53724
7.8
Microsoft Multiple Products

Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locall...

2025-08-12
CVE-2025-53723
7.8
Microsoft Multiple Products

Numeric truncation error in Windows Hyper-V allows an authorized attacker to elevate privileges locally

2025-08-12
CVE-2025-53720
Analyzed
8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network

2025-08-12
CVE-2025-53155
7.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to elevate privileges locally

2025-08-12
CVE-2025-53154
7.8
Microsoft Multiple Products

Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally

2025-08-12
CVE-2025-53152
7.8
Microsoft Multiple Products

Use after free in Desktop Windows Manager allows an authorized attacker to execute code locally

2025-08-12
CVE-2025-53151
7.8
Microsoft Multiple Products

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally

2025-08-12
CVE-2025-53150
Analyzed
7.8
Microsoft Multiple Products

Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally

2025-10-14
CVE-2025-53145
8.8
Microsoft Multiple Products

Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network

2025-08-12
CVE-2025-53144
8.8
Microsoft Multiple Products

Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network

2025-08-12
CVE-2025-53143
8.8
Microsoft Multiple Products

Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network

2025-08-12
CVE-2025-53141
7.8
Microsoft Multiple Products

Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally

2025-08-12
CVE-2025-53133
7.8
Microsoft Multiple Products

Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally

2025-08-12
CVE-2025-53132
8
Microsoft Multiple Products

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to...

2025-08-12
CVE-2025-53131
Analyzed
8.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network

2025-08-12
CVE-2025-52451
Analyzed
8.5
Microsoft Multiple Products

Improper Input Validation vulnerability in Salesforce Tableau Server on Windows, Linux (tabdoc api - create-data-source-from-file-upload modules) allo...

2025-08-23
CVE-2025-51735
Analyzed
7.5
Microsoft Multiple Products

CSV formula injection vulnerability in HCL Technologies Ltd

2025-11-29
CVE-2025-50255
Analyzed
7.8
Microsoft Multiple Products

Cross Site Request Forgery (CSRF) vulnerability in Smartvista BackOffice SmartVista Suite 2

2025-09-18
CVE-2025-50177
Analyzed
8.1
Microsoft Multiple Products

Use after free in Windows Message Queuing allows an unauthorized attacker to execute code over a network

2025-08-12
CVE-2025-50175
Analyzed
7.8
Microsoft Multiple Products

Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally

2025-10-14
CVE-2025-50173
7.8
Microsoft Multiple Products

Weak authentication in Windows Installer allows an authorized attacker to elevate privileges locally

2025-08-12
CVE-2025-50170
7.8
Microsoft Multiple Products

Improper handling of insufficient permissions or privileges in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privile...

2025-08-12
CVE-2025-50168
7.8
Microsoft Multiple Products

Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally

2025-08-12
CVE-2025-50165
Analyzed
9.8
Microsoft Multiple Products

Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.

2025-08-12
CVE-2025-50164
Analyzed
8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network

2025-08-12
CVE-2025-50163
Analyzed
8.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network

2025-08-12
CVE-2025-50162
Analyzed
8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network

2025-08-12
CVE-2025-50160
Analyzed
8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network

2025-08-12
CVE-2025-50155
7.8
Microsoft Multiple Products

Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locall...

2025-08-12
CVE-2025-50153
7.8
Microsoft Multiple Products

Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally

2025-08-12
CVE-2025-50152
7.8
Microsoft Multiple Products

Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally

2025-10-14
CVE-2025-49761
7.8
Microsoft Multiple Products

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally

2025-08-12
CVE-2025-49757
Analyzed
8.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network

2025-08-12
CVE-2025-49753
8.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network

2025-07-08
CVE-2025-49752
Analyzed
10
Microsoft Multiple Products

Azure Bastion Elevation of Privilege Vulnerability

2025-11-20
CVE-2025-49741
7.4
Microsoft Multiple Products

No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network

2025-07-06
CVE-2025-49740
8.8
Microsoft Multiple Products

Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network

2025-07-08
CVE-2025-49735
8.1
Microsoft Multiple Products

Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network

2025-07-10
CVE-2025-49729
8.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network

2025-07-08
CVE-2025-49724
8.8
Microsoft Multiple Products

Use after free in Windows Connected Devices Platform Service allows an unauthorized attacker to execute code over a network

2025-07-08
CVE-2025-49723
8.8
Microsoft Multiple Products

Missing authorization in Windows StateRepository API allows an authorized attacker to perform tampering locally

2025-07-08
CVE-2025-49713
Analyzed
8.8
Microsoft Multiple Products

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over...

2025-07-05
CVE-2025-49712
Analyzed
8.8
Microsoft Multiple Products

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network

2025-08-12
CVE-2025-49708
Analyzed
9.9
Microsoft Multiple Products

Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges over a network.

2025-10-14
CVE-2025-49707
7.9
Microsoft Multiple Products

Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally

2025-08-12
CVE-2025-49704
8.8
Microsoft Multiple Products

Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network

2025-07-08
CVE-2025-49701
Analyzed
8.8
Microsoft Multiple Products

Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network

2025-07-08
CVE-2025-49697
8.4
Microsoft Multiple Products

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally

2025-07-08
CVE-2025-49696
8.4
Microsoft Multiple Products

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally

2025-07-08
CVE-2025-49695
Analyzed
8.4
Microsoft Multiple Products

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally

2025-07-08
CVE-2025-49692
7.8
Microsoft Multiple Products

Improper access control in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally

2025-09-09
CVE-2025-49691
8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over an adjacent network

2025-07-10
CVE-2025-49688
8.8
Microsoft Multiple Products

Double free in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network

2025-07-08
CVE-2025-49687
8.8
Microsoft Multiple Products

Out-of-bounds read in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally

2025-07-08
CVE-2025-49676
8.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network

2025-07-08
CVE-2025-49674
8.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network

2025-07-08
CVE-2025-49673
8.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network

2025-07-08
CVE-2025-49672
8.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network

2025-07-08
CVE-2025-49670
8.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network

2025-07-08
CVE-2025-49669
8.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network

2025-07-08
CVE-2025-49668
8.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network

2025-07-08
CVE-2025-49663
8.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network

2025-07-08
CVE-2025-49657
8.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network

2025-07-08
CVE-2025-49459
7.8
Microsoft Multiple Products

Missing authorization in the installer for Zoom Workplace for Windows on ARM before version 6

2025-09-09
CVE-2025-49457
Analyzed
9.6
Microsoft Multiple Products

Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access

2025-08-12
CVE-2025-48982
Analyzed
7.3
Microsoft Multiple Products

This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation if a system administrator is tricked into restoring a ma...

2025-10-31
CVE-2025-48824
8.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network

2025-07-08
CVE-2025-48822
8.6
Microsoft Multiple Products

Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally

2025-07-08
CVE-2025-47998
8.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network

2025-07-08
CVE-2025-47987
7.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally

2025-07-10
CVE-2025-47985
7.8
Microsoft Multiple Products

Untrusted pointer dereference in Windows Event Tracing allows an authorized attacker to elevate privileges locally

2025-07-10
CVE-2025-47982
7.8
Microsoft Multiple Products

Improper input validation in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally

2025-07-10
CVE-2025-47981
Analyzed
9.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network.

2025-07-08
CVE-2025-47976
7.8
Microsoft Multiple Products

Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally

2025-07-10
CVE-2025-47972
8
Microsoft Multiple Products

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Input Method Editor (IME) allows an authorize...

2025-07-10
CVE-2025-47761
Analyzed
7.8
Microsoft Multiple Products

An Exposed IOCTL with Insufficient Access Control vulnerability [CWE-782] in Fortinet FortiClientWindows 7

2025-11-19
CVE-2025-47178
8
Microsoft Multiple Products

Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker...

2025-07-10
CVE-2025-47159
7.8
Microsoft Multiple Products

Protection mechanism failure in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally

2025-07-10
CVE-2025-46373
Analyzed
7.8
Microsoft Multiple Products

A Heap-based Buffer Overflow vulnerability [CWE-122] in Fortinet FortiClientWindows 7

2025-11-19
CVE-2025-41761
Analyzed
7.8
Microsoft Windows (UBR Service)

A low‑privileged local attacker who gains access to the UBR service account (e

2026-03-10
CVE-2025-41246
Analyzed
7.6
Microsoft Multiple Products

VMware Tools for Windows contains an improper authorisation vulnerability due to the way it handles user access controls

2025-09-29
CVE-2025-40549
Analyzed
9.1
Microsoft Multiple Products

A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious actor with access to admin privileges the ability to...

2025-11-19
CVE-2025-40548
Analyzed
9.1
Microsoft Multiple Products

A missing validation process exists in Serv U when abused, could give a malicious actor with access to admin privileges the ability to execute code....

2025-11-19
CVE-2025-40547
Analyzed
9.1
Microsoft Multiple Products

A logic error vulnerability exists in Serv-U which when abused could give a malicious actor with access to admin privileges the ability to execute cod...

2025-11-19
CVE-2025-4044
Analyzed
8.2
Microsoft Multiple Products

Improper Restriction of XML External Entity Reference in various Lexmark printer drivers for Windows allows attacker to disclose sensitive information...

2025-08-19
CVE-2025-37735
Analyzed
7
Microsoft Multiple Products

Improper preservation of permissions in Elastic Defend on Windows hosts can lead to arbitrary files on the system being deleted by the Defend service...

2025-11-06
CVE-2025-36853
Analyzed
7.5
Microsoft Multiple Products

A vulnerability (CVE-2025-21172) exists in msdia140

2025-09-08
CVE-2025-36640
Analyzed
8.8
Microsoft Multiple Products

A vulnerability has been identified in the installation/uninstallation of the Nessus Agent Tray App on Windows Hosts which could lead to escalation of...

2026-01-14
CVE-2025-36384
Analyzed
8.4
Microsoft Multiple Products

IBM Db2 for Windows 12

2026-01-31
CVE-2025-36247
Analyzed
7.1
Microsoft Db2 for

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11

2026-02-18
CVE-2025-36184
Analyzed
7.2
Microsoft Multiple Products

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11

2026-01-31
CVE-2025-35971
8.2
Microsoft Multiple Products

Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23

2025-11-13
CVE-2025-35055
Analyzed
8.8
Microsoft Multiple Products

Newforma Info Exchange (NIX) '/UserWeb/Common/UploadBlueimp

2025-10-09
CVE-2025-35050
Analyzed
9.8
Microsoft Multiple Products

Newforma Info Exchange (NIX) accepts serialized .NET data via the '/remoteweb/remote.rem' endpoint, allowing a remote, unauthenticated attacker to exe...

2025-10-09
CVE-2025-3500
Analyzed
9
Microsoft Multiple Products

Integer Overflow or Wraparound vulnerability in Avast Antivirus (25.1.981.6) on Windows allows Privilege Escalation.This issue affects Antivirus: from...

2025-12-02
CVE-2025-33229
7.3
Microsoft Multiple Products

NVIDIA Nsight Visual Studio for Windows contains a vulnerability in Nsight Monitor where an attacker can execute arbitrary code with the same privileg...

2026-01-21
CVE-2025-33218
Analyzed
7.8
Microsoft Multiple Products

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm

2026-01-29
CVE-2025-33217
Analyzed
7.8
Microsoft Multiple Products

NVIDIA Display Driver for Windows contains a vulnerability where an attacker could trigger a use after free

2026-01-29
CVE-2025-33073
KEV
9.5
Microsoft Windows

Microsoft Windows SMB Client Improper Access Control Vulnerability - Active in CISA KEV catalog.

2025-10-20
CVE-2025-30416
Analyzed
10
Microsoft Cyber Protect

Acronis Cyber Protect (Linux and Windows) is vulnerable to sensitive data disclosure and manipulation due to missing authorization in versions 15 and...

2026-02-20
CVE-2025-30412
Analyzed
10
Microsoft Cyber Protect

Acronis Cyber Protect (Linux and Windows) suffers from an improper authentication vulnerability allowing sensitive data disclosure and manipulation in...

2026-02-20
CVE-2025-30411
Analyzed
10
Microsoft Cyber Protect

Acronis Cyber Protect (Linux and Windows) is vulnerable to sensitive data disclosure and manipulation due to improper authentication in versions 15 an...

2026-02-20
CVE-2025-30255
8.2
Microsoft Multiple Products

Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23

2025-11-13
CVE-2025-27713
7.8
Microsoft Multiple Products

Out-of-bounds write for some Intel(R) QAT Windows software before version 2

2025-11-13
CVE-2025-27461
7.6
Microsoft Multiple Products

During startup, the device automatically logs in the EPC2 Windows user without requesting a password

2025-07-06
CVE-2025-26513
Analyzed
7
Microsoft Multiple Products

The installer for SAN Host Utilities for Windows versions prior to 8

2025-08-07
CVE-2025-26496
Analyzed
9.6
Microsoft Multiple Products

Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Salesforce Tableau Server, Tableau Desktop on Windows, Linux (File Uplo...

2025-08-23
CVE-2025-24990
KEV Analyzed
7.8
Microsoft Multiple Products

Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems

2025-10-14
CVE-2025-24052
7.8
Microsoft Multiple Products

Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems

2025-10-14
CVE-2025-23358
Analyzed
8.2
Microsoft Multiple Products

NVIDIA NVApp for Windows contains a vulnerability in the installer, where a local attacker can cause a search path element issue

2025-11-04
CVE-2025-23331
7.5
Microsoft Multiple Products

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause a memory allocation with excessive size value,...

2025-08-07
CVE-2025-23329
Analyzed
7.5
Microsoft Multiple Products

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause memory corruption by identifying and acces...

2025-09-17
CVE-2025-23328
Analyzed
7.5
Microsoft Multiple Products

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an out-of-bounds write through a specially...

2025-09-17
CVE-2025-23327
7.5
Microsoft Multiple Products

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an integer overflow through specially craf...

2025-08-07
CVE-2025-23326
7.5
Microsoft Multiple Products

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an integer overflow through a specially cr...

2025-08-07
CVE-2025-23325
Analyzed
7.5
Microsoft Multiple Products

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause uncontrolled recursion through a specially...

2025-08-07
CVE-2025-23324
Analyzed
7.5
Microsoft Multiple Products

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause an integer overflow or wraparound, leading to a...

2025-08-07
CVE-2025-23323
Analyzed
7.5
Microsoft Multiple Products

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause an integer overflow or wraparound, leading to a...

2025-08-07
CVE-2025-23322
Analyzed
7.5
Microsoft Multiple Products

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where multiple requests could cause a double free when a stream is cance...

2025-08-07
CVE-2025-23321
Analyzed
7.5
Microsoft Multiple Products

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause a divide by zero issue by issuing an invalid re...

2025-08-07
CVE-2025-23320
Analyzed
7.5
Microsoft Multiple Products

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause the shared memory l...

2025-08-07
CVE-2025-23319
Analyzed
8.1
Microsoft Multiple Products

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds wr...

2025-08-07
CVE-2025-23318
Analyzed
8.1
Microsoft Multiple Products

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds wr...

2025-08-07
CVE-2025-23316
Analyzed
9.8
Microsoft Multiple Products

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause a remote code execu...

2025-09-17
CVE-2025-23310
Analyzed
9.8
Microsoft Multiple Products

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause stack buffer overflow by specially crafted...

2025-08-07
CVE-2025-23297
Analyzed
7.8
Microsoft Multiple Products

NVIDIA Installer for NvAPP for Windows contains a vulnerability in the FrameviewSDK installation process, where an attacker with local unprivileged ac...

2025-10-01
CVE-2025-23281
Analyzed
7
Microsoft Multiple Products

NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker with local unprivileged access that can win a race condition might be...

2025-08-04
CVE-2025-23278
Analyzed
7.1
Microsoft Multiple Products

NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker might cause an improper index validation by issuing a call with...

2025-08-04
CVE-2025-23277
Analyzed
7.3
Microsoft Multiple Products

NVIDIA Display Driver for Linux and Windows contains a vulnerability in the kernel mode driver, where an attacker could access memory outside bounds p...

2025-08-04
CVE-2025-23276
Analyzed
7.8
Microsoft Multiple Products

NVIDIA Installer for Windows contains a vulnerability where an attacker may be able to escalate privileges

2025-08-04
CVE-2025-20387
Analyzed
8
Microsoft Multiple Products

In Splunk Universal Forwarder for Windows versions below 10

2025-12-03
CVE-2025-20386
Analyzed
8
Microsoft Multiple Products

In Splunk Enterprise for Windows versions below 10

2025-12-03
CVE-2025-20239
Analyzed
8.6
Microsoft Multiple Products

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco IOS Software, IOS XE Software, Secure Firewall Adaptive Security Appli...

2025-08-14
CVE-2025-14733
KEV
9.8
Microsoft Multiple Products

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerabili...

2025-12-20
CVE-2025-14237
Analyzed
9.8
Microsoft Multiple Products

Buffer overflow in XPS font parse processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network s...

2026-01-16
CVE-2025-14236
Analyzed
9.8
Microsoft Multiple Products

Buffer overflow in Address Book attribute tag processing on Small Office Multifunction Printers(*) which may allow an attacker on the network segment...

2026-01-16
CVE-2025-14235
Analyzed
9.8
Microsoft Multiple Products

Buffer overflow in XPS font fpgm data processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the netwo...

2026-01-16
CVE-2025-14234
Analyzed
9.8
Microsoft Multiple Products

Buffer overflow in CPCA list processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segmen...

2026-01-16
CVE-2025-14233
Analyzed
9.8
Microsoft Multiple Products

Invalid free in CPCA file deletion processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network...

2026-01-16
CVE-2025-14232
Analyzed
9.8
Microsoft Multiple Products

Buffer overflow in XML processing of XPS file in Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network...

2026-01-16
CVE-2025-14231
Analyzed
9.8
Microsoft Multiple Products

Buffer overflow in print job processing by WSD on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network...

2026-01-16
CVE-2025-14218
Analyzed
7.3
Microsoft Multiple Products

A security flaw has been discovered in code-projects Currency Exchange System 1

2025-12-09
CVE-2025-14217
Analyzed
7.3
Microsoft Multiple Products

A vulnerability was identified in code-projects Currency Exchange System 1

2025-12-09
CVE-2025-14216
Analyzed
7.3
Microsoft Multiple Products

A vulnerability was determined in code-projects Currency Exchange System 1

2025-12-09
CVE-2025-14215
Analyzed
7.3
Microsoft Multiple Products

A vulnerability was found in code-projects Currency Exchange System 1

2025-12-09
CVE-2025-13914
8.7
Microsoft Networks Apstra

A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a unauthenticated, MITM attac...

2026-04-10
CVE-2025-12865
Analyzed
8.8
Microsoft Multiple Products

U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote attacker to inject arbitrary SQL commands to...

2025-11-11
CVE-2025-12864
Analyzed
8.8
Microsoft Multiple Products

U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote attacker to inject arbitrary SQL commands to...

2025-11-11
CVE-2025-12726
Analyzed
7.5
Microsoft Multiple Products

Inappropriate implementation in Views in Google Chrome on Windows prior to 142

2025-11-11
CVE-2025-12055
Analyzed
7.5
Microsoft Multiple Products

HYDRA X, MIP 2 and FEDRA 2 of MPDV Mikrolab GmbH suffer from an unauthenticated local file disclosure vulnerability in all releases until Maintenance...

2025-10-27
CVE-2025-11719
Analyzed
9.8
Microsoft Multiple Products

Starting in Firefox 143, the use of the native messaging API by web extensions on Windows could lead to crashes caused by use-after-free memory corrup...

2025-10-15
CVE-2025-11713
Analyzed
8.1
Microsoft Multiple Products

Insufficient escaping in the “Copy as cURL” feature could have been used to trick a user into executing unexpected code on Windows

2025-10-15
CVE-2025-11575
Analyzed
7.8
Microsoft Multiple Products

Incorrect Default Permissions vulnerability in MongoDB Atlas SQL ODBC driver on Windows allows Privilege Escalation

2025-10-23
CVE-2025-11020
Analyzed
8.8
Microsoft Multiple Products

An attacker can obtain server information using Path Traversal vulnerability to conduct SQL Injection, which possibly exploits Unrestricted Upload of...

2025-10-02
CVE-2025-11001
Analyzed
7
Microsoft Multiple Products

7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability

2025-11-20
CVE-2025-10714
Analyzed
8.4
Microsoft Multiple Products

AXIS Optimizer was vulnerable to an unquoted search path vulnerability, which could potentially lead to privilege escalation within Microsoft Windows...

2025-11-13
CVE-2025-10491
Analyzed
7.8
Microsoft Multiple Products

The MongoDB Windows installation MSI may leave ACLs unset on custom installation directories allowing a local attacker to introduce executable code to...

2025-09-15
CVE-2025-10314
Analyzed
8.8
Microsoft FREQSHIP-mini

Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation FREQSHIP-mini for Windows versions 8

2026-02-05
CVE-2025-10226
Analyzed
9.8
Microsoft Multiple Products

Dependency on Vulnerable Third-Party Component (CWE-1395) in the PostgreSQL backend in AxxonSoft Axxon One 2.0.8 and earlier on Windows and Linux allo...

2025-09-10
CVE-2025-10220
Analyzed
9.8
Microsoft Multiple Products

Use of Unmaintained Third Party Components (CWE-1104) in the NuGet dependency components in AxxonSoft Axxon One VMS 2.0.0 through 2.0.4 on Windows all...

2025-09-10
CVE-2025-10199
7.8
Microsoft Multiple Products

A local privilege escalation vulnerability exists in Sunshine for Windows (version v2025

2025-09-10
CVE-2025-10198
7.8
Microsoft Multiple Products

Sunshine for Windows, version v2025

2025-09-10
CVE-2024-56179
Analyzed
7.8
Microsoft Multiple Products

In MindManager Windows versions prior to 24

2025-08-23
CVE-2024-43468
KEV
9.5
Microsoft Configuration Manager

Microsoft Configuration Manager SQL Injection Vulnerability - Active in CISA KEV catalog.

2026-02-13
CVE-2024-24909
Analyzed
8.8
Microsoft OpenManage Integration with Microsoft Windows Admin Center

Dell OpenManage Integration with Microsoft Windows Admin Center contains a Remote Code Execution vulnerability in the gateway plugin

2026-06-17
CVE-2024-13972
Analyzed
8.8
Microsoft Multiple Products

A vulnerability related to registry permissions in the Intercept X for Windows updater prior to version 2024

2025-07-17
CVE-2023-54330
Analyzed
9.8
Microsoft Multiple Products

Inbit Messenger versions 4.6.0 to 4.9.0 contain a remote stack-based buffer overflow vulnerability that allows unauthenticated attackers to execute ar...

2026-01-14
CVE-2023-37524
Analyzed
7.7
Microsoft Traveler for Microsoft Outlook

HCL Traveler for Microsoft Outlook (HTMO) is susceptible to vulnerabilities due to

2026-06-28
CVE-2023-36424
KEV
9.5
Microsoft Windows

Microsoft Windows Out-of-Bounds Read Vulnerability - Active in CISA KEV catalog.

2026-04-14
CVE-2023-21529
KEV
9.5
Microsoft Exchange Server

Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability - Active in CISA KEV catalog.

2026-04-14
CVE-2023-0882
Analyzed
8.8
Microsoft Single Connect

Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Kron Tech Single Connect on Windows allows Privilege Abus...

2026-06-02
CVE-2022-50993
Analyzed
9.8
Microsoft endpoint that

Weaver E-office is vulnerable to unauthenticated arbitrary file upload via OfficeServer.php, allowing remote attackers to execute code via webshells.

2026-05-01
CVE-2022-50935
Analyzed
9.8
Microsoft Multiple Products

Flame II HSPA USB Modem contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path...

2026-01-14
CVE-2021-43226
KEV
9.5
Microsoft Windows

Microsoft Windows Privilege Escalation Vulnerability - Active in CISA KEV catalog.

2025-10-06
CVE-2020-37181
Analyzed
9.8
Microsoft FLV Converter

Torrent FLV Converter 1.51 Build 117 contains a stack overflow vulnerability in the registration code input, allowing attackers to execute arbitrary c...

2026-02-12
CVE-2020-37047
Analyzed
7.8
Microsoft Multiple Products

Deep Instinct Windows Agent 1

2026-02-02
CVE-2020-37000
Analyzed
9.8
Microsoft Multiple Products

Free MP3 CD Ripper 2.8 contains a stack buffer overflow vulnerability that allows remote attackers to execute arbitrary code by crafting a malicious W...

2026-01-30
CVE-2020-36934
Analyzed
7.8
Microsoft Multiple Products

Deep Instinct Windows Agent 1

2026-01-26
CVE-2019-25365
Analyzed
9.8
Microsoft ChaosPro

A buffer overflow in ChaosPro 2.0's configuration file handling allows attackers to gain remote code execution on Windows XP systems by overwriting th...

2026-02-19
CVE-2019-25307
7.8
Microsoft Multiple Products

WorkgroupMail 7

2026-02-12
CVE-2019-25261
Analyzed
7.8
Microsoft Multiple Products

AnyDesk 5

2026-02-04
CVE-2016-20091
Analyzed
7.8
Microsoft Windows Firewall Control

Windows Firewall Control 4

2026-06-21
CVE-2013-3918
KEV
9.5
Microsoft Windows

Microsoft Windows Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.

2025-10-06
CVE-2013-3893
KEV
9.5
Microsoft Internet Explorer

Microsoft Internet Explorer Resource Management Errors Vulnerability - Active in CISA KEV catalog.

2025-08-12
CVE-2012-1854
KEV
9.5
Microsoft Visual Basic for Applications (VBA)

Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability - Active in CISA KEV catalog.

2026-04-14
CVE-2011-3402
KEV
9.5
Microsoft Windows

Microsoft Windows Remote Code Execution Vulnerability - Active in CISA KEV catalog.

2025-10-06
CVE-2010-3962
KEV
9.5
Microsoft Internet Explorer

Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability - Active in CISA KEV catalog.

2025-10-06
CVE-2010-0806
KEV
9.5
Microsoft Internet Explorer

Microsoft Internet Explorer Use-After-Free Vulnerability - Active in CISA KEV catalog.

2026-05-21
CVE-2010-0249
KEV
9.5
Microsoft Internet Explorer

Microsoft Internet Explorer Use-After-Free Vulnerability - Active in CISA KEV catalog.

2026-05-21
CVE-2009-2493
Analyzed
8.8
Microsoft Visual Studio

The Active Template Library (ATL) in Microsoft Visual Studio

2026-05-28
CVE-2009-1537
KEV
9.5
Microsoft DirectX

Microsoft DirectX NULL Byte Overwrite Vulnerability - Active in CISA KEV catalog.

2026-05-21
CVE-2009-0901
Analyzed
8.8
Microsoft Visual Studio

The Active Template Library (ATL) in Microsoft Visual Studio

2026-05-28
CVE-2009-0556
KEV
9.5
Microsoft Office

Microsoft Office PowerPoint Code Injection Vulnerability - Active in CISA KEV catalog.

2026-01-08
CVE-2009-0238
KEV
9.5
Microsoft Office

Microsoft Office Remote Code Execution - Active in CISA KEV catalog.

2026-04-15
CVE-2008-4250
KEV
9.5
Microsoft Windows

Microsoft Windows Buffer Overflow Vulnerability - Active in CISA KEV catalog.

2026-05-21
CVE-2008-0015
KEV
9.5
Microsoft Windows

Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability - Active in CISA KEV catalog.

2026-02-18
CVE-2007-0671
KEV
9.5
Microsoft Office

Microsoft Office Excel Remote Code Execution Vulnerability - Active in CISA KEV catalog.

2025-08-12