Vendor CVEs
Microsoft
All CVEs
14,175 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-35436 | Hig | 0.57 | 8.8 | 0.00 | May 12, 2026 | Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-34329 | Hig | 0.57 | 8.8 | 0.00 | May 12, 2026 | Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network. | ||
| CVE-2026-33112 | Hig | 0.57 | 8.8 | 0.02 | May 12, 2026 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||
| CVE-2026-33110 | Hig | 0.57 | 8.8 | 0.02 | May 12, 2026 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||
| CVE-2026-32207 | Hig | 0.57 | 8.8 | 0.01 | May 7, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network. | ||
| CVE-2026-33120 | Hig | 0.57 | 8.8 | 0.01 | Apr 14, 2026 | Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network. | ||
| CVE-2026-32225 | Hig | 0.57 | 8.8 | 0.01 | Apr 14, 2026 | Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network. | ||
| CVE-2026-32171 | Hig | 0.57 | 8.8 | 0.00 | Apr 14, 2026 | Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2026-32157 | Hig | 0.57 | 8.8 | 0.01 | Apr 14, 2026 | Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-27928 | Hig | 0.57 | 8.7 | 0.00 | Apr 14, 2026 | Improper input validation in Windows Hello allows an unauthorized attacker to bypass a security feature over a network. | ||
| CVE-2026-26178 | Hig | 0.57 | 8.8 | 0.00 | Apr 14, 2026 | Integer size truncation in Windows Advanced Rasterization Platform (WARP) allows an unauthorized attacker to elevate privileges locally. | ||
| CVE-2026-26167 | Hig | 0.57 | 8.8 | 0.00 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | ||
| CVE-2006-10003 | Cri | 0.57 | 9.8 | 0.01 | Mar 19, 2026 | XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack. In the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equals stacksize and therefore falls… | ||
| CVE-2026-25592 | Cri | 0.57 | 9.9 | 0.02 | Feb 6, 2026 | Semantic Kernel is an SDK used to build, orchestrate, and deploy AI agents and multi-agent systems. Prior to 1.71.0, an Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the SessionsPythonPlugin. The problem… | ||
| CVE-2025-59249 | Hig | 0.57 | 8.8 | 0.01 | Oct 14, 2025 | Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2025-36855 | Hig | 0.57 | 8.8 | 0.01 | Sep 8, 2025 | A vulnerability ( CVE-2025-21176 https://www.cve.org/CVERecord ) exists in DiaSymReader.dll due to buffer over-read. Per CWE-126: Buffer Over-read https://cwe.mitre.org/data/definitions/126.html , Buffer Over-read is when a product reads from a buffer using buffer access… | ||
| CVE-2018-8413 | Hig | 0.57 | 7.8 | 0.46 | Oct 10, 2018 | A remote code execution vulnerability exists when "Windows Theme API" does not properly decompress files, aka "Windows Theme API Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2012,… | ||
| CVE-2018-16793 | Hig | 0.57 | 8.6 | 0.11 | Sep 21, 2018 | Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page. | ||
| CVE-2018-16794 | Hig | 0.57 | 8.6 | 0.08 | Sep 18, 2018 | Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls. | ||
| CVE-2018-8353 | Hig | 0.57 | 7.5 | 0.68 | Aug 15, 2018 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is… | ||
| CVE-2018-8279 | Hig | 0.57 | 7.5 | 0.71 | Jul 11, 2018 | A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8274,… | ||
| CVE-2018-8219 | Hig | 0.57 | 8.8 | 0.01 | Jun 14, 2018 | An elevation of privilege vulnerability exists when Windows Hyper-V instruction emulation fails to properly enforce privilege levels, aka "Hypervisor Code Integrity Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | ||
| CVE-2018-8145 | Hig | 0.57 | 7.5 | 0.67 | May 9, 2018 | An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This… | ||
| CVE-2018-0953 | Hig | 0.57 | 7.5 | 0.67 | May 9, 2018 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945,… | ||
| CVE-2018-0775 | Hig | 0.57 | 7.5 | 0.68 | Jan 4, 2018 | Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758,… | ||
| CVE-2018-0774 | Hig | 0.57 | 7.5 | 0.68 | Jan 4, 2018 | Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758,… | ||
| CVE-2017-11918 | Hig | 0.57 | 7.5 | 0.63 | Dec 12, 2017 | ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption… | ||
| CVE-2017-11907 | Hig | 0.57 | 7.5 | 0.64 | Dec 12, 2017 | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to… | ||
| CVE-2017-11876 | Hig | 0.57 | 8.8 | 0.02 | Nov 15, 2017 | Microsoft Project Server and Microsoft SharePoint Enterprise Server 2016 allow an attacker to use cross-site forgery to read content that they are not authorized to read, use the victim's identity to take actions on the web application on behalf of the victim, such as change… | ||
| CVE-2017-11873 | Hig | 0.57 | 7.5 | 0.70 | Nov 15, 2017 | ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory… | ||
| CVE-2017-11861 | Hig | 0.57 | 7.5 | 0.64 | Nov 15, 2017 | Microsoft Edge in Windows 10 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption… | ||
| CVE-2017-11841 | Hig | 0.57 | 7.5 | 0.60 | Nov 15, 2017 | ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine… | ||
| CVE-2017-11840 | Hig | 0.57 | 7.5 | 0.60 | Nov 15, 2017 | ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine… | ||
| CVE-2017-11839 | Hig | 0.57 | 7.5 | 0.62 | Nov 15, 2017 | Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to take control of an affected system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption… | ||
| CVE-2017-11767 | Cri | 0.57 | 9.8 | 0.10 | Nov 2, 2017 | ChakraCore allows an attacker to gain the same user rights as the current user, due to the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". | ||
| CVE-2017-11811 | Hig | 0.57 | 7.5 | 0.65 | Oct 13, 2017 | ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory… | ||
| CVE-2017-11809 | Hig | 0.57 | 7.5 | 0.68 | Oct 13, 2017 | ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory… | ||
| CVE-2017-11802 | Hig | 0.57 | 7.5 | 0.69 | Oct 13, 2017 | ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory… | ||
| CVE-2017-11799 | Hig | 0.57 | 7.5 | 0.64 | Oct 13, 2017 | ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory… | ||
| CVE-2017-8755 | Hig | 0.57 | 7.5 | 0.71 | Sep 13, 2017 | Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory… | ||
| CVE-2017-11764 | Hig | 0.57 | 7.5 | 0.64 | Sep 13, 2017 | Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption… | ||
| CVE-2017-8671 | Hig | 0.57 | 7.5 | 0.69 | Aug 8, 2017 | Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka… | ||
| CVE-2017-8670 | Hig | 0.57 | 7.5 | 0.69 | Aug 8, 2017 | Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting… | ||
| CVE-2017-8656 | Hig | 0.57 | 7.5 | 0.69 | Aug 8, 2017 | Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting… | ||
| CVE-2017-8646 | Hig | 0.57 | 7.5 | 0.69 | Aug 8, 2017 | Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine… | ||
| CVE-2017-8645 | Hig | 0.57 | 7.5 | 0.69 | Aug 8, 2017 | Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine… | ||
| CVE-2017-8641 | Hig | 0.57 | 7.5 | 0.72 | Aug 8, 2017 | Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to… | ||
| CVE-2017-8640 | Hig | 0.57 | 7.5 | 0.69 | Aug 8, 2017 | Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting… | ||
| CVE-2017-8634 | Hig | 0.57 | 7.5 | 0.70 | Aug 8, 2017 | Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption… | ||
| CVE-2017-8620 | Hig | 0.57 | 8.1 | 0.55 | Aug 8, 2017 | Windows Search in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it improperly handles objects in… |
- risk 0.57cvss 8.8epss 0.00
Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
- risk 0.57cvss 8.8epss 0.00
Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network.
- risk 0.57cvss 8.8epss 0.02
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.02
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.01
Improper neutralization of input during web page generation ('cross-site scripting') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.
- risk 0.57cvss 8.8epss 0.01
Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.01
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
- risk 0.57cvss 8.8epss 0.00
Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.
- risk 0.57cvss 8.8epss 0.01
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
- risk 0.57cvss 8.7epss 0.00
Improper input validation in Windows Hello allows an unauthorized attacker to bypass a security feature over a network.
- risk 0.57cvss 8.8epss 0.00
Integer size truncation in Windows Advanced Rasterization Platform (WARP) allows an unauthorized attacker to elevate privileges locally.
- risk 0.57cvss 8.8epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
- risk 0.57cvss 9.8epss 0.01
XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack. In the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equals stacksize and therefore falls…
- risk 0.57cvss 9.9epss 0.02
Semantic Kernel is an SDK used to build, orchestrate, and deploy AI agents and multi-agent systems. Prior to 1.71.0, an Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the SessionsPythonPlugin. The problem…
- risk 0.57cvss 8.8epss 0.01
Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.
- risk 0.57cvss 8.8epss 0.01
A vulnerability ( CVE-2025-21176 https://www.cve.org/CVERecord ) exists in DiaSymReader.dll due to buffer over-read. Per CWE-126: Buffer Over-read https://cwe.mitre.org/data/definitions/126.html , Buffer Over-read is when a product reads from a buffer using buffer access…
- risk 0.57cvss 7.8epss 0.46
A remote code execution vulnerability exists when "Windows Theme API" does not properly decompress files, aka "Windows Theme API Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2012,…
- risk 0.57cvss 8.6epss 0.11
Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page.
- risk 0.57cvss 8.6epss 0.08
Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls.
- risk 0.57cvss 7.5epss 0.68
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is…
- risk 0.57cvss 7.5epss 0.71
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8274,…
- risk 0.57cvss 8.8epss 0.01
An elevation of privilege vulnerability exists when Windows Hyper-V instruction emulation fails to properly enforce privilege levels, aka "Hypervisor Code Integrity Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
- risk 0.57cvss 7.5epss 0.67
An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This…
- risk 0.57cvss 7.5epss 0.67
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945,…
- risk 0.57cvss 7.5epss 0.68
Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758,…
- risk 0.57cvss 7.5epss 0.68
Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758,…
- risk 0.57cvss 7.5epss 0.63
ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption…
- risk 0.57cvss 7.5epss 0.64
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to…
- risk 0.57cvss 8.8epss 0.02
Microsoft Project Server and Microsoft SharePoint Enterprise Server 2016 allow an attacker to use cross-site forgery to read content that they are not authorized to read, use the victim's identity to take actions on the web application on behalf of the victim, such as change…
- risk 0.57cvss 7.5epss 0.70
ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory…
- risk 0.57cvss 7.5epss 0.64
Microsoft Edge in Windows 10 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption…
- risk 0.57cvss 7.5epss 0.60
ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine…
- risk 0.57cvss 7.5epss 0.60
ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine…
- risk 0.57cvss 7.5epss 0.62
Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to take control of an affected system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption…
- risk 0.57cvss 9.8epss 0.10
ChakraCore allows an attacker to gain the same user rights as the current user, due to the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".
- risk 0.57cvss 7.5epss 0.65
ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory…
- risk 0.57cvss 7.5epss 0.68
ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory…
- risk 0.57cvss 7.5epss 0.69
ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory…
- risk 0.57cvss 7.5epss 0.64
ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory…
- risk 0.57cvss 7.5epss 0.71
Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory…
- risk 0.57cvss 7.5epss 0.64
Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption…
- risk 0.57cvss 7.5epss 0.69
Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka…
- risk 0.57cvss 7.5epss 0.69
Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting…
- risk 0.57cvss 7.5epss 0.69
Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting…
- risk 0.57cvss 7.5epss 0.69
Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine…
- risk 0.57cvss 7.5epss 0.69
Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine…
- risk 0.57cvss 7.5epss 0.72
Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to…
- risk 0.57cvss 7.5epss 0.69
Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting…
- risk 0.57cvss 7.5epss 0.70
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption…
- risk 0.57cvss 8.1epss 0.55
Windows Search in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it improperly handles objects in…
Page 10 of 284