Vendor CVEs
Microsoft
All CVEs
14,176 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-40402 | Cri | 0.60 | 9.3 | 0.00 | May 12, 2026 | Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally. | ||
| CVE-2026-40379 | Cri | 0.60 | 9.3 | 0.01 | May 12, 2026 | Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized attacker to perform spoofing over a network. | ||
| CVE-2026-33102 | Cri | 0.60 | 9.3 | 0.00 | Apr 23, 2026 | Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network. | ||
| CVE-2026-32210 | Cri | 0.60 | 9.3 | 0.01 | Apr 23, 2026 | Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network. | ||
| CVE-2024-21318 | Hig | 0.60 | 8.8 | 0.31 | Jan 9, 2024 | Microsoft SharePoint Server Remote Code Execution Vulnerability | ||
| CVE-2023-35628 | Hig | 0.60 | 8.1 | 0.93 | Dec 12, 2023 | Windows MSHTML Platform Remote Code Execution Vulnerability | ||
| CVE-2023-28231 | Hig | 0.60 | 8.8 | 0.37 | Apr 11, 2023 | DHCP Server Service Remote Code Execution Vulnerability | ||
| CVE-2023-21715 | Hig | 0.60 | 7.3 | 0.12 | KEV | Feb 14, 2023 | Microsoft Publisher Security Feature Bypass Vulnerability | |
| CVE-2022-41076 | Hig | 0.60 | 8.5 | 0.62 | Dec 13, 2022 | PowerShell Remote Code Execution Vulnerability | ||
| CVE-2022-37958 | Hig | 0.60 | 8.1 | 0.86 | Sep 13, 2022 | SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability | ||
| CVE-2022-22017 | Hig | 0.60 | 8.8 | 0.37 | May 10, 2022 | Remote Desktop Client Remote Code Execution Vulnerability | ||
| CVE-2022-24500 | Hig | 0.60 | 8.8 | 0.39 | Apr 15, 2022 | Windows SMB Remote Code Execution Vulnerability | ||
| CVE-2020-1301 | Hig | 0.60 | 8.8 | 0.37 | Jun 9, 2020 | A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'. | ||
| CVE-2020-0932 | Hig | 0.60 | 8.8 | 0.31 | Apr 15, 2020 | A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929,… | ||
| CVE-2020-0729 | Hig | 0.60 | 8.8 | 0.31 | Feb 11, 2020 | A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution… | ||
| CVE-2019-1349 | Hig | 0.60 | 8.8 | 0.34 | Jan 24, 2020 | A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387. | ||
| CVE-2019-0721 | Cri | 0.60 | 9.1 | 0.10 | Nov 12, 2019 | A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0719. | ||
| CVE-2019-0719 | Cri | 0.60 | 9.1 | 0.11 | Nov 12, 2019 | A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0721. | ||
| CVE-2019-0552 | Hig | 0.60 | 8.8 | 0.03 | Jan 8, 2019 | An elevation of privilege exists in Windows COM Desktop Broker, aka "Windows COM Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. | ||
| CVE-2018-1010 | Hig | 0.60 | 8.8 | 0.40 | Apr 12, 2018 | A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008,… | ||
| CVE-2017-0290 | Hig | 0.60 | 7.8 | 0.77 | May 9, 2017 | The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server… | ||
| CVE-2016-7272 | Hig | 0.60 | 8.8 | 0.39 | Dec 20, 2016 | The Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via… | ||
| CVE-2016-3345 | Hig | 0.60 | 8.8 | 0.32 | Sep 14, 2016 | The SMBv1 server in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via crafted packets, aka… | ||
| CVE-2016-3312 | Cri | 0.60 | 9.1 | 0.10 | Aug 9, 2016 | ActiveSyncProvider in Microsoft Windows 10 Gold and 1511 allows attackers to discover credentials by leveraging failure of Universal Outlook to obtain a secure connection, aka "Universal Outlook Information Disclosure Vulnerability." | ||
| CVE-2016-3211 | Hig | 0.60 | 8.8 | 0.32 | Jun 16, 2016 | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0199 and… | ||
| CVE-2016-0041 | Hig | 0.60 | 7.8 | 0.84 | Feb 10, 2016 | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 10 and 11 mishandle DLL loading, which allows local users to gain privileges via a… | ||
| CVE-2013-0810 | Hig | 0.60 | 8.1 | 0.60 | Sep 11, 2013 | Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, and Windows Server 2008 SP2 allow remote attackers to execute arbitrary code via a crafted screensaver in a theme file, aka "Windows Theme File Remote Code Execution Vulnerability." | ||
| CVE-2013-0022 | Cri | 0.60 | 9.0 | 0.17 | Feb 13, 2013 | Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer LsGetTrailInfo Use After Free Vulnerability." | ||
| CVE-2012-4787 | Cri | 0.60 | 9.0 | 0.18 | Dec 12, 2012 | Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "Improper Ref Counting Use After Free… | ||
| CVE-2010-3328 | Hig | 0.60 | 8.8 | 0.32 | Oct 13, 2010 | Use-after-free vulnerability in the CAttrArray::PrivateFind function in mshtml.dll in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code by setting an unspecified property of a stylesheet object, aka "Uninitialized Memory Corruption… | ||
| CVE-2010-0248 | Hig | 0.60 | 8.1 | 0.53 | Jan 22, 2010 | Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object… | ||
| CVE-2009-0231 | Hig | 0.60 | 8.8 | 0.37 | Jul 15, 2009 | The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers… | ||
| CVE-2009-1532 | Hig | 0.60 | 8.8 | 0.37 | Jun 10, 2009 | Microsoft Internet Explorer 8 for Windows XP SP2 and SP3; 8 for Server 2003 SP2; 8 for Vista Gold, SP1, and SP2; and 8 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via "malformed row property references"… | ||
| CVE-2009-0554 | Hig | 0.60 | 8.8 | 0.32 | Apr 15, 2009 | Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an… | ||
| CVE-2009-0244 | Hig | 0.60 | 8.8 | 0.30 | Jan 21, 2009 | Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, allows remote authenticated users to list arbitrary directories, and… | ||
| CVE-2008-3475 | Hig | 0.60 | 8.8 | 0.40 | Oct 15, 2008 | Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka… | ||
| CVE-2008-1083 | Hig | 0.60 | 8.1 | 0.57 | Apr 8, 2008 | Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers… | ||
| CVE-2008-0077 | Hig | 0.60 | 8.8 | 0.37 | Feb 12, 2008 | Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG element, aka "Property Memory… | ||
| CVE-1999-0511 | Cri | 0.60 | 9.1 | 0.07 | Jan 1, 1997 | IP forwarding is enabled on a machine which is not a router or firewall. | ||
| CVE-2026-45602 | Cri | 0.59 | 9.1 | 0.00 | Jun 9, 2026 | No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network. | ||
| CVE-2026-48579 | Cri | 0.59 | 9.1 | 0.01 | Jun 4, 2026 | Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2026-33843 | Cri | 0.59 | 9.1 | 0.00 | May 22, 2026 | Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate privileges over a network. | ||
| CVE-2026-42833 | Cri | 0.59 | 9.1 | 0.01 | May 12, 2026 | Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network. | ||
| CVE-2026-41103 | Cri | 0.59 | 9.1 | 0.05 | May 12, 2026 | Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network. | ||
| CVE-2026-33844 | Cri | 0.59 | 9.0 | 0.01 | May 7, 2026 | Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network. | ||
| CVE-2026-40372 | Cri | 0.59 | 9.1 | 0.11 | Apr 21, 2026 | Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network. | ||
| CVE-2026-26149 | Cri | 0.59 | 9.0 | 0.01 | Apr 14, 2026 | Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to perform spoofing over a network. | ||
| CVE-2026-32211 | Cri | 0.59 | 9.1 | 0.01 | Apr 3, 2026 | Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2024-20674 | Hig | 0.59 | 8.8 | 0.17 | Jan 9, 2024 | Windows Kerberos Security Feature Bypass Vulnerability | ||
| CVE-2023-36035 | Hig | 0.59 | 8.0 | 0.87 | Nov 14, 2023 | Microsoft Exchange Server Spoofing Vulnerability |
- risk 0.60cvss 9.3epss 0.00
Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.
- risk 0.60cvss 9.3epss 0.01
Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized attacker to perform spoofing over a network.
- risk 0.60cvss 9.3epss 0.00
Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.
- risk 0.60cvss 9.3epss 0.01
Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network.
- risk 0.60cvss 8.8epss 0.31
Microsoft SharePoint Server Remote Code Execution Vulnerability
- risk 0.60cvss 8.1epss 0.93
Windows MSHTML Platform Remote Code Execution Vulnerability
- risk 0.60cvss 8.8epss 0.37
DHCP Server Service Remote Code Execution Vulnerability
- risk 0.60cvss 7.3epss 0.12
Microsoft Publisher Security Feature Bypass Vulnerability
- risk 0.60cvss 8.5epss 0.62
PowerShell Remote Code Execution Vulnerability
- risk 0.60cvss 8.1epss 0.86
SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability
- risk 0.60cvss 8.8epss 0.37
Remote Desktop Client Remote Code Execution Vulnerability
- risk 0.60cvss 8.8epss 0.39
Windows SMB Remote Code Execution Vulnerability
- risk 0.60cvss 8.8epss 0.37
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'.
- risk 0.60cvss 8.8epss 0.31
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929,…
- risk 0.60cvss 8.8epss 0.31
A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution…
- risk 0.60cvss 8.8epss 0.34
A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.
- risk 0.60cvss 9.1epss 0.10
A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0719.
- risk 0.60cvss 9.1epss 0.11
A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0721.
- risk 0.60cvss 8.8epss 0.03
An elevation of privilege exists in Windows COM Desktop Broker, aka "Windows COM Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.
- risk 0.60cvss 8.8epss 0.40
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008,…
- risk 0.60cvss 7.8epss 0.77
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server…
- risk 0.60cvss 8.8epss 0.39
The Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via…
- risk 0.60cvss 8.8epss 0.32
The SMBv1 server in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via crafted packets, aka…
- risk 0.60cvss 9.1epss 0.10
ActiveSyncProvider in Microsoft Windows 10 Gold and 1511 allows attackers to discover credentials by leveraging failure of Universal Outlook to obtain a secure connection, aka "Universal Outlook Information Disclosure Vulnerability."
- risk 0.60cvss 8.8epss 0.32
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0199 and…
- risk 0.60cvss 7.8epss 0.84
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 10 and 11 mishandle DLL loading, which allows local users to gain privileges via a…
- risk 0.60cvss 8.1epss 0.60
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, and Windows Server 2008 SP2 allow remote attackers to execute arbitrary code via a crafted screensaver in a theme file, aka "Windows Theme File Remote Code Execution Vulnerability."
- risk 0.60cvss 9.0epss 0.17
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer LsGetTrailInfo Use After Free Vulnerability."
- risk 0.60cvss 9.0epss 0.18
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "Improper Ref Counting Use After Free…
- risk 0.60cvss 8.8epss 0.32
Use-after-free vulnerability in the CAttrArray::PrivateFind function in mshtml.dll in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code by setting an unspecified property of a stylesheet object, aka "Uninitialized Memory Corruption…
- risk 0.60cvss 8.1epss 0.53
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object…
- risk 0.60cvss 8.8epss 0.37
The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers…
- risk 0.60cvss 8.8epss 0.37
Microsoft Internet Explorer 8 for Windows XP SP2 and SP3; 8 for Server 2003 SP2; 8 for Vista Gold, SP1, and SP2; and 8 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via "malformed row property references"…
- risk 0.60cvss 8.8epss 0.32
Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an…
- risk 0.60cvss 8.8epss 0.30
Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, allows remote authenticated users to list arbitrary directories, and…
- risk 0.60cvss 8.8epss 0.40
Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka…
- risk 0.60cvss 8.1epss 0.57
Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers…
- risk 0.60cvss 8.8epss 0.37
Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG element, aka "Property Memory…
- risk 0.60cvss 9.1epss 0.07
IP forwarding is enabled on a machine which is not a router or firewall.
- risk 0.59cvss 9.1epss 0.00
No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network.
- risk 0.59cvss 9.1epss 0.01
Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information over a network.
- risk 0.59cvss 9.1epss 0.00
Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate privileges over a network.
- risk 0.59cvss 9.1epss 0.01
Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.
- risk 0.59cvss 9.1epss 0.05
Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network.
- risk 0.59cvss 9.0epss 0.01
Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.
- risk 0.59cvss 9.1epss 0.11
Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.
- risk 0.59cvss 9.0epss 0.01
Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to perform spoofing over a network.
- risk 0.59cvss 9.1epss 0.01
Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over a network.
- risk 0.59cvss 8.8epss 0.17
Windows Kerberos Security Feature Bypass Vulnerability
- risk 0.59cvss 8.0epss 0.87
Microsoft Exchange Server Spoofing Vulnerability
Page 12 of 284