VYPR

Vendor CVEs

Microsoft

All CVEs

14,176 total · sorted by risk
  • CVE-2026-40402CriMay 12, 2026
    risk 0.60cvss 9.3epss 0.00

    Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.

  • CVE-2026-40379CriMay 12, 2026
    risk 0.60cvss 9.3epss 0.01

    Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2026-33102CriApr 23, 2026
    risk 0.60cvss 9.3epss 0.00

    Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.

  • CVE-2026-32210CriApr 23, 2026
    risk 0.60cvss 9.3epss 0.01

    Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2024-21318HigJan 9, 2024
    risk 0.60cvss 8.8epss 0.31

    Microsoft SharePoint Server Remote Code Execution Vulnerability

  • CVE-2023-35628HigDec 12, 2023
    risk 0.60cvss 8.1epss 0.93

    Windows MSHTML Platform Remote Code Execution Vulnerability

  • CVE-2023-28231HigApr 11, 2023
    risk 0.60cvss 8.8epss 0.37

    DHCP Server Service Remote Code Execution Vulnerability

  • CVE-2023-21715HigKEVFeb 14, 2023
    risk 0.60cvss 7.3epss 0.12

    Microsoft Publisher Security Feature Bypass Vulnerability

  • CVE-2022-41076HigDec 13, 2022
    risk 0.60cvss 8.5epss 0.62

    PowerShell Remote Code Execution Vulnerability

  • CVE-2022-37958HigSep 13, 2022
    risk 0.60cvss 8.1epss 0.86

    SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability

  • CVE-2022-22017HigMay 10, 2022
    risk 0.60cvss 8.8epss 0.37

    Remote Desktop Client Remote Code Execution Vulnerability

  • CVE-2022-24500HigApr 15, 2022
    risk 0.60cvss 8.8epss 0.39

    Windows SMB Remote Code Execution Vulnerability

  • CVE-2020-1301HigJun 9, 2020
    risk 0.60cvss 8.8epss 0.37

    A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'.

  • CVE-2020-0932HigApr 15, 2020
    risk 0.60cvss 8.8epss 0.31

    A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929,…

  • CVE-2020-0729HigFeb 11, 2020
    risk 0.60cvss 8.8epss 0.31

    A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution…

  • CVE-2019-1349HigJan 24, 2020
    risk 0.60cvss 8.8epss 0.34

    A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.

  • CVE-2019-0721CriNov 12, 2019
    risk 0.60cvss 9.1epss 0.10

    A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0719.

  • CVE-2019-0719CriNov 12, 2019
    risk 0.60cvss 9.1epss 0.11

    A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0721.

  • CVE-2019-0552HigJan 8, 2019
    risk 0.60cvss 8.8epss 0.03

    An elevation of privilege exists in Windows COM Desktop Broker, aka "Windows COM Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.

  • CVE-2018-1010HigApr 12, 2018
    risk 0.60cvss 8.8epss 0.40

    A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008,…

  • CVE-2017-0290HigMay 9, 2017
    risk 0.60cvss 7.8epss 0.77

    The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server…

  • CVE-2016-7272HigDec 20, 2016
    risk 0.60cvss 8.8epss 0.39

    The Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via…

  • CVE-2016-3345HigSep 14, 2016
    risk 0.60cvss 8.8epss 0.32

    The SMBv1 server in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via crafted packets, aka…

  • CVE-2016-3312CriAug 9, 2016
    risk 0.60cvss 9.1epss 0.10

    ActiveSyncProvider in Microsoft Windows 10 Gold and 1511 allows attackers to discover credentials by leveraging failure of Universal Outlook to obtain a secure connection, aka "Universal Outlook Information Disclosure Vulnerability."

  • CVE-2016-3211HigJun 16, 2016
    risk 0.60cvss 8.8epss 0.32

    Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0199 and…

  • CVE-2016-0041HigFeb 10, 2016
    risk 0.60cvss 7.8epss 0.84

    Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 10 and 11 mishandle DLL loading, which allows local users to gain privileges via a…

  • CVE-2013-0810HigSep 11, 2013
    risk 0.60cvss 8.1epss 0.60

    Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, and Windows Server 2008 SP2 allow remote attackers to execute arbitrary code via a crafted screensaver in a theme file, aka "Windows Theme File Remote Code Execution Vulnerability."

  • CVE-2013-0022CriFeb 13, 2013
    risk 0.60cvss 9.0epss 0.17

    Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer LsGetTrailInfo Use After Free Vulnerability."

  • CVE-2012-4787CriDec 12, 2012
    risk 0.60cvss 9.0epss 0.18

    Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "Improper Ref Counting Use After Free…

  • CVE-2010-3328HigOct 13, 2010
    risk 0.60cvss 8.8epss 0.32

    Use-after-free vulnerability in the CAttrArray::PrivateFind function in mshtml.dll in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code by setting an unspecified property of a stylesheet object, aka "Uninitialized Memory Corruption…

  • CVE-2010-0248HigJan 22, 2010
    risk 0.60cvss 8.1epss 0.53

    Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object…

  • CVE-2009-0231HigJul 15, 2009
    risk 0.60cvss 8.8epss 0.37

    The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers…

  • CVE-2009-1532HigJun 10, 2009
    risk 0.60cvss 8.8epss 0.37

    Microsoft Internet Explorer 8 for Windows XP SP2 and SP3; 8 for Server 2003 SP2; 8 for Vista Gold, SP1, and SP2; and 8 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via "malformed row property references"…

  • CVE-2009-0554HigApr 15, 2009
    risk 0.60cvss 8.8epss 0.32

    Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an…

  • CVE-2009-0244HigJan 21, 2009
    risk 0.60cvss 8.8epss 0.30

    Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, allows remote authenticated users to list arbitrary directories, and…

  • CVE-2008-3475HigOct 15, 2008
    risk 0.60cvss 8.8epss 0.40

    Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka…

  • CVE-2008-1083HigApr 8, 2008
    risk 0.60cvss 8.1epss 0.57

    Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers…

  • CVE-2008-0077HigFeb 12, 2008
    risk 0.60cvss 8.8epss 0.37

    Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG element, aka "Property Memory…

  • CVE-1999-0511CriJan 1, 1997
    risk 0.60cvss 9.1epss 0.07

    IP forwarding is enabled on a machine which is not a router or firewall.

  • CVE-2026-45602CriJun 9, 2026
    risk 0.59cvss 9.1epss 0.00

    No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network.

  • CVE-2026-48579CriJun 4, 2026
    risk 0.59cvss 9.1epss 0.01

    Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information over a network.

  • CVE-2026-33843CriMay 22, 2026
    risk 0.59cvss 9.1epss 0.00

    Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate privileges over a network.

  • CVE-2026-42833CriMay 12, 2026
    risk 0.59cvss 9.1epss 0.01

    Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.

  • CVE-2026-41103CriMay 12, 2026
    risk 0.59cvss 9.1epss 0.05

    Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network.

  • CVE-2026-33844CriMay 7, 2026
    risk 0.59cvss 9.0epss 0.01

    Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.

  • CVE-2026-40372CriApr 21, 2026
    risk 0.59cvss 9.1epss 0.11

    Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.

  • CVE-2026-26149CriApr 14, 2026
    risk 0.59cvss 9.0epss 0.01

    Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to perform spoofing over a network.

  • CVE-2026-32211CriApr 3, 2026
    risk 0.59cvss 9.1epss 0.01

    Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over a network.

  • CVE-2024-20674HigJan 9, 2024
    risk 0.59cvss 8.8epss 0.17

    Windows Kerberos Security Feature Bypass Vulnerability

  • CVE-2023-36035HigNov 14, 2023
    risk 0.59cvss 8.0epss 0.87

    Microsoft Exchange Server Spoofing Vulnerability

Page 12 of 284