VYPR

Vendor CVEs

Microsoft

All CVEs

14,324 total · sorted by risk
  • CVE-2016-1108HigMay 11, 2016
    risk 0.49cvss 7.5epss 0.08

    Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.

  • CVE-2016-1107HigMay 11, 2016
    risk 0.49cvss 7.5epss 0.08

    Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.

  • CVE-2016-1097HigMay 11, 2016
    risk 0.49cvss 7.5epss 0.08

    Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.

  • CVE-2016-0169MedMay 11, 2016
    risk 0.49cvss 6.5epss 0.43

    GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to obtain sensitive information via a crafted document, aka "Windows Graphics…

  • CVE-2016-0168MedMay 11, 2016
    risk 0.49cvss 6.5epss 0.43

    GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to obtain sensitive information via a crafted document, aka "Windows Graphics…

  • CVE-2016-0018HigJan 13, 2016
    risk 0.49cvss 7.3epss 0.14

    Microsoft Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 R2, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Remote Code Execution Vulnerability."

  • CVE-2011-1985HigOct 12, 2011
    risk 0.49cvss 7.1epss 0.02

    win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges or…

  • CVE-2011-0029HigMar 9, 2011
    risk 0.49cvss 7.4epss 0.07

    Untrusted search path vulnerability in the client in Microsoft Remote Desktop Connection 5.2, 6.0, 6.1, and 7.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rdp file, aka "Remote…

  • CVE-2005-1794HigJun 1, 2005
    risk 0.49cvss 7.4epss 0.16

    Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 stores an RSA private key in mstlsapi.dll and uses it to sign a certificate, which allows remote attackers to spoof public keys of legitimate servers and conduct man-in-the-middle attacks.

  • CVE-2002-1872HigDec 31, 2002
    risk 0.49cvss 7.5epss 0.06

    Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password.

  • CVE-2001-1515HigDec 31, 2001
    risk 0.49cvss 7.5epss 0.04

    Macintosh clients, when using NT file system volumes on Windows 2000 SP1, create subdirectories and automatically modify the inherited NTFS permissions, which may cause the directories to have less restrictive permissions than intended.

  • CVE-2001-0667HigOct 30, 2001
    risk 0.49cvss 7.3epss 0.15

    Internet Explorer 6 and earlier, when used with the Telnet client in Services for Unix (SFU) 2.0, allows remote attackers to execute commands by spawning Telnet with a log file option on the command line and writing arbitrary code into an executable file which is later executed,…

  • CVE-2001-0006HigFeb 12, 2001
    risk 0.49cvss 7.1epss 0.03

    The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has inappropriate Everyone/Full Control permissions, which allows local users to modify the permissions to "No Access" and disable Winsock network connectivity to cause a denial of service, aka the "Winsock Mutex"…

  • CVE-2026-42893HigMay 12, 2026
    risk 0.48cvss 7.4epss 0.00

    Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to perform tampering over a network.

  • CVE-2026-41107HigMay 12, 2026
    risk 0.48cvss 7.4epss 0.01

    External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.

  • CVE-2026-40414HigMay 12, 2026
    risk 0.48cvss 7.4epss 0.01

    Windows TCP/IP Denial of Service Vulnerability

  • CVE-2026-40413HigMay 12, 2026
    risk 0.48cvss 7.4epss 0.00

    Windows TCP/IP Denial of Service Vulnerability

  • CVE-2026-32156HigApr 14, 2026
    risk 0.48cvss 7.4epss 0.00

    Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to execute code locally.

  • CVE-2026-21524HigJan 22, 2026
    risk 0.48cvss 7.4epss 0.01

    Exposure of sensitive information to an unauthorized actor in Azure Data Explorer allows an unauthorized attacker to disclose information over a network.

  • CVE-2026-21521HigJan 22, 2026
    risk 0.48cvss 7.4epss 0.01

    Improper neutralization of escape, meta, or control sequences in Copilot allows an unauthorized attacker to disclose information over a network.

  • CVE-2026-20853HigJan 13, 2026
    risk 0.48cvss 7.4epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows WalletService allows an unauthorized attacker to elevate privileges locally.

  • CVE-2026-20844HigJan 13, 2026
    risk 0.48cvss 7.4epss 0.00

    Use after free in Windows Clipboard Server allows an unauthorized attacker to elevate privileges locally.

  • CVE-2026-20805MedKEVJan 13, 2026
    risk 0.48cvss 5.5epss 0.05

    Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.

  • CVE-2025-59210HigOct 14, 2025
    risk 0.48cvss 7.4epss 0.00

    Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability

  • CVE-2025-59206HigOct 14, 2025
    risk 0.48cvss 7.4epss 0.00

    Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability

  • CVE-2025-59189HigOct 14, 2025
    risk 0.48cvss 7.4epss 0.00

    Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.

  • CVE-2025-55693HigOct 14, 2025
    risk 0.48cvss 7.4epss 0.02

    Use after free in Windows Kernel allows an unauthorized attacker to elevate privileges locally.

  • CVE-2025-55687HigOct 14, 2025
    risk 0.48cvss 7.4epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Resilient File System (ReFS) allows an unauthorized attacker to elevate privileges locally.

  • CVE-2025-55335HigOct 14, 2025
    risk 0.48cvss 7.4epss 0.00

    Use after free in Windows NTFS allows an unauthorized attacker to elevate privileges locally.

  • CVE-2025-48004HigOct 14, 2025
    risk 0.48cvss 7.4epss 0.02

    Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.

  • CVE-2025-54103HigSep 9, 2025
    risk 0.48cvss 7.4epss 0.00

    Use after free in Windows Management Services allows an unauthorized attacker to elevate privileges locally.

  • CVE-2025-59033HigSep 8, 2025
    risk 0.48cvss 7.4epss 0.00

    The Microsoft vulnerable driver block list is implemented as Windows Defender Application Control (WDAC) policy. Entries that specify only the to-be-signed (TBS) part of the code signer certificate are properly blocked, but entries that specify the signing certificate's TBS hash…

  • CVE-2022-50238HigSep 8, 2025
    risk 0.48cvss 7.4epss 0.00

    The on-endpoint Microsoft vulnerable driver blocklist is not fully synchronized with the online Microsoft recommended driver block rules. Some entries present on the online list have been excluded from the on-endpoint blocklist longer than the expected periodic monthly Windows…

  • CVE-2025-49690HigJul 8, 2025
    risk 0.48cvss 7.4epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an unauthorized attacker to elevate privileges locally.

  • CVE-2025-30384HigMay 13, 2025
    risk 0.48cvss 7.4epss 0.01

    Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.

  • CVE-2025-29838HigMay 13, 2025
    risk 0.48cvss 7.4epss 0.00

    Null pointer dereference in Windows Drivers allows an unauthorized attacker to elevate privileges locally.

  • CVE-2025-29826HigMay 13, 2025
    risk 0.48cvss 7.3epss 0.01

    Improper handling of insufficient permissions or privileges in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.

  • CVE-2025-29804HigApr 8, 2025
    risk 0.48cvss 7.3epss 0.01

    Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.

  • CVE-2025-29802HigApr 8, 2025
    risk 0.48cvss 7.3epss 0.01

    Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.

  • CVE-2025-29793HigApr 8, 2025
    risk 0.48cvss 7.2epss 0.22

    Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

  • CVE-2025-29792HigApr 8, 2025
    risk 0.48cvss 7.3epss 0.01

    Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

  • CVE-2025-26628HigApr 8, 2025
    risk 0.48cvss 7.3epss 0.01

    Insufficiently protected credentials in Azure Local Cluster allows an authorized attacker to disclose information locally.

  • CVE-2025-24994HigMar 11, 2025
    risk 0.48cvss 7.3epss 0.01

    Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.

  • CVE-2025-24991MedKEVMar 11, 2025
    risk 0.48cvss 5.5epss 0.02

    Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally.

  • CVE-2025-24042HigFeb 11, 2025
    risk 0.48cvss 7.3epss 0.01

    Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability

  • CVE-2025-24039HigFeb 11, 2025
    risk 0.48cvss 7.3epss 0.01

    Visual Studio Code Elevation of Privilege Vulnerability

  • CVE-2025-21206HigFeb 11, 2025
    risk 0.48cvss 7.3epss 0.01

    Visual Studio Installer Elevation of Privilege Vulnerability

  • CVE-2025-21183HigFeb 11, 2025
    risk 0.48cvss 7.4epss 0.01

    Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability

  • CVE-2025-21182HigFeb 11, 2025
    risk 0.48cvss 7.4epss 0.01

    Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability

  • CVE-2025-21399HigJan 17, 2025
    risk 0.48cvss 7.4epss 0.01

    Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability

Page 124 of 287