VYPR

Vendor CVEs

Microsoft

All CVEs

14,324 total · sorted by risk
  • CVE-2020-1319HigSep 11, 2020
    risk 0.48cvss 7.3epss 0.05

    A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change,…

  • CVE-2020-1198HigSep 11, 2020
    risk 0.48cvss 7.4epss 0.03

    A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to…

  • CVE-2020-1571HigAug 17, 2020
    risk 0.48cvss 7.3epss 0.01

    An elevation of privilege vulnerability exists in Windows Setup in the way it handles permissions. A locally authenticated attacker could run arbitrary code with elevated system privileges. After successfully exploiting the vulnerability, an attacker could then install programs;…

  • CVE-2020-1557HigAug 17, 2020
    risk 0.48cvss 7.3epss 0.04

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by…

  • CVE-2020-1182HigAug 17, 2020
    risk 0.48cvss 7.3epss 0.03

    A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11. An attacker who successfully exploited this vulnerability could gain remote code execution via server-side script execution on the victim server. An…

  • CVE-2019-1439MedNov 12, 2019
    risk 0.48cvss 6.5epss 0.76

    An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'.

  • CVE-2019-1317HigOct 10, 2019
    risk 0.48cvss 7.3epss 0.01

    A denial of service vulnerability exists when Windows improperly handles hard links, aka 'Microsoft Windows Denial of Service Vulnerability'.

  • CVE-2019-1211HigAug 14, 2019
    risk 0.48cvss 7.3epss 0.02

    An elevation of privilege vulnerability exists in Git for Visual Studio when it improperly parses configuration files. An attacker who successfully exploited the vulnerability could execute code in the context of another local user. To exploit the vulnerability, an authenticated…

  • CVE-2019-1185HigAug 14, 2019
    risk 0.48cvss 7.3epss 0.01

    An elevation of privilege vulnerability exists due to a stack corruption in Windows Subsystem for Linux. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could…

  • CVE-2019-0856HigApr 9, 2019
    risk 0.48cvss 7.2epss 0.18

    A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Remote Code Execution Vulnerability'.

  • CVE-2017-8494HigJun 15, 2017
    risk 0.48cvss 7.3epss 0.02

    Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a locally-authenticated attacker to run a specially crafted application on a targeted system when Windows Secure Kernel Mode fails to properly handle objects in memory, aka "Windows Elevation of…

  • CVE-2017-8460HigJun 15, 2017
    risk 0.48cvss 7.3epss 0.03

    Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows information disclosure when a user opens a specially crafted PDF file, aka "Windows PDF Information Disclosure Vulnerability".

  • CVE-2017-0298HigJun 15, 2017
    risk 0.48cvss 7.3epss 0.02

    A DCOM object in Helppane.exe in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016, when configured to run as the interactive user, allows an…

  • CVE-2017-0249HigMay 12, 2017
    risk 0.48cvss 7.3epss 0.04

    An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.

  • CVE-2017-0063MedMar 17, 2017
    risk 0.48cvss 6.5epss 0.35

    The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2; Windows Server 2008 SP2 and R2; and Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote…

  • CVE-2017-0059MedKEVMar 17, 2017
    risk 0.48cvss 4.3epss 0.62

    Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0008 and…

  • CVE-2016-7291HigDec 20, 2016
    risk 0.48cvss 7.1epss 0.23

    Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a…

  • CVE-2016-7290HigDec 20, 2016
    risk 0.48cvss 7.1epss 0.23

    Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a…

  • CVE-2016-7276HigDec 20, 2016
    risk 0.48cvss 7.1epss 0.25

    Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office…

  • CVE-2016-7268HigDec 20, 2016
    risk 0.48cvss 7.1epss 0.23

    Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory…

  • CVE-2016-7265HigDec 20, 2016
    risk 0.48cvss 7.1epss 0.23

    Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to obtain sensitive…

  • CVE-2016-7264HigDec 20, 2016
    risk 0.48cvss 7.1epss 0.23

    Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, Excel for Mac 2011, and Excel 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft…

  • CVE-2016-7211HigOct 14, 2016
    risk 0.48cvss 7.3epss 0.03

    The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka…

  • CVE-2016-3386HigOct 14, 2016
    risk 0.48cvss 7.5epss 0.41

    The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3389,…

  • CVE-2016-3286HigJul 13, 2016
    risk 0.48cvss 7.3epss 0.03

    The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k…

  • CVE-2016-3252HigJul 13, 2016
    risk 0.48cvss 7.3epss 0.04

    The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k…

  • CVE-2016-3250HigJul 13, 2016
    risk 0.48cvss 7.3epss 0.03

    The kernel-mode drivers in Microsoft Windows Server 2012 and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

  • CVE-2016-3249HigJul 13, 2016
    risk 0.48cvss 7.3epss 0.03

    The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k…

  • CVE-2016-4158HigJun 16, 2016
    risk 0.48cvss 7.3epss 0.03

    Unquoted Windows search path vulnerability in Adobe Creative Cloud Desktop Application before 3.7.0.272 on Windows allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory.

  • CVE-2016-0161MedApr 12, 2016
    risk 0.48cvss 6.5epss 0.69

    Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Edge Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0158.

  • CVE-2016-0120MedMar 9, 2016
    risk 0.48cvss 6.5epss 0.39

    The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to cause a denial of service (system hang) via a…

  • CVE-2013-1292HigApr 9, 2013
    risk 0.48cvss 7.4epss 0.01

    Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages…

  • CVE-2013-1278HigFeb 13, 2013
    risk 0.48cvss 7.4epss 0.01

    Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted…

  • CVE-2011-2016HigNov 8, 2011
    risk 0.48cvss 7.3epss 0.08

    Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as…

  • CVE-2010-3957HigDec 16, 2010
    risk 0.48cvss 7.3epss 0.02

    Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka…

  • CVE-2026-47634HigJun 9, 2026
    risk 0.47cvss 7.3epss 0.01

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

  • CVE-2026-45481HigJun 9, 2026
    risk 0.47cvss 7.3epss 0.01

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

  • CVE-2026-35433HigMay 12, 2026
    risk 0.47cvss 7.3epss 0.01

    Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.

  • CVE-2026-32202MedKEVApr 14, 2026
    risk 0.47cvss 4.3epss 0.64

    Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2026-32149HigApr 14, 2026
    risk 0.47cvss 7.3epss 0.00

    Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.

  • CVE-2026-20803HigJan 13, 2026
    risk 0.47cvss 7.2epss 0.01

    Missing authentication for critical function in SQL Server allows an authorized attacker to elevate privileges over a network.

  • CVE-2025-64676HigDec 18, 2025
    risk 0.47cvss 7.2epss 0.01

    '.../...//' in Microsoft Purview allows an authorized attacker to execute code over a network.

  • CVE-2025-62565HigDec 9, 2025
    risk 0.47cvss 7.3epss 0.01

    Use after free in Windows Shell allows an authorized attacker to elevate privileges locally.

  • CVE-2025-59504HigNov 11, 2025
    risk 0.47cvss 7.3epss 0.00

    Heap-based buffer overflow in Azure Monitor Agent allows an unauthorized attacker to execute code locally.

  • CVE-2025-59273HigOct 23, 2025
    risk 0.47cvss 7.3epss 0.00

    Improper access control in Azure Event Grid allows an unauthorized attacker to elevate privileges over a network.

  • CVE-2025-55240HigOct 14, 2025
    risk 0.47cvss 7.3epss 0.00

    Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.

  • CVE-2025-25004HigOct 14, 2025
    risk 0.47cvss 7.3epss 0.00

    Improper access control in Microsoft PowerShell allows an authorized attacker to elevate privileges locally.

  • CVE-2025-55322HigSep 24, 2025
    risk 0.47cvss 7.3epss 0.00

    Binding to an unrestricted ip address in GitHub allows an unauthorized attacker to execute code over a network.

  • CVE-2025-55236HigSep 9, 2025
    risk 0.47cvss 7.3epss 0.00

    Time-of-check time-of-use (toctou) race condition in Graphics Kernel allows an authorized attacker to execute code locally.

  • CVE-2025-54911HigSep 9, 2025
    risk 0.47cvss 7.3epss 0.01

    Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally.

Page 127 of 287