Vendor CVEs
Microsoft
All CVEs
14,324 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-54116 | Hig | 0.47 | 7.3 | 0.00 | Sep 9, 2025 | Improper access control in Windows MultiPoint Services allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-53779 | Hig | 0.47 | 7.2 | 0.03 | Aug 12, 2025 | Relative path traversal in Windows Kerberos allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2025-53760 | Hig | 0.47 | 7.1 | 0.11 | Aug 12, 2025 | Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2025-50161 | Hig | 0.47 | 7.3 | 0.01 | Aug 12, 2025 | Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-50159 | Hig | 0.47 | 7.3 | 0.01 | Aug 12, 2025 | Use after free in Remote Access Point-to-Point Protocol (PPP) EAP-TLS allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-50154 | Med | 0.47 | 6.5 | 0.26 | Aug 12, 2025 | Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. | ||
| CVE-2025-49682 | Hig | 0.47 | 7.3 | 0.00 | Jul 8, 2025 | Use after free in Windows Media allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-49680 | Hig | 0.47 | 7.3 | 0.00 | Jul 8, 2025 | Improper link resolution before file access ('link following') in Windows Performance Recorder allows an authorized attacker to deny service locally. | ||
| CVE-2025-49666 | Hig | 0.47 | 7.2 | 0.01 | Jul 8, 2025 | Heap-based buffer overflow in Windows Kernel allows an authorized attacker to execute code over a network. | ||
| CVE-2025-47959 | Hig | 0.47 | 7.1 | 0.06 | Jun 13, 2025 | Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code over a network. | ||
| CVE-2025-47171 | Med | 0.47 | 6.7 | 0.01 | Jun 10, 2025 | Improper input validation in Microsoft Office Outlook allows an authorized attacker to execute code locally. | ||
| CVE-2025-32721 | Hig | 0.47 | 7.3 | 0.01 | Jun 10, 2025 | Improper link resolution before file access ('link following') in Windows Recovery Driver allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-29803 | Hig | 0.47 | 7.3 | 0.01 | Apr 12, 2025 | Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-24053 | Hig | 0.47 | 7.2 | 0.01 | Mar 13, 2025 | Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2025-26631 | Hig | 0.47 | 7.3 | 0.01 | Mar 11, 2025 | Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-25003 | Hig | 0.47 | 7.3 | 0.00 | Mar 11, 2025 | Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-24998 | Hig | 0.47 | 7.3 | 0.00 | Mar 11, 2025 | Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-24071 | Med | 0.47 | 6.5 | 0.25 | Mar 11, 2025 | Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. | ||
| CVE-2025-21405 | Hig | 0.47 | 7.3 | 0.01 | Jan 14, 2025 | Visual Studio Elevation of Privilege Vulnerability | ||
| CVE-2025-21348 | Hig | 0.47 | 7.2 | 0.02 | Jan 14, 2025 | Microsoft SharePoint Server Remote Code Execution Vulnerability | ||
| CVE-2024-49091 | Hig | 0.47 | 7.2 | 0.02 | Dec 12, 2024 | Windows Domain Name Service Remote Code Execution Vulnerability | ||
| CVE-2024-49089 | Hig | 0.47 | 7.2 | 0.02 | Dec 12, 2024 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | ||
| CVE-2024-49042 | Hig | 0.47 | 7.2 | 0.01 | Nov 12, 2024 | Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability | ||
| CVE-2024-43613 | Hig | 0.47 | 7.2 | 0.01 | Nov 12, 2024 | Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability | ||
| CVE-2024-43502 | Hig | 0.47 | 7.1 | 0.06 | Oct 8, 2024 | Windows Kernel Elevation of Privilege Vulnerability | ||
| CVE-2024-38239 | Hig | 0.47 | 7.2 | 0.02 | Sep 10, 2024 | Windows Kerberos Elevation of Privilege Vulnerability | ||
| CVE-2024-38228 | Hig | 0.47 | 7.2 | 0.04 | Sep 10, 2024 | Microsoft SharePoint Server Remote Code Execution Vulnerability | ||
| CVE-2024-38227 | Hig | 0.47 | 7.2 | 0.08 | Sep 10, 2024 | Microsoft SharePoint Server Remote Code Execution Vulnerability | ||
| CVE-2024-38200 | Med | 0.47 | 6.5 | 0.20 | Aug 12, 2024 | Microsoft Office Spoofing Vulnerability | ||
| CVE-2024-38044 | Hig | 0.47 | 7.2 | 0.02 | Jul 9, 2024 | DHCP Server Service Remote Code Execution Vulnerability | ||
| CVE-2024-38028 | Hig | 0.47 | 7.2 | 0.02 | Jul 9, 2024 | Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability | ||
| CVE-2024-38025 | Hig | 0.47 | 7.2 | 0.02 | Jul 9, 2024 | Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability | ||
| CVE-2024-38019 | Hig | 0.47 | 7.2 | 0.02 | Jul 9, 2024 | Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability | ||
| CVE-2024-30043 | Med | 0.47 | 6.5 | 0.55 | May 14, 2024 | Microsoft SharePoint Server Information Disclosure Vulnerability | ||
| CVE-2024-29066 | Hig | 0.47 | 7.2 | 0.01 | Apr 9, 2024 | Windows Distributed File System (DFS) Remote Code Execution Vulnerability | ||
| CVE-2024-29055 | Hig | 0.47 | 7.2 | 0.02 | Apr 9, 2024 | Microsoft Defender for IoT Elevation of Privilege Vulnerability | ||
| CVE-2024-29054 | Hig | 0.47 | 7.2 | 0.02 | Apr 9, 2024 | Microsoft Defender for IoT Elevation of Privilege Vulnerability | ||
| CVE-2024-26233 | Hig | 0.47 | 7.2 | 0.02 | Apr 9, 2024 | Windows DNS Server Remote Code Execution Vulnerability | ||
| CVE-2024-26231 | Hig | 0.47 | 7.2 | 0.02 | Apr 9, 2024 | Windows DNS Server Remote Code Execution Vulnerability | ||
| CVE-2024-26227 | Hig | 0.47 | 7.2 | 0.02 | Apr 9, 2024 | Windows DNS Server Remote Code Execution Vulnerability | ||
| CVE-2024-26224 | Hig | 0.47 | 7.2 | 0.02 | Apr 9, 2024 | Windows DNS Server Remote Code Execution Vulnerability | ||
| CVE-2024-26223 | Hig | 0.47 | 7.2 | 0.02 | Apr 9, 2024 | Windows DNS Server Remote Code Execution Vulnerability | ||
| CVE-2024-26222 | Hig | 0.47 | 7.2 | 0.02 | Apr 9, 2024 | Windows DNS Server Remote Code Execution Vulnerability | ||
| CVE-2024-26221 | Hig | 0.47 | 7.2 | 0.02 | Apr 9, 2024 | Windows DNS Server Remote Code Execution Vulnerability | ||
| CVE-2024-26208 | Hig | 0.47 | 7.2 | 0.02 | Apr 9, 2024 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | ||
| CVE-2024-26202 | Hig | 0.47 | 7.2 | 0.02 | Apr 9, 2024 | DHCP Server Service Remote Code Execution Vulnerability | ||
| CVE-2024-26195 | Hig | 0.47 | 7.2 | 0.02 | Apr 9, 2024 | DHCP Server Service Remote Code Execution Vulnerability | ||
| CVE-2024-21324 | Hig | 0.47 | 7.2 | 0.02 | Apr 9, 2024 | Microsoft Defender for IoT Elevation of Privilege Vulnerability | ||
| CVE-2024-21322 | Hig | 0.47 | 7.2 | 0.03 | Apr 9, 2024 | Microsoft Defender for IoT Remote Code Execution Vulnerability | ||
| CVE-2024-21320 | Med | 0.47 | 6.5 | 0.23 | Jan 9, 2024 | Windows Themes Spoofing Vulnerability |
- risk 0.47cvss 7.3epss 0.00
Improper access control in Windows MultiPoint Services allows an authorized attacker to elevate privileges locally.
- risk 0.47cvss 7.2epss 0.03
Relative path traversal in Windows Kerberos allows an authorized attacker to elevate privileges over a network.
- risk 0.47cvss 7.1epss 0.11
Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.
- risk 0.47cvss 7.3epss 0.01
Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
- risk 0.47cvss 7.3epss 0.01
Use after free in Remote Access Point-to-Point Protocol (PPP) EAP-TLS allows an authorized attacker to elevate privileges locally.
- risk 0.47cvss 6.5epss 0.26
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
- risk 0.47cvss 7.3epss 0.00
Use after free in Windows Media allows an authorized attacker to elevate privileges locally.
- risk 0.47cvss 7.3epss 0.00
Improper link resolution before file access ('link following') in Windows Performance Recorder allows an authorized attacker to deny service locally.
- risk 0.47cvss 7.2epss 0.01
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to execute code over a network.
- risk 0.47cvss 7.1epss 0.06
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code over a network.
- risk 0.47cvss 6.7epss 0.01
Improper input validation in Microsoft Office Outlook allows an authorized attacker to execute code locally.
- risk 0.47cvss 7.3epss 0.01
Improper link resolution before file access ('link following') in Windows Recovery Driver allows an authorized attacker to elevate privileges locally.
- risk 0.47cvss 7.3epss 0.01
Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally.
- risk 0.47cvss 7.2epss 0.01
Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.
- risk 0.47cvss 7.3epss 0.01
Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally.
- risk 0.47cvss 7.3epss 0.00
Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.
- risk 0.47cvss 7.3epss 0.00
Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.
- risk 0.47cvss 6.5epss 0.25
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
- risk 0.47cvss 7.3epss 0.01
Visual Studio Elevation of Privilege Vulnerability
- risk 0.47cvss 7.2epss 0.02
Microsoft SharePoint Server Remote Code Execution Vulnerability
- risk 0.47cvss 7.2epss 0.02
Windows Domain Name Service Remote Code Execution Vulnerability
- risk 0.47cvss 7.2epss 0.02
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
- risk 0.47cvss 7.2epss 0.01
Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability
- risk 0.47cvss 7.2epss 0.01
Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability
- risk 0.47cvss 7.1epss 0.06
Windows Kernel Elevation of Privilege Vulnerability
- risk 0.47cvss 7.2epss 0.02
Windows Kerberos Elevation of Privilege Vulnerability
- risk 0.47cvss 7.2epss 0.04
Microsoft SharePoint Server Remote Code Execution Vulnerability
- risk 0.47cvss 7.2epss 0.08
Microsoft SharePoint Server Remote Code Execution Vulnerability
- risk 0.47cvss 6.5epss 0.20
Microsoft Office Spoofing Vulnerability
- risk 0.47cvss 7.2epss 0.02
DHCP Server Service Remote Code Execution Vulnerability
- risk 0.47cvss 7.2epss 0.02
Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability
- risk 0.47cvss 7.2epss 0.02
Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability
- risk 0.47cvss 7.2epss 0.02
Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability
- risk 0.47cvss 6.5epss 0.55
Microsoft SharePoint Server Information Disclosure Vulnerability
- risk 0.47cvss 7.2epss 0.01
Windows Distributed File System (DFS) Remote Code Execution Vulnerability
- risk 0.47cvss 7.2epss 0.02
Microsoft Defender for IoT Elevation of Privilege Vulnerability
- risk 0.47cvss 7.2epss 0.02
Microsoft Defender for IoT Elevation of Privilege Vulnerability
- risk 0.47cvss 7.2epss 0.02
Windows DNS Server Remote Code Execution Vulnerability
- risk 0.47cvss 7.2epss 0.02
Windows DNS Server Remote Code Execution Vulnerability
- risk 0.47cvss 7.2epss 0.02
Windows DNS Server Remote Code Execution Vulnerability
- risk 0.47cvss 7.2epss 0.02
Windows DNS Server Remote Code Execution Vulnerability
- risk 0.47cvss 7.2epss 0.02
Windows DNS Server Remote Code Execution Vulnerability
- risk 0.47cvss 7.2epss 0.02
Windows DNS Server Remote Code Execution Vulnerability
- risk 0.47cvss 7.2epss 0.02
Windows DNS Server Remote Code Execution Vulnerability
- risk 0.47cvss 7.2epss 0.02
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
- risk 0.47cvss 7.2epss 0.02
DHCP Server Service Remote Code Execution Vulnerability
- risk 0.47cvss 7.2epss 0.02
DHCP Server Service Remote Code Execution Vulnerability
- risk 0.47cvss 7.2epss 0.02
Microsoft Defender for IoT Elevation of Privilege Vulnerability
- risk 0.47cvss 7.2epss 0.03
Microsoft Defender for IoT Remote Code Execution Vulnerability
- risk 0.47cvss 6.5epss 0.23
Windows Themes Spoofing Vulnerability
Page 128 of 287