Vendor CVEs
Microsoft
All CVEs
14,324 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-28325 | Med | 0.47 | 6.5 | 0.62 | Apr 13, 2021 | Windows SMB Information Disclosure Vulnerability | ||
| CVE-2020-17117 | Med | 0.47 | 6.6 | 0.49 | Dec 10, 2020 | Microsoft Exchange Remote Code Execution Vulnerability | ||
| CVE-2019-1252 | Med | 0.47 | 6.5 | 0.61 | Sep 11, 2019 | An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1286. | ||
| CVE-2017-11823 | Med | 0.47 | 6.7 | 0.03 | Oct 13, 2017 | The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Microsoft Windows Security Feature Bypass". | ||
| CVE-2017-8699 | Hig | 0.47 | 7.0 | 0.21 | Sep 13, 2017 | Windows Shell in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to run arbitrary code in the context of the current user, due to… | ||
| CVE-2017-8652 | Med | 0.47 | 6.5 | 0.23 | Aug 8, 2017 | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from… | ||
| CVE-2017-8588 | Hig | 0.47 | 7.0 | 0.17 | Jul 11, 2017 | Microsoft WordPad in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it parses specially… | ||
| CVE-2016-3319 | Hig | 0.47 | 7.0 | 0.19 | Aug 9, 2016 | The PDF library in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allows remote attackers to execute arbitrary code via a crafted PDF file, aka "Microsoft PDF Remote Code Execution Vulnerability." | ||
| CVE-2006-7031 | Med | 0.47 | 6.5 | 0.19 | Feb 23, 2007 | Microsoft Internet Explorer 6.0.2900 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a table element with a CSS attribute that sets the position, which triggers an "unhandled exception" in mshtml.dll. | ||
| CVE-1999-0012 | Hig | 0.47 | 7.0 | 0.18 | Feb 6, 1998 | Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names. | ||
| CVE-2026-48569 | Hig | 0.46 | 7.1 | 0.00 | Jun 9, 2026 | Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally. | ||
| CVE-2026-47288 | Hig | 0.46 | 7.1 | 0.01 | Jun 9, 2026 | Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network. | ||
| CVE-2026-45653 | Hig | 0.46 | 7.0 | 0.00 | Jun 9, 2026 | Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-45649 | Hig | 0.46 | 7.1 | 0.00 | Jun 9, 2026 | Improper access control in Office for Android allows an unauthorized attacker to perform spoofing locally. | ||
| CVE-2026-45640 | Hig | 0.46 | 7.0 | 0.00 | Jun 9, 2026 | Use after free in Windows Bluetooth Port Driver allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-45603 | Hig | 0.46 | 7.0 | 0.00 | Jun 9, 2026 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-45601 | Hig | 0.46 | 7.0 | 0.00 | Jun 9, 2026 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-45598 | Hig | 0.46 | 7.0 | 0.00 | Jun 9, 2026 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-45597 | Hig | 0.46 | 7.0 | 0.00 | Jun 9, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in UI Automation Manager (uiamanager.dll) allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-45596 | Hig | 0.46 | 7.0 | 0.00 | Jun 9, 2026 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-44818 | Hig | 0.46 | 7.0 | 0.00 | Jun 9, 2026 | Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-42912 | Hig | 0.46 | 7.0 | 0.00 | Jun 9, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Telephony Service allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-42911 | Hig | 0.46 | 7.0 | 0.00 | Jun 9, 2026 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-42836 | Hig | 0.46 | 7.0 | 0.00 | Jun 9, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-41108 | Hig | 0.46 | 7.0 | 0.00 | Jun 9, 2026 | Heap-based buffer overflow in Microsoft Windows DNS allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-42825 | Hig | 0.46 | 7.0 | 0.00 | May 12, 2026 | Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-41102 | Hig | 0.46 | 7.1 | 0.00 | May 12, 2026 | Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally. | ||
| CVE-2026-41101 | Hig | 0.46 | 7.1 | 0.00 | May 12, 2026 | Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally. | ||
| CVE-2026-40410 | Hig | 0.46 | 7.0 | 0.00 | May 12, 2026 | Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-40401 | Hig | 0.46 | 7.1 | 0.00 | May 12, 2026 | Windows TCP/IP Denial of Service Vulnerability | ||
| CVE-2026-35416 | Hig | 0.46 | 7.0 | 0.02 | May 12, 2026 | Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-34347 | Hig | 0.46 | 7.0 | 0.00 | May 12, 2026 | Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-34345 | Hig | 0.46 | 7.0 | 0.00 | May 12, 2026 | Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-34342 | Hig | 0.46 | 7.0 | 0.00 | May 12, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-34341 | Hig | 0.46 | 7.0 | 0.00 | May 12, 2026 | Double free in Windows Link-Layer Discovery Protocol (LLDP) allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-34340 | Hig | 0.46 | 7.0 | 0.00 | May 12, 2026 | Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-34331 | Hig | 0.46 | 7.0 | 0.00 | May 12, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-33839 | Hig | 0.46 | 7.0 | 0.00 | May 12, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-33104 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-33100 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-33099 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-32224 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Use after free in Windows Server Update Service allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-32219 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Double free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-32195 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Stack-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-32188 | Hig | 0.46 | 7.1 | 0.00 | Apr 14, 2026 | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | ||
| CVE-2026-32150 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-32093 | Hig | 0.46 | 7.0 | 0.01 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-32087 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Heap-based buffer overflow in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-32086 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-32083 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally. |
- risk 0.47cvss 6.5epss 0.62
Windows SMB Information Disclosure Vulnerability
- risk 0.47cvss 6.6epss 0.49
Microsoft Exchange Remote Code Execution Vulnerability
- risk 0.47cvss 6.5epss 0.61
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1286.
- risk 0.47cvss 6.7epss 0.03
The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Microsoft Windows Security Feature Bypass".
- risk 0.47cvss 7.0epss 0.21
Windows Shell in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to run arbitrary code in the context of the current user, due to…
- risk 0.47cvss 6.5epss 0.23
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from…
- risk 0.47cvss 7.0epss 0.17
Microsoft WordPad in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it parses specially…
- risk 0.47cvss 7.0epss 0.19
The PDF library in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allows remote attackers to execute arbitrary code via a crafted PDF file, aka "Microsoft PDF Remote Code Execution Vulnerability."
- risk 0.47cvss 6.5epss 0.19
Microsoft Internet Explorer 6.0.2900 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a table element with a CSS attribute that sets the position, which triggers an "unhandled exception" in mshtml.dll.
- risk 0.47cvss 7.0epss 0.18
Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names.
- risk 0.46cvss 7.1epss 0.00
Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
- risk 0.46cvss 7.1epss 0.01
Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.1epss 0.00
Improper access control in Office for Android allows an unauthorized attacker to perform spoofing locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Bluetooth Port Driver allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in UI Automation Manager (uiamanager.dll) allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Heap-based buffer overflow in Microsoft Windows DNS allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.1epss 0.00
Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally.
- risk 0.46cvss 7.1epss 0.00
Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.1epss 0.00
Windows TCP/IP Denial of Service Vulnerability
- risk 0.46cvss 7.0epss 0.02
Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Double free in Windows Link-Layer Discovery Protocol (LLDP) allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Server Update Service allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Double free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Stack-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.1epss 0.00
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
- risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.01
Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Heap-based buffer overflow in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
Page 130 of 287