VYPR

Vendor CVEs

Microsoft

All CVEs

14,324 total · sorted by risk
  • CVE-2021-28325MedApr 13, 2021
    risk 0.47cvss 6.5epss 0.62

    Windows SMB Information Disclosure Vulnerability

  • CVE-2020-17117MedDec 10, 2020
    risk 0.47cvss 6.6epss 0.49

    Microsoft Exchange Remote Code Execution Vulnerability

  • CVE-2019-1252MedSep 11, 2019
    risk 0.47cvss 6.5epss 0.61

    An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1286.

  • CVE-2017-11823MedOct 13, 2017
    risk 0.47cvss 6.7epss 0.03

    The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Microsoft Windows Security Feature Bypass".

  • CVE-2017-8699HigSep 13, 2017
    risk 0.47cvss 7.0epss 0.21

    Windows Shell in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to run arbitrary code in the context of the current user, due to…

  • CVE-2017-8652MedAug 8, 2017
    risk 0.47cvss 6.5epss 0.23

    Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from…

  • CVE-2017-8588HigJul 11, 2017
    risk 0.47cvss 7.0epss 0.17

    Microsoft WordPad in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it parses specially…

  • CVE-2016-3319HigAug 9, 2016
    risk 0.47cvss 7.0epss 0.19

    The PDF library in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allows remote attackers to execute arbitrary code via a crafted PDF file, aka "Microsoft PDF Remote Code Execution Vulnerability."

  • CVE-2006-7031MedFeb 23, 2007
    risk 0.47cvss 6.5epss 0.19

    Microsoft Internet Explorer 6.0.2900 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a table element with a CSS attribute that sets the position, which triggers an "unhandled exception" in mshtml.dll.

  • CVE-1999-0012HigFeb 6, 1998
    risk 0.47cvss 7.0epss 0.18

    Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names.

  • CVE-2026-48569HigJun 9, 2026
    risk 0.46cvss 7.1epss 0.00

    Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.

  • CVE-2026-47288HigJun 9, 2026
    risk 0.46cvss 7.1epss 0.01

    Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network.

  • CVE-2026-45653HigJun 9, 2026
    risk 0.46cvss 7.0epss 0.00

    Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

  • CVE-2026-45649HigJun 9, 2026
    risk 0.46cvss 7.1epss 0.00

    Improper access control in Office for Android allows an unauthorized attacker to perform spoofing locally.

  • CVE-2026-45640HigJun 9, 2026
    risk 0.46cvss 7.0epss 0.00

    Use after free in Windows Bluetooth Port Driver allows an authorized attacker to elevate privileges locally.

  • CVE-2026-45603HigJun 9, 2026
    risk 0.46cvss 7.0epss 0.00

    Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

  • CVE-2026-45601HigJun 9, 2026
    risk 0.46cvss 7.0epss 0.00

    Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

  • CVE-2026-45598HigJun 9, 2026
    risk 0.46cvss 7.0epss 0.00

    Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

  • CVE-2026-45597HigJun 9, 2026
    risk 0.46cvss 7.0epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in UI Automation Manager (uiamanager.dll) allows an authorized attacker to elevate privileges locally.

  • CVE-2026-45596HigJun 9, 2026
    risk 0.46cvss 7.0epss 0.00

    Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

  • CVE-2026-44818HigJun 9, 2026
    risk 0.46cvss 7.0epss 0.00

    Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  • CVE-2026-42912HigJun 9, 2026
    risk 0.46cvss 7.0epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

  • CVE-2026-42911HigJun 9, 2026
    risk 0.46cvss 7.0epss 0.00

    Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

  • CVE-2026-42836HigJun 9, 2026
    risk 0.46cvss 7.0epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.

  • CVE-2026-41108HigJun 9, 2026
    risk 0.46cvss 7.0epss 0.00

    Heap-based buffer overflow in Microsoft Windows DNS allows an authorized attacker to elevate privileges locally.

  • CVE-2026-42825HigMay 12, 2026
    risk 0.46cvss 7.0epss 0.00

    Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

  • CVE-2026-41102HigMay 12, 2026
    risk 0.46cvss 7.1epss 0.00

    Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally.

  • CVE-2026-41101HigMay 12, 2026
    risk 0.46cvss 7.1epss 0.00

    Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.

  • CVE-2026-40410HigMay 12, 2026
    risk 0.46cvss 7.0epss 0.00

    Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally.

  • CVE-2026-40401HigMay 12, 2026
    risk 0.46cvss 7.1epss 0.00

    Windows TCP/IP Denial of Service Vulnerability

  • CVE-2026-35416HigMay 12, 2026
    risk 0.46cvss 7.0epss 0.02

    Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

  • CVE-2026-34347HigMay 12, 2026
    risk 0.46cvss 7.0epss 0.00

    Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

  • CVE-2026-34345HigMay 12, 2026
    risk 0.46cvss 7.0epss 0.00

    Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

  • CVE-2026-34342HigMay 12, 2026
    risk 0.46cvss 7.0epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.

  • CVE-2026-34341HigMay 12, 2026
    risk 0.46cvss 7.0epss 0.00

    Double free in Windows Link-Layer Discovery Protocol (LLDP) allows an authorized attacker to elevate privileges locally.

  • CVE-2026-34340HigMay 12, 2026
    risk 0.46cvss 7.0epss 0.00

    Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.

  • CVE-2026-34331HigMay 12, 2026
    risk 0.46cvss 7.0epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

  • CVE-2026-33839HigMay 12, 2026
    risk 0.46cvss 7.0epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

  • CVE-2026-33104HigApr 14, 2026
    risk 0.46cvss 7.0epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

  • CVE-2026-33100HigApr 14, 2026
    risk 0.46cvss 7.0epss 0.00

    Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

  • CVE-2026-33099HigApr 14, 2026
    risk 0.46cvss 7.0epss 0.00

    Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

  • CVE-2026-32224HigApr 14, 2026
    risk 0.46cvss 7.0epss 0.00

    Use after free in Windows Server Update Service allows an authorized attacker to elevate privileges locally.

  • CVE-2026-32219HigApr 14, 2026
    risk 0.46cvss 7.0epss 0.00

    Double free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.

  • CVE-2026-32195HigApr 14, 2026
    risk 0.46cvss 7.0epss 0.00

    Stack-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

  • CVE-2026-32188HigApr 14, 2026
    risk 0.46cvss 7.1epss 0.00

    Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

  • CVE-2026-32150HigApr 14, 2026
    risk 0.46cvss 7.0epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.

  • CVE-2026-32093HigApr 14, 2026
    risk 0.46cvss 7.0epss 0.01

    Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.

  • CVE-2026-32087HigApr 14, 2026
    risk 0.46cvss 7.0epss 0.00

    Heap-based buffer overflow in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.

  • CVE-2026-32086HigApr 14, 2026
    risk 0.46cvss 7.0epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.

  • CVE-2026-32083HigApr 14, 2026
    risk 0.46cvss 7.0epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

Page 130 of 287