VYPR

Vendor CVEs

Microsoft

All CVEs

14,324 total · sorted by risk
  • CVE-2013-1294HigApr 9, 2013
    risk 0.46cvss 7.0epss 0.01

    Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted…

  • CVE-2013-1275HigFeb 13, 2013
    risk 0.46cvss 7.0epss 0.01

    Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents…

  • CVE-2013-1265HigFeb 13, 2013
    risk 0.46cvss 7.0epss 0.01

    Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents…

  • CVE-2013-1253HigFeb 13, 2013
    risk 0.46cvss 7.0epss 0.01

    Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents…

  • CVE-2011-0096MedJan 31, 2011
    risk 0.46cvss 6.1epss 0.47

    The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document,…

  • CVE-2009-2516HigOct 14, 2009
    risk 0.46cvss 7.1epss 0.01

    The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gain privileges via a crafted PE .exe file that triggers a NULL pointer…

  • CVE-2026-47648HigJun 9, 2026
    risk 0.45cvss 7.0epss 0.00

    Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.

  • CVE-2026-47293HigJun 9, 2026
    risk 0.45cvss 7.0epss 0.00

    Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

  • CVE-2026-42984HigJun 9, 2026
    risk 0.45cvss 7.0epss 0.00

    Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

  • CVE-2026-34335HigJun 9, 2026
    risk 0.45cvss 7.0epss 0.00

    Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

  • CVE-2025-54364MedAug 20, 2025
    risk 0.45cvss epss 0.00

    Microsoft Knack 0.12.0 allows Regular expression Denial of Service (ReDoS) in the knack.introspection module. option_descriptions employs an inefficient regular expression pattern: "\s(:param)\s+(.+?)\s:(.*)" that is susceptible to catastrophic backtracking when processing…

  • CVE-2025-54363MedAug 20, 2025
    risk 0.45cvss epss 0.00

    Microsoft Knack 0.12.0 allows Regular expression Denial of Service (ReDoS) in the knack.introspection module. extract_full_summary_from_signature employs an inefficient regular expression pattern: "\s(:param)\s+(.+?)\s:(.*)" that is susceptible to catastrophic backtracking when…

  • CVE-2024-43612MedOct 8, 2024
    risk 0.45cvss 6.9epss 0.01

    Power BI Report Server Spoofing Vulnerability

  • CVE-2024-26185MedMar 12, 2024
    risk 0.45cvss 6.5epss 0.30

    Windows Compressed Folder Tampering Vulnerability

  • CVE-2024-21388MedJan 30, 2024
    risk 0.45cvss 6.5epss 0.32

    Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

  • CVE-2023-36413MedNov 14, 2023
    risk 0.45cvss 6.5epss 0.30

    Microsoft Office Security Feature Bypass Vulnerability

  • CVE-2022-37974MedOct 11, 2022
    risk 0.45cvss 6.5epss 0.36

    Windows Mixed Reality Developer Tools Information Disclosure Vulnerability

  • CVE-2022-24463MedMar 9, 2022
    risk 0.45cvss 6.5epss 0.32

    Microsoft Exchange Server Spoofing Vulnerability

  • CVE-2020-16988MedNov 11, 2020
    risk 0.45cvss 6.9epss 0.01

    Azure Sphere Elevation of Privilege Vulnerability

  • CVE-2020-1034MedSep 11, 2020
    risk 0.45cvss 6.8epss 0.04

    An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated…

  • CVE-2019-1310MedNov 12, 2019
    risk 0.45cvss 6.8epss 0.05

    A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0712,…

  • CVE-2019-1309MedNov 12, 2019
    risk 0.45cvss 6.8epss 0.05

    A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0712,…

  • CVE-2019-0712MedNov 12, 2019
    risk 0.45cvss 6.8epss 0.05

    A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1309,…

  • CVE-2019-1230MedOct 10, 2019
    risk 0.45cvss 6.8epss 0.05

    An information disclosure vulnerability exists when the Windows Hyper-V Network Switch on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Information Disclosure Vulnerability'.

  • CVE-2019-0678MedApr 9, 2019
    risk 0.45cvss 6.8epss 0.06

    An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.In a web-based attack scenario, an attacker could host a…

  • CVE-2018-8438MedSep 13, 2018
    risk 0.45cvss 6.8epss 0.07

    A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability." This affects Windows Server 2012 R2,…

  • CVE-2017-8623MedAug 8, 2017
    risk 0.45cvss 6.8epss 0.07

    Windows Hyper-V in Windows 10 1607, 1703, and Windows Server 2016 allows a denial of service vulnerability when it fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability".

  • CVE-2017-0234HigMay 12, 2017
    risk 0.45cvss 7.5epss 0.38

    A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229,…

  • CVE-2017-0038MedFeb 20, 2017
    risk 0.45cvss 5.5epss 0.82

    gdi32.dll in Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive…

  • CVE-2016-3198MedJun 16, 2016
    risk 0.45cvss 6.5epss 0.32

    Microsoft Edge allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted document, aka "Microsoft Edge Security Feature Bypass."

  • CVE-2010-0488MedMar 31, 2010
    risk 0.45cvss 6.5epss 0.29

    Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified "encoding strings," which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site, aka "Post Encoding Information Disclosure…

  • CVE-2009-2495MedJul 29, 2009
    risk 0.45cvss 6.5epss 0.34

    The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via…

  • CVE-2026-50507MedJun 9, 2026
    risk 0.44cvss 6.8epss 0.05

    Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

  • CVE-2026-45608MedJun 9, 2026
    risk 0.44cvss 6.8epss 0.00

    Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.

  • CVE-2026-45585MedMay 20, 2026
    risk 0.44cvss 6.8epss 0.01

    Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices. We are issuing this CVE to provide…

  • CVE-2026-41097MedMay 12, 2026
    risk 0.44cvss 6.7epss 0.01

    Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

  • CVE-2026-32170MedMay 12, 2026
    risk 0.44cvss 6.7epss 0.00

    Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally.

  • CVE-2026-32223MedApr 14, 2026
    risk 0.44cvss 6.8epss 0.01

    Heap-based buffer overflow in Windows USB Print Driver allows an unauthorized attacker to elevate privileges with a physical attack.

  • CVE-2026-32176MedApr 14, 2026
    risk 0.44cvss 6.7epss 0.00

    Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.

  • CVE-2026-32167MedApr 14, 2026
    risk 0.44cvss 6.7epss 0.00

    Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.

  • CVE-2026-0390MedApr 14, 2026
    risk 0.44cvss 6.7epss 0.00

    Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a security feature locally.

  • CVE-2026-34054HigMar 31, 2026
    risk 0.44cvss 7.8epss 0.01

    vcpkg is a free and open-source C/C++ package manager. Prior to version 3.6.1#3, vcpkg's Windows builds of OpenSSL set openssldir to a path on the build machine, making that path be attackable later on customer machines. This issue has been patched in version 3.6.1#3.

  • CVE-2026-22718MedJan 14, 2026
    risk 0.44cvss 6.8epss 0.01

    The VSCode extension for Spring CLI are vulnerable to command injection, resulting in command execution on the users machine.

  • CVE-2026-20925MedJan 13, 2026
    risk 0.44cvss 6.5epss 0.17

    External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2026-20876MedJan 13, 2026
    risk 0.44cvss 6.7epss 0.01

    Heap-based buffer overflow in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.

  • CVE-2026-20872MedJan 13, 2026
    risk 0.44cvss 6.5epss 0.19

    External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2025-62449MedNov 11, 2025
    risk 0.44cvss 6.8epss 0.00

    Improper limitation of a pathname to a restricted directory ('path traversal') in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to bypass a security feature locally.

  • CVE-2025-62214MedNov 11, 2025
    risk 0.44cvss 6.7epss 0.01

    Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code locally.

  • CVE-2025-47179MedNov 11, 2025
    risk 0.44cvss 6.7epss 0.00

    Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges locally.

  • CVE-2025-55320MedOct 14, 2025
    risk 0.44cvss 6.8epss 0.01

    Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to elevate privileges over an adjacent network.

Page 141 of 287