Vendor CVEs
Microsoft
All CVEs
14,319 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-53728 | Med | 0.42 | 6.5 | 0.01 | Aug 12, 2025 | Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2025-53716 | Med | 0.42 | 6.5 | 0.01 | Aug 12, 2025 | Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to deny service over a network. | ||
| CVE-2025-50172 | Med | 0.42 | 6.5 | 0.01 | Aug 12, 2025 | Allocation of resources without limits or throttling in Windows DirectX allows an authorized attacker to deny service over a network. | ||
| CVE-2025-50166 | Med | 0.42 | 6.5 | 0.01 | Aug 12, 2025 | Integer overflow or wraparound in Windows Distributed Transaction Coordinator allows an authorized attacker to disclose information over a network. | ||
| CVE-2025-25005 | Med | 0.42 | 6.5 | 0.01 | Aug 12, 2025 | Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network. | ||
| CVE-2025-53774 | Med | 0.42 | 6.5 | 0.01 | Aug 7, 2025 | Microsoft 365 Copilot BizChat Information Disclosure Vulnerability | ||
| CVE-2025-47995 | Med | 0.42 | 6.5 | 0.01 | Jul 18, 2025 | Weak authentication in Azure Machine Learning allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2025-49681 | Med | 0.42 | 6.5 | 0.01 | Jul 8, 2025 | Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2025-49671 | Med | 0.42 | 6.5 | 0.01 | Jul 8, 2025 | Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2025-49670 | Med | 0.42 | 6.5 | 0.01 | Jul 8, 2025 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-48802 | Med | 0.42 | 6.5 | 0.01 | Jul 8, 2025 | Improper certificate validation in Windows SMB allows an authorized attacker to perform spoofing over a network. | ||
| CVE-2025-47978 | Med | 0.42 | 6.5 | 0.02 | Jul 8, 2025 | Out-of-bounds read in Windows Kerberos allows an authorized attacker to deny service over a network. | ||
| CVE-2025-33057 | Med | 0.42 | 6.5 | 0.01 | Jun 10, 2025 | Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to deny service over a network. | ||
| CVE-2025-32715 | Med | 0.42 | 6.5 | 0.01 | Jun 10, 2025 | Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2025-47827 | Med | 0.42 | 4.6 | 0.04 | KEV | Jun 5, 2025 | In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image. | |
| CVE-2025-29968 | Med | 0.42 | 6.5 | 0.02 | May 13, 2025 | Improper input validation in Active Directory Certificate Services (AD CS) allows an authorized attacker to deny service over a network. | ||
| CVE-2025-29961 | Med | 0.42 | 6.5 | 0.01 | May 13, 2025 | Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2025-29960 | Med | 0.42 | 6.5 | 0.01 | May 13, 2025 | Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2025-29959 | Med | 0.42 | 6.5 | 0.01 | May 13, 2025 | Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2025-29958 | Med | 0.42 | 6.5 | 0.01 | May 13, 2025 | Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2025-29836 | Med | 0.42 | 6.5 | 0.01 | May 13, 2025 | Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2025-29835 | Med | 0.42 | 6.5 | 0.01 | May 13, 2025 | Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2025-29832 | Med | 0.42 | 6.5 | 0.01 | May 13, 2025 | Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2025-29830 | Med | 0.42 | 6.5 | 0.01 | May 13, 2025 | Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2025-26685 | Med | 0.42 | 6.5 | 0.01 | May 13, 2025 | Improper authentication in Microsoft Defender for Identity allows an unauthorized attacker to perform spoofing over an adjacent network. | ||
| CVE-2025-29825 | Med | 0.42 | 6.5 | 0.01 | May 2, 2025 | User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | ||
| CVE-2025-27738 | Med | 0.42 | 6.5 | 0.03 | Apr 8, 2025 | Improper access control in Windows Resilient File System (ReFS) allows an authorized attacker to disclose information over a network. | ||
| CVE-2025-27474 | Med | 0.42 | 6.5 | 0.02 | Apr 8, 2025 | Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2025-26676 | Med | 0.42 | 6.5 | 0.01 | Apr 8, 2025 | Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2025-26672 | Med | 0.42 | 6.5 | 0.02 | Apr 8, 2025 | Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2025-26667 | Med | 0.42 | 6.5 | 0.02 | Apr 8, 2025 | Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2025-26664 | Med | 0.42 | 6.5 | 0.02 | Apr 8, 2025 | Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2025-26651 | Med | 0.42 | 6.5 | 0.02 | Apr 8, 2025 | Exposed dangerous method or function in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network. | ||
| CVE-2025-26635 | Med | 0.42 | 6.5 | 0.01 | Apr 8, 2025 | Weak authentication in Windows Hello allows an authorized attacker to bypass a security feature over a network. | ||
| CVE-2025-21203 | Med | 0.42 | 6.5 | 0.01 | Apr 8, 2025 | Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2025-21197 | Med | 0.42 | 6.5 | 0.03 | Apr 8, 2025 | Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the attacker doesn't have permission to list content. | ||
| CVE-2025-29806 | Med | 0.42 | 6.5 | 0.01 | Mar 23, 2025 | No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-24996 | Med | 0.42 | 6.5 | 0.01 | Mar 11, 2025 | External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network. | ||
| CVE-2025-24984 | Med | 0.42 | 4.6 | 0.02 | KEV | Mar 11, 2025 | Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack. | |
| CVE-2024-57972 | Med | 0.42 | 6.5 | 0.02 | Mar 6, 2025 | The pairing API request handler in Microsoft HoloLens 1 (Windows Holographic) through 10.0.17763.3046 and HoloLens 2 (Windows Holographic) through 10.0.22621.1244 allows remote attackers to cause a Denial of Service (resource consumption and device unusability) by sending many… | ||
| CVE-2025-25199 | Hig | 0.42 | 7.5 | 0.01 | Feb 12, 2025 | go-crypto-winnative Go crypto backend for Windows using Cryptography API: Next Generation (CNG). Prior to commit f49c8e1379ea4b147d5bff1b3be5b0ff45792e41, calls to `cng.TLS1PRF` don't release the key handle, producing a small memory leak every time. Commit… | ||
| CVE-2025-21352 | Med | 0.42 | 6.5 | 0.01 | Feb 11, 2025 | Internet Connection Sharing (ICS) Denial of Service Vulnerability | ||
| CVE-2025-21254 | Med | 0.42 | 6.5 | 0.01 | Feb 11, 2025 | Internet Connection Sharing (ICS) Denial of Service Vulnerability | ||
| CVE-2025-21216 | Med | 0.42 | 6.5 | 0.01 | Feb 11, 2025 | Internet Connection Sharing (ICS) Denial of Service Vulnerability | ||
| CVE-2025-21212 | Med | 0.42 | 6.5 | 0.01 | Feb 11, 2025 | Internet Connection Sharing (ICS) Denial of Service Vulnerability | ||
| CVE-2025-21283 | Med | 0.42 | 6.5 | 0.01 | Feb 6, 2025 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | ||
| CVE-2025-21279 | Med | 0.42 | 6.5 | 0.02 | Feb 6, 2025 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | ||
| CVE-2025-21185 | Med | 0.42 | 6.5 | 0.01 | Jan 17, 2025 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | ||
| CVE-2025-21403 | Med | 0.42 | 6.4 | 0.01 | Jan 14, 2025 | On-Premises Data Gateway Information Disclosure Vulnerability | ||
| CVE-2025-21314 | Med | 0.42 | 6.5 | 0.01 | Jan 14, 2025 | Windows SmartScreen Spoofing Vulnerability |
- risk 0.42cvss 6.5epss 0.01
Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network.
- risk 0.42cvss 6.5epss 0.01
Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to deny service over a network.
- risk 0.42cvss 6.5epss 0.01
Allocation of resources without limits or throttling in Windows DirectX allows an authorized attacker to deny service over a network.
- risk 0.42cvss 6.5epss 0.01
Integer overflow or wraparound in Windows Distributed Transaction Coordinator allows an authorized attacker to disclose information over a network.
- risk 0.42cvss 6.5epss 0.01
Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network.
- risk 0.42cvss 6.5epss 0.01
Microsoft 365 Copilot BizChat Information Disclosure Vulnerability
- risk 0.42cvss 6.5epss 0.01
Weak authentication in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.
- risk 0.42cvss 6.5epss 0.01
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
- risk 0.42cvss 6.5epss 0.01
Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
- risk 0.42cvss 6.5epss 0.01
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
- risk 0.42cvss 6.5epss 0.01
Improper certificate validation in Windows SMB allows an authorized attacker to perform spoofing over a network.
- risk 0.42cvss 6.5epss 0.02
Out-of-bounds read in Windows Kerberos allows an authorized attacker to deny service over a network.
- risk 0.42cvss 6.5epss 0.01
Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to deny service over a network.
- risk 0.42cvss 6.5epss 0.01
Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network.
- risk 0.42cvss 4.6epss 0.04
In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image.
- risk 0.42cvss 6.5epss 0.02
Improper input validation in Active Directory Certificate Services (AD CS) allows an authorized attacker to deny service over a network.
- risk 0.42cvss 6.5epss 0.01
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
- risk 0.42cvss 6.5epss 0.01
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
- risk 0.42cvss 6.5epss 0.01
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
- risk 0.42cvss 6.5epss 0.01
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
- risk 0.42cvss 6.5epss 0.01
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
- risk 0.42cvss 6.5epss 0.01
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
- risk 0.42cvss 6.5epss 0.01
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
- risk 0.42cvss 6.5epss 0.01
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
- risk 0.42cvss 6.5epss 0.01
Improper authentication in Microsoft Defender for Identity allows an unauthorized attacker to perform spoofing over an adjacent network.
- risk 0.42cvss 6.5epss 0.01
User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
- risk 0.42cvss 6.5epss 0.03
Improper access control in Windows Resilient File System (ReFS) allows an authorized attacker to disclose information over a network.
- risk 0.42cvss 6.5epss 0.02
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
- risk 0.42cvss 6.5epss 0.01
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
- risk 0.42cvss 6.5epss 0.02
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
- risk 0.42cvss 6.5epss 0.02
Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
- risk 0.42cvss 6.5epss 0.02
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
- risk 0.42cvss 6.5epss 0.02
Exposed dangerous method or function in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.
- risk 0.42cvss 6.5epss 0.01
Weak authentication in Windows Hello allows an authorized attacker to bypass a security feature over a network.
- risk 0.42cvss 6.5epss 0.01
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
- risk 0.42cvss 6.5epss 0.03
Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the attacker doesn't have permission to list content.
- risk 0.42cvss 6.5epss 0.01
No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
- risk 0.42cvss 6.5epss 0.01
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
- risk 0.42cvss 4.6epss 0.02
Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack.
- risk 0.42cvss 6.5epss 0.02
The pairing API request handler in Microsoft HoloLens 1 (Windows Holographic) through 10.0.17763.3046 and HoloLens 2 (Windows Holographic) through 10.0.22621.1244 allows remote attackers to cause a Denial of Service (resource consumption and device unusability) by sending many…
- risk 0.42cvss 7.5epss 0.01
go-crypto-winnative Go crypto backend for Windows using Cryptography API: Next Generation (CNG). Prior to commit f49c8e1379ea4b147d5bff1b3be5b0ff45792e41, calls to `cng.TLS1PRF` don't release the key handle, producing a small memory leak every time. Commit…
- risk 0.42cvss 6.5epss 0.01
Internet Connection Sharing (ICS) Denial of Service Vulnerability
- risk 0.42cvss 6.5epss 0.01
Internet Connection Sharing (ICS) Denial of Service Vulnerability
- risk 0.42cvss 6.5epss 0.01
Internet Connection Sharing (ICS) Denial of Service Vulnerability
- risk 0.42cvss 6.5epss 0.01
Internet Connection Sharing (ICS) Denial of Service Vulnerability
- risk 0.42cvss 6.5epss 0.01
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
- risk 0.42cvss 6.5epss 0.02
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
- risk 0.42cvss 6.5epss 0.01
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
- risk 0.42cvss 6.4epss 0.01
On-Premises Data Gateway Information Disclosure Vulnerability
- risk 0.42cvss 6.5epss 0.01
Windows SmartScreen Spoofing Vulnerability
Page 151 of 287