VYPR

Vendor CVEs

Microsoft

All CVEs

14,319 total · sorted by risk
  • CVE-2023-36888MedJul 14, 2023
    risk 0.41cvss 6.3epss 0.01

    Microsoft Edge for Android (Chromium-based) Tampering Vulnerability

  • CVE-2023-33156MedJul 11, 2023
    risk 0.41cvss 6.3epss 0.00

    Microsoft Defender Elevation of Privilege Vulnerability

  • CVE-2022-26899MedJun 29, 2023
    risk 0.41cvss 6.3epss 0.01

    Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

  • CVE-2023-33132MedJun 14, 2023
    risk 0.41cvss 6.3epss 0.01

    Microsoft SharePoint Server Spoofing Vulnerability

  • CVE-2023-23389MedMar 14, 2023
    risk 0.41cvss 6.3epss 0.00

    Microsoft Defender Elevation of Privilege Vulnerability

  • CVE-2023-21725MedJan 10, 2023
    risk 0.41cvss 6.3epss 0.00

    Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability

  • CVE-2022-24480MedDec 13, 2022
    risk 0.41cvss 6.3epss 0.01

    Outlook for Android Elevation of Privilege Vulnerability

  • CVE-2022-23262MedFeb 7, 2022
    risk 0.41cvss 6.3epss 0.01

    Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

  • CVE-2022-21928MedJan 11, 2022
    risk 0.41cvss 6.3epss 0.01

    Windows Resilient File System (ReFS) Remote Code Execution Vulnerability

  • CVE-2021-40448MedSep 15, 2021
    risk 0.41cvss 6.3epss 0.03

    Microsoft Accessibility Insights for Android Information Disclosure Vulnerability

  • CVE-2021-36929MedAug 26, 2021
    risk 0.41cvss 6.3epss 0.03

    Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

  • CVE-2021-34500MedJul 14, 2021
    risk 0.41cvss 6.3epss 0.02

    Windows Kernel Memory Information Disclosure Vulnerability

  • CVE-2021-33755MedJul 14, 2021
    risk 0.41cvss 6.3epss 0.03

    Windows Hyper-V Denial of Service Vulnerability

  • CVE-2020-17085MedNov 11, 2020
    risk 0.41cvss 6.2epss 0.03

    Microsoft Exchange Server Denial of Service Vulnerability

  • CVE-2020-16910MedOct 16, 2020
    risk 0.41cvss 6.2epss 0.03

    A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to create files in a protected Unified Extensible Firmware Interface (UEFI) location. To exploit this vulnerability, an…

  • CVE-2020-1482MedSep 11, 2020
    risk 0.41cvss 6.3epss 0.02

    A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to…

  • CVE-2020-1440MedSep 11, 2020
    risk 0.41cvss 6.3epss 0.02

    A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data. An attacker who successfully exploited this vulnerability could modify a targeted user's profile data. To exploit the vulnerability, an attacker would need to be…

  • CVE-2019-3588MedJun 10, 2020
    risk 0.41cvss 6.3epss 0.00

    Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow unauthorized users to interact with the On-Access Scan Messages - Threat Alert Window when the Windows Login Screen is locked.

  • CVE-2019-16765HigNov 25, 2019
    risk 0.41cvss 7.4epss 0.05

    If an attacker can get a user to open a specially prepared directory tree as a workspace in Visual Studio Code with the CodeQL extension active, arbitrary code of the attacker's choosing may be executed on the user's behalf. This is fixed in version 1.0.1 of the extension. Users…

  • CVE-2019-0975MedJul 15, 2019
    risk 0.41cvss 6.3epss 0.02

    A security feature bypass vulnerability exists when Active Directory Federation Services (ADFS) improperly updates its list of banned IP addresses. To exploit this vulnerability, an attacker would have to convince a victim ADFS administrator to update the list of banned IP…

  • CVE-2019-1053MedJun 12, 2019
    risk 0.41cvss 6.3epss 0.01

    An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts. An attacker who successfully exploited the vulnerability could elevate privileges by escaping a sandbox. To exploit this vulnerability, an attacker would require…

  • CVE-2019-0986MedJun 12, 2019
    risk 0.41cvss 6.3epss 0.02

    An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. To exploit this vulnerability, an attacker…

  • CVE-2018-8533MedOct 10, 2018
    risk 0.41cvss 5.5epss 0.23

    An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing malicious XML content containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server…

  • CVE-2018-8532MedOct 10, 2018
    risk 0.41cvss 5.5epss 0.23

    An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XMLA file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server…

  • CVE-2018-8527MedOct 10, 2018
    risk 0.41cvss 5.5epss 0.23

    An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XEL file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server…

  • CVE-2018-0833MedFeb 15, 2018
    risk 0.41cvss 5.3epss 0.41

    The Microsoft Server Message Block 2.0 and 3.0 (SMBv2/SMBv3) client in Windows 8.1 and RT 8.1 and Windows Server 2012 R2 allows a denial of service vulnerability due to how specially crafted requests are handled, aka "SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability".

  • CVE-2017-0061MedMar 17, 2017
    risk 0.41cvss 5.3epss 0.43

    The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2, Windows Server 2008 SP2 and R2, and Windows 7 SP1 allows remote attackers to bypass ASLR and execute code in combination with another vulnerability through a crafted website, aka…

  • CVE-2017-0055MedMar 17, 2017
    risk 0.41cvss 6.1epss 0.16

    Microsoft Internet Information Server (IIS) in Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to perform cross-site…

  • CVE-2016-3302MedSep 14, 2016
    risk 0.41cvss 6.3epss 0.02

    Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607, when the lock screen is enabled, do not properly restrict the loading of web content, which allows physically proximate attackers to execute arbitrary code via a (1) crafted Wi-Fi…

  • CVE-2011-1252MedJun 16, 2011
    risk 0.41cvss 6.1epss 0.14

    Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2,…

  • CVE-2026-45500MedJun 9, 2026
    risk 0.40cvss 6.1epss 0.00

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2026-45491MedJun 9, 2026
    risk 0.40cvss 6.2epss 0.00

    Improper link resolution before file access ('link following') in .NET allows an unauthorized attacker to perform tampering locally.

  • CVE-2026-41614MedMay 12, 2026
    risk 0.40cvss 6.2epss 0.00

    Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally.

  • CVE-2026-40380MedMay 12, 2026
    risk 0.40cvss 6.2epss 0.00

    Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack.

  • CVE-2018-25275MedApr 26, 2026
    risk 0.40cvss 6.2epss 0.00

    Faleemi Plus 1.0.2 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input strings. Attackers can paste a 2000-byte payload into the Camera name and DID number fields during camera addition to trigger an…

  • CVE-2026-33822MedApr 14, 2026
    risk 0.40cvss 6.1epss 0.00

    Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

  • CVE-2026-32196MedApr 14, 2026
    risk 0.40cvss 6.1epss 0.00

    Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2026-32088MedApr 14, 2026
    risk 0.40cvss 6.1epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Biometric Service allows an unauthorized attacker to bypass a security feature with a physical attack.

  • CVE-2026-32072MedApr 14, 2026
    risk 0.40cvss 6.2epss 0.00

    Improper authentication in Windows Active Directory allows an unauthorized attacker to perform spoofing locally.

  • CVE-2026-26169MedApr 14, 2026
    risk 0.40cvss 6.1epss 0.02

    Buffer over-read in Windows Kernel Memory allows an authorized attacker to disclose information locally.

  • CVE-2025-9611HigJan 7, 2026
    risk 0.40cvss epss 0.01

    Microsoft Playwright MCP Server versions prior to 0.0.40 fails to validate the Origin header on incoming connections. This allows an attacker to perform a DNS rebinding attack via a victim’s web browser and send unauthorized requests to a locally running MCP server, resulting…

  • CVE-2025-59258MedOct 14, 2025
    risk 0.40cvss 6.2epss 0.01

    Insertion of sensitive information into log file in Active Directory Federation Services allows an unauthorized attacker to disclose information locally.

  • CVE-2025-55682MedOct 14, 2025
    risk 0.40cvss 6.1epss 0.00

    Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

  • CVE-2025-55338MedOct 14, 2025
    risk 0.40cvss 6.1epss 0.03

    Missing Ability to Patch ROM Code in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

  • CVE-2025-55337MedOct 14, 2025
    risk 0.40cvss 6.1epss 0.00

    Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

  • CVE-2025-55334MedOct 14, 2025
    risk 0.40cvss 6.2epss 0.00

    Cleartext storage of sensitive information in Windows Kernel allows an unauthorized attacker to bypass a security feature locally.

  • CVE-2025-55333MedOct 14, 2025
    risk 0.40cvss 6.1epss 0.01

    Incomplete comparison with missing factors in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

  • CVE-2025-55332MedOct 14, 2025
    risk 0.40cvss 6.1epss 0.01

    Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

  • CVE-2025-55330MedOct 14, 2025
    risk 0.40cvss 6.1epss 0.01

    Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

  • CVE-2025-47980MedJul 8, 2025
    risk 0.40cvss 6.2epss 0.01

    Exposure of sensitive information to an unauthorized actor in Windows Imaging Component allows an unauthorized attacker to disclose information locally.

Page 159 of 287