Vendor CVEs
Microsoft
All CVEs
14,319 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-30394 | Med | 0.40 | 5.9 | 0.21 | May 13, 2025 | Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network. | ||
| CVE-2025-29957 | Med | 0.40 | 6.2 | 0.01 | May 13, 2025 | Uncontrolled resource consumption in Windows Deployment Services allows an unauthorized attacker to deny service locally. | ||
| CVE-2025-29955 | Med | 0.40 | 6.2 | 0.00 | May 13, 2025 | Improper input validation in Windows Hyper-V allows an unauthorized attacker to deny service locally. | ||
| CVE-2025-29819 | Med | 0.40 | 6.2 | 0.01 | Apr 8, 2025 | External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized attacker to disclose information locally. | ||
| CVE-2025-21278 | Med | 0.40 | 6.2 | 0.01 | Jan 14, 2025 | Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | ||
| CVE-2025-21202 | Med | 0.40 | 6.1 | 0.01 | Jan 14, 2025 | Windows Recovery Environment Agent Elevation of Privilege Vulnerability | ||
| CVE-2024-38203 | Med | 0.40 | 6.2 | 0.01 | Nov 12, 2024 | Windows Package Library Manager Information Disclosure Vulnerability | ||
| CVE-2024-38208 | Med | 0.40 | 6.1 | 0.00 | Aug 22, 2024 | Microsoft Edge for Android Spoofing Vulnerability | ||
| CVE-2024-38156 | Med | 0.40 | 6.1 | 0.00 | Jul 19, 2024 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||
| CVE-2024-30059 | Med | 0.40 | 6.1 | 0.01 | May 14, 2024 | Microsoft Intune for Android Mobile Application Management Tampering Vulnerability | ||
| CVE-2024-29064 | Med | 0.40 | 6.2 | 0.01 | Apr 9, 2024 | Windows Hyper-V Denial of Service Vulnerability | ||
| CVE-2024-28917 | Med | 0.40 | 6.2 | 0.01 | Apr 9, 2024 | Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability | ||
| CVE-2024-20665 | Med | 0.40 | 6.1 | 0.01 | Apr 9, 2024 | BitLocker Security Feature Bypass Vulnerability | ||
| CVE-2024-0590 | Med | 0.40 | 6.1 | 0.01 | Feb 29, 2024 | The Microsoft Clarity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.3. This is due to missing nonce validation on the edit_clarity_project_id() function. This makes it possible for unauthenticated attackers to change… | ||
| CVE-2024-21316 | Med | 0.40 | 6.1 | 0.01 | Jan 9, 2024 | Windows Server Key Distribution Service Security Feature Bypass | ||
| CVE-2023-36558 | Med | 0.40 | 6.2 | 0.01 | Nov 14, 2023 | ASP.NET Core Security Feature Bypass Vulnerability | ||
| CVE-2023-38177 | Med | 0.40 | 6.1 | 0.03 | Nov 14, 2023 | Microsoft SharePoint Server Remote Code Execution Vulnerability | ||
| CVE-2023-36042 | Med | 0.40 | 6.2 | 0.01 | Nov 14, 2023 | Visual Studio Denial of Service Vulnerability | ||
| CVE-2023-36030 | Med | 0.40 | 6.1 | 0.01 | Nov 14, 2023 | Microsoft Dynamics 365 Sales Spoofing Vulnerability | ||
| CVE-2023-36016 | Med | 0.40 | 6.2 | 0.01 | Nov 14, 2023 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | ||
| CVE-2023-36416 | Med | 0.40 | 6.1 | 0.01 | Oct 10, 2023 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | ||
| CVE-2023-36727 | Med | 0.40 | 6.1 | 0.01 | Sep 15, 2023 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||
| CVE-2023-35391 | Med | 0.40 | 6.2 | 0.02 | Aug 8, 2023 | ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability | ||
| CVE-2023-35341 | Med | 0.40 | 6.2 | 0.01 | Jul 11, 2023 | Microsoft DirectMusic Information Disclosure Vulnerability | ||
| CVE-2021-34506 | Med | 0.40 | 6.1 | 0.02 | Jul 1, 2023 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | ||
| CVE-2023-29345 | Med | 0.40 | 6.1 | 0.01 | Jun 7, 2023 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | ||
| CVE-2023-28286 | Med | 0.40 | 6.1 | 0.01 | Apr 27, 2023 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | ||
| CVE-2023-24934 | Med | 0.40 | 6.2 | 0.01 | Apr 14, 2023 | Microsoft Defender Security Feature Bypass Vulnerability | ||
| CVE-2023-28314 | Med | 0.40 | 6.1 | 0.01 | Apr 11, 2023 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | ||
| CVE-2023-28313 | Med | 0.40 | 6.1 | 0.01 | Apr 11, 2023 | Microsoft Dynamics 365 Customer Voice Cross-Site Scripting Vulnerability | ||
| CVE-2023-28269 | Med | 0.40 | 6.2 | 0.01 | Apr 11, 2023 | Windows Boot Manager Security Feature Bypass Vulnerability | ||
| CVE-2023-28249 | Med | 0.40 | 6.2 | 0.01 | Apr 11, 2023 | Windows Boot Manager Security Feature Bypass Vulnerability | ||
| CVE-2023-24935 | Med | 0.40 | 6.1 | 0.01 | Apr 11, 2023 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||
| CVE-2023-21697 | Med | 0.40 | 6.2 | 0.01 | Feb 14, 2023 | Windows Internet Storage Name Service (iSNS) Server Information Disclosure Vulnerability | ||
| CVE-2022-37967 | Hig | 0.40 | 7.2 | 0.04 | Nov 9, 2022 | Windows Kerberos Elevation of Privilege Vulnerability | ||
| CVE-2022-35797 | Med | 0.40 | 6.1 | 0.01 | Aug 9, 2022 | Windows Hello Security Feature Bypass Vulnerability | ||
| CVE-2022-35776 | Med | 0.40 | 6.2 | 0.01 | Aug 9, 2022 | Azure Site Recovery Denial of Service Vulnerability | ||
| CVE-2022-22048 | Med | 0.40 | 6.1 | 0.01 | Jul 12, 2022 | BitLocker Security Feature Bypass Vulnerability | ||
| CVE-2022-24526 | Med | 0.40 | 6.1 | 0.02 | Mar 9, 2022 | Visual Studio Code Spoofing Vulnerability | ||
| CVE-2022-21970 | Med | 0.40 | 6.1 | 0.03 | Jan 11, 2022 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | ||
| CVE-2022-21954 | Med | 0.40 | 6.1 | 0.01 | Jan 11, 2022 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | ||
| CVE-2022-21839 | Med | 0.40 | 6.1 | 0.02 | Jan 11, 2022 | Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability | ||
| CVE-2021-41368 | Med | 0.40 | 6.1 | 0.04 | Nov 10, 2021 | Microsoft Access Remote Code Execution Vulnerability | ||
| CVE-2021-38657 | Med | 0.40 | 6.1 | 0.01 | Sep 15, 2021 | Microsoft Office Graphics Component Information Disclosure Vulnerability | ||
| CVE-2021-38642 | Med | 0.40 | 6.1 | 0.01 | Sep 2, 2021 | Microsoft Edge for iOS Spoofing Vulnerability | ||
| CVE-2021-38641 | Med | 0.40 | 6.1 | 0.01 | Sep 2, 2021 | Microsoft Edge for Android Spoofing Vulnerability | ||
| CVE-2021-26436 | Med | 0.40 | 6.1 | 0.02 | Sep 2, 2021 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | ||
| CVE-2021-33765 | Med | 0.40 | 6.2 | 0.01 | Jul 14, 2021 | Windows Installer Spoofing Vulnerability | ||
| CVE-2021-31961 | Med | 0.40 | 6.1 | 0.01 | Jul 14, 2021 | Windows InstallService Elevation of Privilege Vulnerability | ||
| CVE-2021-28461 | Med | 0.40 | 6.1 | 0.01 | May 11, 2021 | Dynamics Finance and Operations Cross-site Scripting Vulnerability |
- risk 0.40cvss 5.9epss 0.21
Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network.
- risk 0.40cvss 6.2epss 0.01
Uncontrolled resource consumption in Windows Deployment Services allows an unauthorized attacker to deny service locally.
- risk 0.40cvss 6.2epss 0.00
Improper input validation in Windows Hyper-V allows an unauthorized attacker to deny service locally.
- risk 0.40cvss 6.2epss 0.01
External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized attacker to disclose information locally.
- risk 0.40cvss 6.2epss 0.01
Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
- risk 0.40cvss 6.1epss 0.01
Windows Recovery Environment Agent Elevation of Privilege Vulnerability
- risk 0.40cvss 6.2epss 0.01
Windows Package Library Manager Information Disclosure Vulnerability
- risk 0.40cvss 6.1epss 0.00
Microsoft Edge for Android Spoofing Vulnerability
- risk 0.40cvss 6.1epss 0.00
Microsoft Edge (Chromium-based) Spoofing Vulnerability
- risk 0.40cvss 6.1epss 0.01
Microsoft Intune for Android Mobile Application Management Tampering Vulnerability
- risk 0.40cvss 6.2epss 0.01
Windows Hyper-V Denial of Service Vulnerability
- risk 0.40cvss 6.2epss 0.01
Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability
- risk 0.40cvss 6.1epss 0.01
BitLocker Security Feature Bypass Vulnerability
- risk 0.40cvss 6.1epss 0.01
The Microsoft Clarity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.3. This is due to missing nonce validation on the edit_clarity_project_id() function. This makes it possible for unauthenticated attackers to change…
- risk 0.40cvss 6.1epss 0.01
Windows Server Key Distribution Service Security Feature Bypass
- risk 0.40cvss 6.2epss 0.01
ASP.NET Core Security Feature Bypass Vulnerability
- risk 0.40cvss 6.1epss 0.03
Microsoft SharePoint Server Remote Code Execution Vulnerability
- risk 0.40cvss 6.2epss 0.01
Visual Studio Denial of Service Vulnerability
- risk 0.40cvss 6.1epss 0.01
Microsoft Dynamics 365 Sales Spoofing Vulnerability
- risk 0.40cvss 6.2epss 0.01
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
- risk 0.40cvss 6.1epss 0.01
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
- risk 0.40cvss 6.1epss 0.01
Microsoft Edge (Chromium-based) Spoofing Vulnerability
- risk 0.40cvss 6.2epss 0.02
ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability
- risk 0.40cvss 6.2epss 0.01
Microsoft DirectMusic Information Disclosure Vulnerability
- risk 0.40cvss 6.1epss 0.02
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
- risk 0.40cvss 6.1epss 0.01
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
- risk 0.40cvss 6.1epss 0.01
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
- risk 0.40cvss 6.2epss 0.01
Microsoft Defender Security Feature Bypass Vulnerability
- risk 0.40cvss 6.1epss 0.01
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
- risk 0.40cvss 6.1epss 0.01
Microsoft Dynamics 365 Customer Voice Cross-Site Scripting Vulnerability
- risk 0.40cvss 6.2epss 0.01
Windows Boot Manager Security Feature Bypass Vulnerability
- risk 0.40cvss 6.2epss 0.01
Windows Boot Manager Security Feature Bypass Vulnerability
- risk 0.40cvss 6.1epss 0.01
Microsoft Edge (Chromium-based) Spoofing Vulnerability
- risk 0.40cvss 6.2epss 0.01
Windows Internet Storage Name Service (iSNS) Server Information Disclosure Vulnerability
- risk 0.40cvss 7.2epss 0.04
Windows Kerberos Elevation of Privilege Vulnerability
- risk 0.40cvss 6.1epss 0.01
Windows Hello Security Feature Bypass Vulnerability
- risk 0.40cvss 6.2epss 0.01
Azure Site Recovery Denial of Service Vulnerability
- risk 0.40cvss 6.1epss 0.01
BitLocker Security Feature Bypass Vulnerability
- risk 0.40cvss 6.1epss 0.02
Visual Studio Code Spoofing Vulnerability
- risk 0.40cvss 6.1epss 0.03
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
- risk 0.40cvss 6.1epss 0.01
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
- risk 0.40cvss 6.1epss 0.02
Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability
- risk 0.40cvss 6.1epss 0.04
Microsoft Access Remote Code Execution Vulnerability
- risk 0.40cvss 6.1epss 0.01
Microsoft Office Graphics Component Information Disclosure Vulnerability
- risk 0.40cvss 6.1epss 0.01
Microsoft Edge for iOS Spoofing Vulnerability
- risk 0.40cvss 6.1epss 0.01
Microsoft Edge for Android Spoofing Vulnerability
- risk 0.40cvss 6.1epss 0.02
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
- risk 0.40cvss 6.2epss 0.01
Windows Installer Spoofing Vulnerability
- risk 0.40cvss 6.1epss 0.01
Windows InstallService Elevation of Privilege Vulnerability
- risk 0.40cvss 6.1epss 0.01
Dynamics Finance and Operations Cross-site Scripting Vulnerability
Page 160 of 287