VYPR

Vendor CVEs

Microsoft

All CVEs

14,319 total · sorted by risk
  • CVE-2017-8758MedSep 13, 2017
    risk 0.40cvss 6.1epss 0.03

    Microsoft Exchange Server 2016 allows an elevation of privilege vulnerability when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability."

  • CVE-2017-8683MedSep 13, 2017
    risk 0.40cvss 5.5epss 0.19

    Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an attacker to execute remote code by the way it handles embedded…

  • CVE-2017-8642MedAug 8, 2017
    risk 0.40cvss 6.1epss 0.03

    Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to elevate privileges due to the way that Microsoft Edge validates JavaScript under specific conditions, aka "Microsoft Edge Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8503.

  • CVE-2017-8621MedJul 11, 2017
    risk 0.40cvss 6.1epss 0.03

    Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an open redirect vulnerability that could lead to spoofing, aka "Microsoft Exchange Open Redirect Vulnerability".

  • CVE-2017-8560MedJul 11, 2017
    risk 0.40cvss 6.1epss 0.03

    Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site…

  • CVE-2017-8559MedJul 11, 2017
    risk 0.40cvss 6.1epss 0.03

    Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site…

  • CVE-2017-8551MedJun 15, 2017
    risk 0.40cvss 6.1epss 0.03

    An elevation of privilege vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka "Microsoft SharePoint XSS vulnerability".

  • CVE-2017-8550MedJun 15, 2017
    risk 0.40cvss 5.4epss 0.22

    A remote code execution vulnerability exists in Skype for Business when the software fails to sanitize specially crafted content, aka "Skype for Business Remote Code Execution Vulnerability".

  • CVE-2017-8537MedMay 26, 2017
    risk 0.40cvss 5.5epss 0.17

    The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server…

  • CVE-2017-8536MedMay 26, 2017
    risk 0.40cvss 5.5epss 0.17

    The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server…

  • CVE-2017-8535MedMay 26, 2017
    risk 0.40cvss 5.5epss 0.17

    The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server…

  • CVE-2017-0211MedApr 12, 2017
    risk 0.40cvss 5.5epss 0.14

    An elevation of privilege vulnerability exists in Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 versions of Microsoft Windows OLE when it fails an integrity-level check, aka "Windows OLE Elevation of Privilege…

  • CVE-2017-0110MedMar 17, 2017
    risk 0.40cvss 6.1epss 0.07

    Cross-site scripting (XSS) vulnerability in Microsoft Exchange Outlook Web Access (OWA) allows remote attackers to inject arbitrary web script or HTML via a crafted email or chat client, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability."

  • CVE-2017-0107MedMar 17, 2017
    risk 0.40cvss 6.1epss 0.07

    Microsoft SharePoint Server fails to sanitize crafted web requests, allowing remote attackers to run cross-script in local security context, aka "Microsoft SharePoint XSS Vulnerability."

  • CVE-2017-0060MedMar 17, 2017
    risk 0.40cvss 5.5epss 0.16

    The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from…

  • CVE-2017-0016MedMar 17, 2017
    risk 0.40cvss 5.9epss 0.24

    Microsoft Windows 10 Gold, 1511, and 1607; Windows 8.1; Windows RT 8.1; Windows Server 2012 R2, and Windows Server 2016 do not properly handle certain requests in SMBv2 and SMBv3 packets, which allows remote attackers to execute arbitrary code via a crafted SMBv2 or SMBv3 packet…

  • CVE-2016-7282MedDec 20, 2016
    risk 0.40cvss 6.1epss 0.10

    Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability."

  • CVE-2016-7280MedDec 20, 2016
    risk 0.40cvss 6.1epss 0.09

    Cross-site scripting (XSS) vulnerability in Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Edge Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7206.

  • CVE-2016-7206MedDec 20, 2016
    risk 0.40cvss 6.1epss 0.12

    Cross-site scripting (XSS) vulnerability in Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Edge Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7280.

  • CVE-2016-7251MedNov 10, 2016
    risk 0.40cvss 6.1epss 0.08

    Cross-site scripting (XSS) vulnerability in the MDS API in Microsoft SQL Server 2016 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "MDS API XSS Vulnerability."

  • CVE-2016-7223MedNov 10, 2016
    risk 0.40cvss 6.1epss 0.01

    Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka…

  • CVE-2016-3388MedOct 14, 2016
    risk 0.40cvss 5.3epss 0.28

    Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain privileges via unspecified vectors, aka "Microsoft Browser Elevation of Privilege Vulnerability," a different vulnerability than…

  • CVE-2016-0070MedOct 14, 2016
    risk 0.40cvss 5.5epss 0.11

    The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call…

  • CVE-2016-3379MedSep 14, 2016
    risk 0.40cvss 6.1epss 0.08

    Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2016 Cumulative Update 1 and 2 allows remote attackers to inject arbitrary web script or HTML via a meeting-invitation request, aka "Microsoft Exchange Elevation of Privilege Vulnerability."

  • CVE-2016-3373MedSep 14, 2016
    risk 0.40cvss 5.5epss 0.17

    The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 does not properly implement registry access control, which allows local users to…

  • CVE-2016-3212MedJun 16, 2016
    risk 0.40cvss 6.1epss 0.10

    The XSS Filter in Microsoft Internet Explorer 9 through 11 does not properly identify JavaScript, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, aka "Internet Explorer XSS Filter Vulnerability."

  • CVE-2016-0039MedFeb 10, 2016
    risk 0.40cvss 6.1epss 0.07

    Cross-site scripting (XSS) vulnerability in SharePoint Server in Microsoft SharePoint Foundation 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability."

  • CVE-2016-0032MedJan 13, 2016
    risk 0.40cvss 6.1epss 0.08

    Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, 2013 Cumulative Update 11, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing…

  • CVE-2016-0031MedJan 13, 2016
    risk 0.40cvss 6.1epss 0.08

    Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability," a different vulnerability than CVE-2016-0029.

  • CVE-2016-0030MedJan 13, 2016
    risk 0.40cvss 6.1epss 0.08

    Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability."

  • CVE-2016-0029MedJan 13, 2016
    risk 0.40cvss 6.1epss 0.08

    Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability," a different vulnerability than CVE-2016-0031.

  • CVE-2015-6117MedJan 13, 2016
    risk 0.40cvss 6.1epss 0.07

    Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allow remote authenticated users to bypass intended Access Control Policy restrictions and conduct cross-site scripting (XSS) attacks by modifying a webpart, aka "Microsoft SharePoint Security Feature…

  • CVE-2012-1872MedJun 12, 2012
    risk 0.40cvss 6.1epss 0.06

    Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to inject arbitrary web script or HTML via crafted character sequences with EUC-JP encoding, aka "EUC-JP Character Encoding Vulnerability."

  • CVE-2010-0021MedFeb 10, 2010
    risk 0.40cvss 5.9epss 0.14

    Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2…

  • CVE-2007-2237MedJun 6, 2007
    risk 0.40cvss 5.5epss 0.15

    Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, which triggers a divide-by-zero error.

  • CVE-2026-44641HigMay 15, 2026
    risk 0.39cvss 7.1epss 0.00

    Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.8.12, Microsoft APM normalizes marketplace plugins by copying plugin components referenced in plugin.json into .apm/. The manifest fields agents, skills, commands, and hooks are…

  • CVE-2026-44503HigMay 14, 2026
    risk 0.39cvss epss 0.01

    The RedirectHandler middleware in microsoft/kiota-java (com.microsoft.kiota:microsoft-kiota-http-okHttp v1.9.0) and other Kiota libraries fails to strip sensitive HTTP headers when following 3xx redirects to a different host or scheme. Only the Authorization header is removed;…

  • CVE-2025-21195MedJul 8, 2025
    risk 0.39cvss 6.0epss 0.00

    Improper link resolution before file access ('link following') in Service Fabric allows an authorized attacker to elevate privileges locally.

  • CVE-2025-27735MedApr 8, 2025
    risk 0.39cvss 6.0epss 0.00

    Insufficient verification of data authenticity in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.

  • CVE-2025-21350MedFeb 11, 2025
    risk 0.39cvss 5.9epss 0.02

    Windows Kerberos Denial of Service Vulnerability

  • CVE-2025-21347MedFeb 11, 2025
    risk 0.39cvss 6.0epss 0.01

    Windows Deployment Services Denial of Service Vulnerability

  • CVE-2025-21188MedFeb 11, 2025
    risk 0.39cvss 6.0epss 0.01

    Azure Network Watcher VM Extension Elevation of Privilege Vulnerability

  • CVE-2024-20685MedApr 9, 2024
    risk 0.39cvss 5.9epss 0.06

    Azure Private 5G Core Denial of Service Vulnerability

  • CVE-2022-37985MedOct 11, 2022
    risk 0.39cvss 5.5epss 0.38

    Windows Graphics Component Information Disclosure Vulnerability

  • CVE-2022-34716MedAug 9, 2022
    risk 0.39cvss 5.9epss 0.02

    .NET Spoofing Vulnerability

  • CVE-2022-34709MedAug 9, 2022
    risk 0.39cvss 6.0epss 0.01

    Windows Defender Credential Guard Security Feature Bypass Vulnerability

  • CVE-2022-22028MedJul 12, 2022
    risk 0.39cvss 5.9epss 0.02

    Windows Network File System Information Disclosure Vulnerability

  • CVE-2022-24765MedApr 12, 2022
    risk 0.39cvss 6.0epss 0.01

    Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be…

  • CVE-2021-42300MedNov 10, 2021
    risk 0.39cvss 6.0epss 0.01

    Azure Sphere Tampering Vulnerability

  • CVE-2021-41355MedOct 13, 2021
    risk 0.39cvss 5.7epss 0.20

    .NET Core and Visual Studio Information Disclosure Vulnerability

Page 162 of 287