Vendor CVEs
Microsoft
All CVEs
14,318 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-47182 | Med | 0.36 | 5.6 | 0.00 | Jul 11, 2025 | Improper input validation in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally. | ||
| CVE-2025-49684 | Med | 0.36 | 5.5 | 0.00 | Jul 8, 2025 | Buffer over-read in Storage Port Driver allows an authorized attacker to disclose information locally. | ||
| CVE-2025-49664 | Med | 0.36 | 5.5 | 0.01 | Jul 8, 2025 | Exposure of sensitive information to an unauthorized actor in Windows User-Mode Driver Framework Host allows an authorized attacker to disclose information locally. | ||
| CVE-2025-49658 | Med | 0.36 | 5.5 | 0.00 | Jul 8, 2025 | Out-of-bounds read in Windows TDX.sys allows an authorized attacker to disclose information locally. | ||
| CVE-2025-48812 | Med | 0.36 | 5.5 | 0.01 | Jul 8, 2025 | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | ||
| CVE-2025-48810 | Med | 0.36 | 5.5 | 0.00 | Jul 8, 2025 | Processor optimization removal or modification of security-critical code in Windows Secure Kernel Mode allows an authorized attacker to disclose information locally. | ||
| CVE-2025-48809 | Med | 0.36 | 5.5 | 0.00 | Jul 8, 2025 | Processor optimization removal or modification of security-critical code in Windows Kernel allows an authorized attacker to disclose information locally. | ||
| CVE-2025-48808 | Med | 0.36 | 5.5 | 0.00 | Jul 8, 2025 | Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally. | ||
| CVE-2025-26636 | Med | 0.36 | 5.5 | 0.00 | Jul 8, 2025 | Processor optimization removal or modification of security-critical code in Windows Kernel allows an authorized attacker to disclose information locally. | ||
| CVE-2025-47956 | Med | 0.36 | 5.5 | 0.00 | Jun 10, 2025 | External control of file name or path in Windows Security App allows an authorized attacker to perform spoofing locally. | ||
| CVE-2025-33065 | Med | 0.36 | 5.5 | 0.01 | Jun 10, 2025 | Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. | ||
| CVE-2025-33063 | Med | 0.36 | 5.5 | 0.01 | Jun 10, 2025 | Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. | ||
| CVE-2025-33062 | Med | 0.36 | 5.5 | 0.01 | Jun 10, 2025 | Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. | ||
| CVE-2025-33061 | Med | 0.36 | 5.5 | 0.01 | Jun 10, 2025 | Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. | ||
| CVE-2025-33060 | Med | 0.36 | 5.5 | 0.01 | Jun 10, 2025 | Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. | ||
| CVE-2025-33059 | Med | 0.36 | 5.5 | 0.01 | Jun 10, 2025 | Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. | ||
| CVE-2025-33058 | Med | 0.36 | 5.5 | 0.01 | Jun 10, 2025 | Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. | ||
| CVE-2025-33055 | Med | 0.36 | 5.5 | 0.01 | Jun 10, 2025 | Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. | ||
| CVE-2025-33052 | Med | 0.36 | 5.5 | 0.01 | Jun 10, 2025 | Use of uninitialized resource in Windows DWM Core Library allows an authorized attacker to disclose information locally. | ||
| CVE-2025-32722 | Med | 0.36 | 5.5 | 0.01 | Jun 10, 2025 | Improper access control in Windows Storage Port Driver allows an authorized attacker to disclose information locally. | ||
| CVE-2025-32720 | Med | 0.36 | 5.5 | 0.01 | Jun 10, 2025 | Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. | ||
| CVE-2025-32719 | Med | 0.36 | 5.5 | 0.00 | Jun 10, 2025 | Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. | ||
| CVE-2025-24069 | Med | 0.36 | 5.5 | 0.01 | Jun 10, 2025 | Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. | ||
| CVE-2025-24068 | Med | 0.36 | 5.5 | 0.00 | Jun 10, 2025 | Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. | ||
| CVE-2025-24065 | Med | 0.36 | 5.5 | 0.01 | Jun 10, 2025 | Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. | ||
| CVE-2025-32703 | Med | 0.36 | 5.5 | 0.00 | May 13, 2025 | Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally. | ||
| CVE-2025-29837 | Med | 0.36 | 5.5 | 0.01 | May 13, 2025 | Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to disclose information locally. | ||
| CVE-2025-29829 | Med | 0.36 | 5.5 | 0.00 | May 13, 2025 | Use of uninitialized resource in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally. | ||
| CVE-2025-29821 | Med | 0.36 | 5.5 | 0.01 | Apr 8, 2025 | Improper input validation in Dynamics Business Central allows an authorized attacker to disclose information locally. | ||
| CVE-2025-29808 | Med | 0.36 | 5.5 | 0.00 | Apr 8, 2025 | Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally. | ||
| CVE-2025-27742 | Med | 0.36 | 5.5 | 0.01 | Apr 8, 2025 | Out-of-bounds read in Windows NTFS allows an unauthorized attacker to disclose information locally. | ||
| CVE-2025-27736 | Med | 0.36 | 5.5 | 0.01 | Apr 8, 2025 | Exposure of sensitive information to an unauthorized actor in Windows Power Dependency Coordinator allows an authorized attacker to disclose information locally. | ||
| CVE-2025-21953 | Med | 0.36 | 5.5 | 0.00 | Apr 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: mana: cleanup mana struct after debugfs_remove() When on a MANA VM hibernation is triggered, as part of hibernate_snapshot(), mana_gd_suspend() and mana_gd_resume() are called. If during this… | ||
| CVE-2025-24992 | Med | 0.36 | 5.5 | 0.01 | Mar 11, 2025 | Buffer over-read in Windows NTFS allows an unauthorized attacker to disclose information locally. | ||
| CVE-2025-21374 | Med | 0.36 | 5.5 | 0.01 | Jan 14, 2025 | Windows CSC Service Information Disclosure Vulnerability | ||
| CVE-2025-21340 | Med | 0.36 | 5.5 | 0.00 | Jan 14, 2025 | Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability | ||
| CVE-2025-21336 | Med | 0.36 | 5.6 | 0.01 | Jan 14, 2025 | Windows Cryptographic Information Disclosure Vulnerability | ||
| CVE-2025-21323 | Med | 0.36 | 5.5 | 0.01 | Jan 14, 2025 | Windows Kernel Memory Information Disclosure Vulnerability | ||
| CVE-2025-21321 | Med | 0.36 | 5.5 | 0.01 | Jan 14, 2025 | Windows Kernel Memory Information Disclosure Vulnerability | ||
| CVE-2025-21320 | Med | 0.36 | 5.5 | 0.01 | Jan 14, 2025 | Windows Kernel Memory Information Disclosure Vulnerability | ||
| CVE-2025-21319 | Med | 0.36 | 5.5 | 0.01 | Jan 14, 2025 | Windows Kernel Memory Information Disclosure Vulnerability | ||
| CVE-2025-21318 | Med | 0.36 | 5.5 | 0.01 | Jan 14, 2025 | Windows Kernel Memory Information Disclosure Vulnerability | ||
| CVE-2025-21317 | Med | 0.36 | 5.5 | 0.01 | Jan 14, 2025 | Windows Kernel Memory Information Disclosure Vulnerability | ||
| CVE-2025-21316 | Med | 0.36 | 5.5 | 0.01 | Jan 14, 2025 | Windows Kernel Memory Information Disclosure Vulnerability | ||
| CVE-2025-21284 | Med | 0.36 | 5.5 | 0.01 | Jan 14, 2025 | Windows Virtual Trusted Platform Module Denial of Service Vulnerability | ||
| CVE-2025-21280 | Med | 0.36 | 5.5 | 0.01 | Jan 14, 2025 | Windows Virtual Trusted Platform Module Denial of Service Vulnerability | ||
| CVE-2025-21274 | Med | 0.36 | 5.5 | 0.01 | Jan 14, 2025 | Windows Event Tracing Denial of Service Vulnerability | ||
| CVE-2025-21257 | Med | 0.36 | 5.5 | 0.01 | Jan 14, 2025 | Windows WLAN AutoConfig Service Information Disclosure Vulnerability | ||
| CVE-2024-49065 | Med | 0.36 | 5.5 | 0.01 | Dec 12, 2024 | Microsoft Office Remote Code Execution Vulnerability | ||
| CVE-2024-43614 | Med | 0.36 | 5.5 | 0.01 | Oct 8, 2024 | Relative path traversal in Microsoft Defender for Endpoint allows an authorized attacker to perform spoofing locally. |
- risk 0.36cvss 5.6epss 0.00
Improper input validation in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally.
- risk 0.36cvss 5.5epss 0.00
Buffer over-read in Storage Port Driver allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.01
Exposure of sensitive information to an unauthorized actor in Windows User-Mode Driver Framework Host allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.00
Out-of-bounds read in Windows TDX.sys allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.01
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.00
Processor optimization removal or modification of security-critical code in Windows Secure Kernel Mode allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.00
Processor optimization removal or modification of security-critical code in Windows Kernel allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.00
Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.00
Processor optimization removal or modification of security-critical code in Windows Kernel allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.00
External control of file name or path in Windows Security App allows an authorized attacker to perform spoofing locally.
- risk 0.36cvss 5.5epss 0.01
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.01
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.01
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.01
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.01
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.01
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.01
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.01
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.01
Use of uninitialized resource in Windows DWM Core Library allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.01
Improper access control in Windows Storage Port Driver allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.01
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.00
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.01
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.00
Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.01
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.00
Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.01
Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.00
Use of uninitialized resource in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.01
Improper input validation in Dynamics Business Central allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.00
Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.01
Out-of-bounds read in Windows NTFS allows an unauthorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.01
Exposure of sensitive information to an unauthorized actor in Windows Power Dependency Coordinator allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: net: mana: cleanup mana struct after debugfs_remove() When on a MANA VM hibernation is triggered, as part of hibernate_snapshot(), mana_gd_suspend() and mana_gd_resume() are called. If during this…
- risk 0.36cvss 5.5epss 0.01
Buffer over-read in Windows NTFS allows an unauthorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.01
Windows CSC Service Information Disclosure Vulnerability
- risk 0.36cvss 5.5epss 0.00
Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability
- risk 0.36cvss 5.6epss 0.01
Windows Cryptographic Information Disclosure Vulnerability
- risk 0.36cvss 5.5epss 0.01
Windows Kernel Memory Information Disclosure Vulnerability
- risk 0.36cvss 5.5epss 0.01
Windows Kernel Memory Information Disclosure Vulnerability
- risk 0.36cvss 5.5epss 0.01
Windows Kernel Memory Information Disclosure Vulnerability
- risk 0.36cvss 5.5epss 0.01
Windows Kernel Memory Information Disclosure Vulnerability
- risk 0.36cvss 5.5epss 0.01
Windows Kernel Memory Information Disclosure Vulnerability
- risk 0.36cvss 5.5epss 0.01
Windows Kernel Memory Information Disclosure Vulnerability
- risk 0.36cvss 5.5epss 0.01
Windows Kernel Memory Information Disclosure Vulnerability
- risk 0.36cvss 5.5epss 0.01
Windows Virtual Trusted Platform Module Denial of Service Vulnerability
- risk 0.36cvss 5.5epss 0.01
Windows Virtual Trusted Platform Module Denial of Service Vulnerability
- risk 0.36cvss 5.5epss 0.01
Windows Event Tracing Denial of Service Vulnerability
- risk 0.36cvss 5.5epss 0.01
Windows WLAN AutoConfig Service Information Disclosure Vulnerability
- risk 0.36cvss 5.5epss 0.01
Microsoft Office Remote Code Execution Vulnerability
- risk 0.36cvss 5.5epss 0.01
Relative path traversal in Microsoft Defender for Endpoint allows an authorized attacker to perform spoofing locally.
Page 167 of 287