Vendor CVEs
Microsoft
All CVEs
14,318 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-45465 | Med | 0.35 | 5.4 | 0.01 | Jun 9, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | ||
| CVE-2026-45464 | Med | 0.35 | 5.4 | 0.01 | Jun 9, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | ||
| CVE-2026-45453 | Med | 0.35 | 5.4 | 0.01 | Jun 9, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | ||
| CVE-2026-33113 | Med | 0.35 | 5.4 | 0.01 | Jun 9, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | ||
| CVE-2026-45494 | Med | 0.35 | 5.4 | 0.00 | May 18, 2026 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||
| CVE-2026-45492 | Med | 0.35 | 5.4 | 0.00 | May 18, 2026 | Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network. | ||
| CVE-2026-42838 | Med | 0.35 | 5.4 | 0.00 | May 12, 2026 | Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network. | ||
| CVE-2026-35423 | Med | 0.35 | 5.4 | 0.01 | May 12, 2026 | Out-of-bounds read in Telnet Client allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2026-33119 | Med | 0.35 | 5.4 | 0.00 | Apr 10, 2026 | User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | ||
| CVE-2026-34401 | Med | 0.35 | 6.5 | 0.01 | Mar 31, 2026 | XML Notepad is a Windows program that provides a simple intuitive User Interface for browsing and editing XML documents. Prior to version 2.9.0.21, XML Notepad does not disable DTD processing by default which means external entities are resolved automatically. There is a well… | ||
| CVE-2025-49745 | Med | 0.35 | 5.4 | 0.00 | Aug 12, 2025 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to perform spoofing over a network. | ||
| CVE-2025-25007 | Med | 0.35 | 5.3 | 0.01 | Aug 12, 2025 | Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | ||
| CVE-2025-25006 | Med | 0.35 | 5.3 | 0.01 | Aug 12, 2025 | Improper handling of additional special element in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | ||
| CVE-2025-7676 | Med | 0.35 | — | 0.00 | Jul 28, 2025 | DLL hijacking of all PE32 executables when run on Windows for ARM64 CPU architecture. This allows an attacker to execute code, if the attacker can plant a DLL in the same directory as the executable. Vulnerable versions of Windows 11 for ARM attempt to load Base DLLs that would… | ||
| CVE-2025-47964 | Med | 0.35 | 5.4 | 0.00 | Jul 11, 2025 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||
| CVE-2025-47160 | Med | 0.35 | 5.4 | 0.01 | Jun 10, 2025 | Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network. | ||
| CVE-2025-29956 | Med | 0.35 | 5.4 | 0.01 | May 13, 2025 | Buffer over-read in Windows SMB allows an authorized attacker to disclose information over a network. | ||
| CVE-2025-27472 | Med | 0.35 | 5.4 | 0.01 | Apr 8, 2025 | Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network. | ||
| CVE-2025-24986 | Med | 0.35 | 6.5 | 0.00 | Mar 11, 2025 | Improper isolation or compartmentalization in Azure PromptFlow allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-26643 | Med | 0.35 | 5.4 | 0.01 | Mar 7, 2025 | The UI performs the wrong action in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | ||
| CVE-2025-21259 | Med | 0.35 | 5.3 | 0.01 | Feb 11, 2025 | Microsoft Outlook Spoofing Vulnerability | ||
| CVE-2025-21253 | Med | 0.35 | 5.3 | 0.01 | Feb 6, 2025 | Microsoft Edge for IOS and Android Spoofing Vulnerability | ||
| CVE-2025-21262 | Med | 0.35 | 5.4 | 0.00 | Jan 24, 2025 | User Interface (UI) Misrepresentation of Critical Information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network | ||
| CVE-2024-49025 | Med | 0.35 | 5.4 | 0.01 | Nov 14, 2024 | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | ||
| CVE-2024-43580 | Med | 0.35 | 5.4 | 0.00 | Oct 17, 2024 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||
| CVE-2024-35270 | Med | 0.35 | 5.3 | 0.01 | Jul 9, 2024 | Windows iSCSI Service Denial of Service Vulnerability | ||
| CVE-2024-30058 | Med | 0.35 | 5.4 | 0.00 | Jun 13, 2024 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||
| CVE-2024-30057 | Med | 0.35 | 5.4 | 0.00 | Jun 13, 2024 | Microsoft Edge for iOS Spoofing Vulnerability | ||
| CVE-2024-30041 | Med | 0.35 | 5.4 | 0.01 | May 14, 2024 | Microsoft Bing Search Spoofing Vulnerability | ||
| CVE-2024-30055 | Med | 0.35 | 5.4 | 0.01 | May 14, 2024 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||
| CVE-2024-29986 | Med | 0.35 | 5.4 | 0.01 | Apr 18, 2024 | Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability | ||
| CVE-2024-21387 | Med | 0.35 | 5.3 | 0.01 | Jan 26, 2024 | Microsoft Edge for Android Spoofing Vulnerability | ||
| CVE-2024-21313 | Med | 0.35 | 5.3 | 0.01 | Jan 9, 2024 | Windows TCP/IP Information Disclosure Vulnerability | ||
| CVE-2023-36012 | Med | 0.35 | 5.3 | 0.02 | Dec 12, 2023 | DHCP Server Service Information Disclosure Vulnerability | ||
| CVE-2023-35619 | Med | 0.35 | 5.3 | 0.01 | Dec 12, 2023 | Microsoft Outlook for Mac Spoofing Vulnerability | ||
| CVE-2023-49283 | Med | 0.35 | 5.4 | 0.02 | Dec 5, 2023 | microsoft-graph-core the Microsoft Graph Library for PHP. The Microsoft Graph Beta PHP SDK published packages which contained test code that enabled the use of the phpInfo() function from any application that could access and execute the file at… | ||
| CVE-2023-49282 | Med | 0.35 | 5.4 | 0.02 | Dec 5, 2023 | msgraph-sdk-php is the Microsoft Graph Library for PHP. The Microsoft Graph PHP SDK published packages which contained test code that enabled the use of the phpInfo() function from any application that could access and execute the file at vendor/microsoft/microsoft-graph/tests/Ge… | ||
| CVE-2023-36801 | Med | 0.35 | 5.3 | 0.01 | Sep 12, 2023 | DHCP Server Service Information Disclosure Vulnerability | ||
| CVE-2023-35384 | Med | 0.35 | 5.4 | 0.02 | Aug 8, 2023 | Windows HTML Platforms Security Feature Bypass Vulnerability | ||
| CVE-2023-24896 | Med | 0.35 | 5.4 | 0.01 | Jul 14, 2023 | Dynamics 365 Finance Spoofing Vulnerability | ||
| CVE-2023-35373 | Med | 0.35 | 5.3 | 0.01 | Jul 11, 2023 | Mono Authenticode Validation Spoofing Vulnerability | ||
| CVE-2023-32052 | Med | 0.35 | 5.4 | 0.00 | Jul 11, 2023 | Microsoft Power Apps (online) Spoofing Vulnerability | ||
| CVE-2021-34475 | Med | 0.35 | 5.4 | 0.01 | Jul 1, 2023 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | ||
| CVE-2023-32013 | Med | 0.35 | 5.3 | 0.02 | Jun 14, 2023 | Windows Hyper-V Denial of Service Vulnerability | ||
| CVE-2023-29355 | Med | 0.35 | 5.3 | 0.01 | Jun 14, 2023 | DHCP Server Service Information Disclosure Vulnerability | ||
| CVE-2023-28290 | Med | 0.35 | 5.3 | 0.01 | May 9, 2023 | Microsoft Remote Desktop app for Windows Information Disclosure Vulnerability | ||
| CVE-2023-28226 | Med | 0.35 | 5.3 | 0.01 | Apr 11, 2023 | Windows Enroll Engine Security Feature Bypass Vulnerability | ||
| CVE-2023-24921 | Med | 0.35 | 5.4 | 0.01 | Mar 14, 2023 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | ||
| CVE-2023-24920 | Med | 0.35 | 5.4 | 0.00 | Mar 14, 2023 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | ||
| CVE-2023-24919 | Med | 0.35 | 5.4 | 0.01 | Mar 14, 2023 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
- risk 0.35cvss 5.4epss 0.01
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
- risk 0.35cvss 5.4epss 0.01
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
- risk 0.35cvss 5.4epss 0.01
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
- risk 0.35cvss 5.4epss 0.01
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
- risk 0.35cvss 5.4epss 0.00
Microsoft Edge (Chromium-based) Spoofing Vulnerability
- risk 0.35cvss 5.4epss 0.00
Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.
- risk 0.35cvss 5.4epss 0.00
Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network.
- risk 0.35cvss 5.4epss 0.01
Out-of-bounds read in Telnet Client allows an unauthorized attacker to disclose information over a network.
- risk 0.35cvss 5.4epss 0.00
User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
- risk 0.35cvss 6.5epss 0.01
XML Notepad is a Windows program that provides a simple intuitive User Interface for browsing and editing XML documents. Prior to version 2.9.0.21, XML Notepad does not disable DTD processing by default which means external entities are resolved automatically. There is a well…
- risk 0.35cvss 5.4epss 0.00
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to perform spoofing over a network.
- risk 0.35cvss 5.3epss 0.01
Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
- risk 0.35cvss 5.3epss 0.01
Improper handling of additional special element in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
- risk 0.35cvss —epss 0.00
DLL hijacking of all PE32 executables when run on Windows for ARM64 CPU architecture. This allows an attacker to execute code, if the attacker can plant a DLL in the same directory as the executable. Vulnerable versions of Windows 11 for ARM attempt to load Base DLLs that would…
- risk 0.35cvss 5.4epss 0.00
Microsoft Edge (Chromium-based) Spoofing Vulnerability
- risk 0.35cvss 5.4epss 0.01
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
- risk 0.35cvss 5.4epss 0.01
Buffer over-read in Windows SMB allows an authorized attacker to disclose information over a network.
- risk 0.35cvss 5.4epss 0.01
Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network.
- risk 0.35cvss 6.5epss 0.00
Improper isolation or compartmentalization in Azure PromptFlow allows an unauthorized attacker to execute code over a network.
- risk 0.35cvss 5.4epss 0.01
The UI performs the wrong action in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
- risk 0.35cvss 5.3epss 0.01
Microsoft Outlook Spoofing Vulnerability
- risk 0.35cvss 5.3epss 0.01
Microsoft Edge for IOS and Android Spoofing Vulnerability
- risk 0.35cvss 5.4epss 0.00
User Interface (UI) Misrepresentation of Critical Information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network
- risk 0.35cvss 5.4epss 0.01
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
- risk 0.35cvss 5.4epss 0.00
Microsoft Edge (Chromium-based) Spoofing Vulnerability
- risk 0.35cvss 5.3epss 0.01
Windows iSCSI Service Denial of Service Vulnerability
- risk 0.35cvss 5.4epss 0.00
Microsoft Edge (Chromium-based) Spoofing Vulnerability
- risk 0.35cvss 5.4epss 0.00
Microsoft Edge for iOS Spoofing Vulnerability
- risk 0.35cvss 5.4epss 0.01
Microsoft Bing Search Spoofing Vulnerability
- risk 0.35cvss 5.4epss 0.01
Microsoft Edge (Chromium-based) Spoofing Vulnerability
- risk 0.35cvss 5.4epss 0.01
Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability
- risk 0.35cvss 5.3epss 0.01
Microsoft Edge for Android Spoofing Vulnerability
- risk 0.35cvss 5.3epss 0.01
Windows TCP/IP Information Disclosure Vulnerability
- risk 0.35cvss 5.3epss 0.02
DHCP Server Service Information Disclosure Vulnerability
- risk 0.35cvss 5.3epss 0.01
Microsoft Outlook for Mac Spoofing Vulnerability
- risk 0.35cvss 5.4epss 0.02
microsoft-graph-core the Microsoft Graph Library for PHP. The Microsoft Graph Beta PHP SDK published packages which contained test code that enabled the use of the phpInfo() function from any application that could access and execute the file at…
- risk 0.35cvss 5.4epss 0.02
msgraph-sdk-php is the Microsoft Graph Library for PHP. The Microsoft Graph PHP SDK published packages which contained test code that enabled the use of the phpInfo() function from any application that could access and execute the file at vendor/microsoft/microsoft-graph/tests/Ge…
- risk 0.35cvss 5.3epss 0.01
DHCP Server Service Information Disclosure Vulnerability
- risk 0.35cvss 5.4epss 0.02
Windows HTML Platforms Security Feature Bypass Vulnerability
- risk 0.35cvss 5.4epss 0.01
Dynamics 365 Finance Spoofing Vulnerability
- risk 0.35cvss 5.3epss 0.01
Mono Authenticode Validation Spoofing Vulnerability
- risk 0.35cvss 5.4epss 0.00
Microsoft Power Apps (online) Spoofing Vulnerability
- risk 0.35cvss 5.4epss 0.01
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
- risk 0.35cvss 5.3epss 0.02
Windows Hyper-V Denial of Service Vulnerability
- risk 0.35cvss 5.3epss 0.01
DHCP Server Service Information Disclosure Vulnerability
- risk 0.35cvss 5.3epss 0.01
Microsoft Remote Desktop app for Windows Information Disclosure Vulnerability
- risk 0.35cvss 5.3epss 0.01
Windows Enroll Engine Security Feature Bypass Vulnerability
- risk 0.35cvss 5.4epss 0.01
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
- risk 0.35cvss 5.4epss 0.00
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
- risk 0.35cvss 5.4epss 0.01
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
Page 180 of 287