Vendor CVEs
Microsoft
All CVEs
14,318 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-26897 | Med | 0.32 | 4.9 | 0.02 | Apr 15, 2022 | Azure Site Recovery Information Disclosure Vulnerability | ||
| CVE-2022-26896 | Med | 0.32 | 4.9 | 0.02 | Apr 15, 2022 | Azure Site Recovery Information Disclosure Vulnerability | ||
| CVE-2022-23254 | Med | 0.32 | 4.9 | 0.03 | Feb 9, 2022 | Microsoft Power BI Information Disclosure Vulnerability | ||
| CVE-2021-41337 | Med | 0.32 | 4.9 | 0.02 | Oct 13, 2021 | Active Directory Security Feature Bypass Vulnerability | ||
| CVE-2020-1267 | Med | 0.32 | 4.9 | 0.05 | Jul 14, 2020 | This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request, aka 'Local Security Authority Subsystem Service Denial of Service Vulnerability'. | ||
| CVE-2019-1292 | Med | 0.32 | 4.9 | 0.05 | Sep 11, 2019 | A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. | ||
| CVE-2019-0962 | Med | 0.32 | 4.9 | 0.04 | Jul 15, 2019 | An elevation of privilege vulnerability exists in Azure Automation "RunAs account" runbooks for users with contributor role, aka 'Azure Automation Elevation of Privilege Vulnerability'. | ||
| CVE-2018-0891 | Med | 0.32 | 4.3 | 0.15 | Mar 14, 2018 | ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow… | ||
| CVE-2017-8644 | Med | 0.32 | 4.3 | 0.15 | Aug 8, 2017 | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from… | ||
| CVE-2017-0190 | Med | 0.32 | 4.4 | 0.43 | May 12, 2017 | The GDI component in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a… | ||
| CVE-2017-0027 | Med | 0.32 | 4.7 | 0.23 | Mar 17, 2017 | Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft… | ||
| CVE-2016-3320 | Med | 0.32 | 4.9 | 0.05 | Aug 9, 2016 | Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow attackers to bypass the Secure Boot protection mechanism by leveraging (1) administrative or (2) physical access to install a crafted boot manager, aka "Secure Boot… | ||
| CVE-2026-45460 | Med | 0.31 | 4.7 | 0.00 | Jun 9, 2026 | Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally. | ||
| CVE-2026-33829 | Med | 0.31 | 4.3 | 0.03 | Apr 14, 2026 | Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network. | ||
| CVE-2025-59501 | Med | 0.31 | 4.8 | 0.03 | Oct 31, 2025 | Authentication bypass by spoofing in Microsoft Configuration Manager allows an authorized attacker to perform spoofing over an adjacent network. | ||
| CVE-2025-58719 | Med | 0.31 | 4.7 | 0.00 | Oct 14, 2025 | Use after free in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-55248 | Med | 0.31 | 4.8 | 0.01 | Oct 14, 2025 | Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network. | ||
| CVE-2025-47967 | Med | 0.31 | 4.7 | 0.00 | Sep 16, 2025 | Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. | ||
| CVE-2025-54101 | Med | 0.31 | 4.8 | 0.02 | Sep 9, 2025 | Use after free in Windows SMBv3 Client allows an authorized attacker to execute code over a network. | ||
| CVE-2025-53791 | Med | 0.31 | 4.7 | 0.00 | Sep 5, 2025 | Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network. | ||
| CVE-2025-29796 | Med | 0.31 | 4.7 | 0.01 | Apr 4, 2025 | User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network. | ||
| CVE-2025-21179 | Med | 0.31 | 4.8 | 0.01 | Feb 11, 2025 | DHCP Client Service Denial of Service Vulnerability | ||
| CVE-2024-43456 | Med | 0.31 | 4.8 | 0.01 | Oct 8, 2024 | Windows Remote Desktop Services Tampering Vulnerability | ||
| CVE-2024-30071 | Med | 0.31 | 4.7 | 0.01 | Jul 9, 2024 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | ||
| CVE-2024-38082 | Med | 0.31 | 4.7 | 0.00 | Jun 20, 2024 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||
| CVE-2024-30069 | Med | 0.31 | 4.7 | 0.01 | Jun 11, 2024 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | ||
| CVE-2024-30052 | Med | 0.31 | 4.7 | 0.01 | Jun 11, 2024 | Visual Studio Remote Code Execution Vulnerability | ||
| CVE-2024-26247 | Med | 0.31 | 4.7 | 0.01 | Mar 22, 2024 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | ||
| CVE-2024-26163 | Med | 0.31 | 4.7 | 0.02 | Mar 14, 2024 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | ||
| CVE-2024-21423 | Med | 0.31 | 4.8 | 0.01 | Feb 23, 2024 | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | ||
| CVE-2024-20691 | Med | 0.31 | 4.7 | 0.01 | Jan 9, 2024 | Windows Themes Information Disclosure Vulnerability | ||
| CVE-2023-35625 | Med | 0.31 | 4.7 | 0.01 | Dec 12, 2023 | Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability | ||
| CVE-2023-36880 | Med | 0.31 | 4.8 | 0.02 | Dec 7, 2023 | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | ||
| CVE-2023-35392 | Med | 0.31 | 4.7 | 0.01 | Jul 21, 2023 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||
| CVE-2022-23264 | Med | 0.31 | 4.7 | 0.01 | Jun 29, 2023 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||
| CVE-2023-32019 | Med | 0.31 | 4.7 | 0.01 | Jun 14, 2023 | Windows Kernel Information Disclosure Vulnerability | ||
| CVE-2023-29354 | Med | 0.31 | 4.7 | 0.01 | May 5, 2023 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | ||
| CVE-2023-21766 | Med | 0.31 | 4.7 | 0.01 | Jan 10, 2023 | Windows Overlay Filter Information Disclosure Vulnerability | ||
| CVE-2023-21536 | Med | 0.31 | 4.7 | 0.00 | Jan 10, 2023 | Event Tracing for Windows Information Disclosure Vulnerability | ||
| CVE-2022-34704 | Med | 0.31 | 4.7 | 0.01 | Aug 9, 2022 | Windows Defender Credential Guard Information Disclosure Vulnerability | ||
| CVE-2022-21979 | Med | 0.31 | 4.8 | 0.02 | Aug 9, 2022 | Microsoft Exchange Server Information Disclosure Vulnerability | ||
| CVE-2022-33632 | Med | 0.31 | 4.7 | 0.01 | Jul 12, 2022 | Microsoft Office Security Feature Bypass Vulnerability | ||
| CVE-2022-30212 | Med | 0.31 | 4.7 | 0.00 | Jul 12, 2022 | Windows Connected Devices Platform Service Information Disclosure Vulnerability | ||
| CVE-2022-21845 | Med | 0.31 | 4.7 | 0.01 | Jul 12, 2022 | Windows Kernel Information Disclosure Vulnerability | ||
| CVE-2022-29116 | Med | 0.31 | 4.7 | 0.01 | May 10, 2022 | Windows Kernel Information Disclosure Vulnerability | ||
| CVE-2022-24502 | Med | 0.31 | 4.3 | 0.33 | Mar 9, 2022 | Windows HTML Platforms Security Feature Bypass Vulnerability | ||
| CVE-2022-21975 | Med | 0.31 | 4.7 | 0.00 | Mar 9, 2022 | Windows Hyper-V Denial of Service Vulnerability | ||
| CVE-2021-42319 | Med | 0.31 | 4.7 | 0.00 | Nov 10, 2021 | Visual Studio Elevation of Privilege Vulnerability | ||
| CVE-2021-41339 | Med | 0.31 | 4.7 | 0.00 | Oct 13, 2021 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | ||
| CVE-2021-33753 | Med | 0.31 | 4.7 | 0.01 | Jul 14, 2021 | Microsoft Bing Search Spoofing Vulnerability |
- risk 0.32cvss 4.9epss 0.02
Azure Site Recovery Information Disclosure Vulnerability
- risk 0.32cvss 4.9epss 0.02
Azure Site Recovery Information Disclosure Vulnerability
- risk 0.32cvss 4.9epss 0.03
Microsoft Power BI Information Disclosure Vulnerability
- risk 0.32cvss 4.9epss 0.02
Active Directory Security Feature Bypass Vulnerability
- risk 0.32cvss 4.9epss 0.05
This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request, aka 'Local Security Authority Subsystem Service Denial of Service Vulnerability'.
- risk 0.32cvss 4.9epss 0.05
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'.
- risk 0.32cvss 4.9epss 0.04
An elevation of privilege vulnerability exists in Azure Automation "RunAs account" runbooks for users with contributor role, aka 'Azure Automation Elevation of Privilege Vulnerability'.
- risk 0.32cvss 4.3epss 0.15
ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow…
- risk 0.32cvss 4.3epss 0.15
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from…
- risk 0.32cvss 4.4epss 0.43
The GDI component in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a…
- risk 0.32cvss 4.7epss 0.23
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft…
- risk 0.32cvss 4.9epss 0.05
Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow attackers to bypass the Secure Boot protection mechanism by leveraging (1) administrative or (2) physical access to install a crafted boot manager, aka "Secure Boot…
- risk 0.31cvss 4.7epss 0.00
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
- risk 0.31cvss 4.3epss 0.03
Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network.
- risk 0.31cvss 4.8epss 0.03
Authentication bypass by spoofing in Microsoft Configuration Manager allows an authorized attacker to perform spoofing over an adjacent network.
- risk 0.31cvss 4.7epss 0.00
Use after free in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.
- risk 0.31cvss 4.8epss 0.01
Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.
- risk 0.31cvss 4.7epss 0.00
Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
- risk 0.31cvss 4.8epss 0.02
Use after free in Windows SMBv3 Client allows an authorized attacker to execute code over a network.
- risk 0.31cvss 4.7epss 0.00
Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.
- risk 0.31cvss 4.7epss 0.01
User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network.
- risk 0.31cvss 4.8epss 0.01
DHCP Client Service Denial of Service Vulnerability
- risk 0.31cvss 4.8epss 0.01
Windows Remote Desktop Services Tampering Vulnerability
- risk 0.31cvss 4.7epss 0.01
Windows Remote Access Connection Manager Information Disclosure Vulnerability
- risk 0.31cvss 4.7epss 0.00
Microsoft Edge (Chromium-based) Spoofing Vulnerability
- risk 0.31cvss 4.7epss 0.01
Windows Remote Access Connection Manager Information Disclosure Vulnerability
- risk 0.31cvss 4.7epss 0.01
Visual Studio Remote Code Execution Vulnerability
- risk 0.31cvss 4.7epss 0.01
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
- risk 0.31cvss 4.7epss 0.02
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
- risk 0.31cvss 4.8epss 0.01
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
- risk 0.31cvss 4.7epss 0.01
Windows Themes Information Disclosure Vulnerability
- risk 0.31cvss 4.7epss 0.01
Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability
- risk 0.31cvss 4.8epss 0.02
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
- risk 0.31cvss 4.7epss 0.01
Microsoft Edge (Chromium-based) Spoofing Vulnerability
- risk 0.31cvss 4.7epss 0.01
Microsoft Edge (Chromium-based) Spoofing Vulnerability
- risk 0.31cvss 4.7epss 0.01
Windows Kernel Information Disclosure Vulnerability
- risk 0.31cvss 4.7epss 0.01
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
- risk 0.31cvss 4.7epss 0.01
Windows Overlay Filter Information Disclosure Vulnerability
- risk 0.31cvss 4.7epss 0.00
Event Tracing for Windows Information Disclosure Vulnerability
- risk 0.31cvss 4.7epss 0.01
Windows Defender Credential Guard Information Disclosure Vulnerability
- risk 0.31cvss 4.8epss 0.02
Microsoft Exchange Server Information Disclosure Vulnerability
- risk 0.31cvss 4.7epss 0.01
Microsoft Office Security Feature Bypass Vulnerability
- risk 0.31cvss 4.7epss 0.00
Windows Connected Devices Platform Service Information Disclosure Vulnerability
- risk 0.31cvss 4.7epss 0.01
Windows Kernel Information Disclosure Vulnerability
- risk 0.31cvss 4.7epss 0.01
Windows Kernel Information Disclosure Vulnerability
- risk 0.31cvss 4.3epss 0.33
Windows HTML Platforms Security Feature Bypass Vulnerability
- risk 0.31cvss 4.7epss 0.00
Windows Hyper-V Denial of Service Vulnerability
- risk 0.31cvss 4.7epss 0.00
Visual Studio Elevation of Privilege Vulnerability
- risk 0.31cvss 4.7epss 0.00
Microsoft DWM Core Library Elevation of Privilege Vulnerability
- risk 0.31cvss 4.7epss 0.01
Microsoft Bing Search Spoofing Vulnerability
Page 189 of 287