Vendor CVEs
Microsoft
All CVEs
14,318 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-8554 | Med | 0.31 | 4.7 | 0.02 | Jun 29, 2017 | The kernel in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an authenticated attacker to obtain memory contents via a specially… | ||
| CVE-2017-8553 | Med | 0.31 | 4.7 | 0.03 | Jun 15, 2017 | An information disclosure vulnerability exists in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows Server 2016 when the Windows kernel improperly handles objects in memory, aka "GDI Information Disclosure… | ||
| CVE-2017-0073 | Med | 0.31 | 4.3 | 0.33 | Mar 17, 2017 | The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from… | ||
| CVE-2017-0049 | Med | 0.31 | 4.3 | 0.39 | Mar 17, 2017 | The VBScript engine in Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability." This vulnerability is different from those described in… | ||
| CVE-2017-0011 | Med | 0.31 | 4.3 | 0.42 | Mar 17, 2017 | Microsoft Edge allows remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009, CVE-2017-0017, CVE-2017-0065, and CVE-2017-0068. | ||
| CVE-2017-0009 | Med | 0.31 | 4.3 | 0.40 | Mar 17, 2017 | Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0011,… | ||
| CVE-2017-0008 | Med | 0.31 | 4.3 | 0.37 | Mar 17, 2017 | Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009 and… | ||
| CVE-2016-7218 | Med | 0.31 | 4.7 | 0.03 | Nov 10, 2016 | Bowser.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive… | ||
| CVE-2016-3258 | Med | 0.31 | 4.7 | 0.01 | Jul 13, 2016 | Race condition in the kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to bypass the Low Integrity protection mechanism and write to files by leveraging unspecified object-manager features, aka… | ||
| CVE-2026-48562 | Med | 0.30 | 4.6 | 0.01 | Jun 9, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | ||
| CVE-2026-47641 | Med | 0.30 | 4.6 | 0.01 | Jun 9, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | ||
| CVE-2026-47640 | Med | 0.30 | 4.6 | 0.01 | Jun 9, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | ||
| CVE-2026-47638 | Med | 0.30 | 4.6 | 0.01 | Jun 9, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | ||
| CVE-2026-47637 | Med | 0.30 | 4.6 | 0.01 | Jun 9, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | ||
| CVE-2026-45483 | Med | 0.30 | 4.6 | 0.01 | Jun 9, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Project Server allows an authorized attacker to perform spoofing over a network. | ||
| CVE-2026-45479 | Med | 0.30 | 4.6 | 0.01 | Jun 9, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | ||
| CVE-2026-45468 | Med | 0.30 | 4.6 | 0.01 | Jun 9, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | ||
| CVE-2026-45467 | Med | 0.30 | 4.6 | 0.01 | Jun 9, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | ||
| CVE-2026-45462 | Med | 0.30 | 4.6 | 0.01 | Jun 9, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | ||
| CVE-2026-26175 | Med | 0.30 | 4.6 | 0.00 | Apr 14, 2026 | Use of uninitialized resource in Windows Boot Manager allows an unauthorized attacker to bypass a security feature with a physical attack. | ||
| CVE-2026-20945 | Med | 0.30 | 4.6 | 0.25 | Apr 14, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | ||
| CVE-2026-20928 | Med | 0.30 | 4.6 | 0.00 | Apr 14, 2026 | Improper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an unauthorized attacker to bypass a security feature with a physical attack. | ||
| CVE-2025-21215 | Med | 0.30 | 4.6 | 0.01 | Jan 14, 2025 | Secure Boot Security Feature Bypass Vulnerability | ||
| CVE-2025-21213 | Med | 0.30 | 4.6 | 0.01 | Jan 14, 2025 | Secure Boot Security Feature Bypass Vulnerability | ||
| CVE-2024-49087 | Med | 0.30 | 4.6 | 0.01 | Dec 12, 2024 | Windows Mobile Broadband Driver Information Disclosure Vulnerability | ||
| CVE-2024-21340 | Med | 0.30 | 4.6 | 0.01 | Feb 13, 2024 | Windows Kernel Information Disclosure Vulnerability | ||
| CVE-2023-36769 | Med | 0.30 | 4.6 | 0.00 | Nov 6, 2023 | Microsoft OneNote Spoofing Vulnerability | ||
| CVE-2023-35394 | Med | 0.30 | 4.6 | 0.01 | Aug 8, 2023 | Azure HDInsight Jupyter Notebook Spoofing Vulnerability | ||
| CVE-2022-41099 | Med | 0.30 | 4.6 | 0.04 | Nov 9, 2022 | BitLocker Security Feature Bypass Vulnerability | ||
| CVE-2022-21905 | Med | 0.30 | 4.6 | 0.01 | Jan 11, 2022 | Windows Hyper-V Security Feature Bypass Vulnerability | ||
| CVE-2022-21900 | Med | 0.30 | 4.6 | 0.01 | Jan 11, 2022 | Windows Hyper-V Security Feature Bypass Vulnerability | ||
| CVE-2021-26439 | Med | 0.30 | 4.6 | 0.02 | Sep 2, 2021 | Microsoft Edge for Android Information Disclosure Vulnerability | ||
| CVE-2021-26418 | Med | 0.30 | 4.6 | 0.01 | May 11, 2021 | Microsoft SharePoint Server Spoofing Vulnerability | ||
| CVE-2021-24104 | Med | 0.30 | 4.6 | 0.01 | Mar 11, 2021 | Microsoft SharePoint Server Spoofing Vulnerability | ||
| CVE-2021-1717 | Med | 0.30 | 4.6 | 0.02 | Jan 12, 2021 | Microsoft SharePoint Server Spoofing Vulnerability | ||
| CVE-2021-1641 | Med | 0.30 | 4.6 | 0.02 | Jan 12, 2021 | Microsoft SharePoint Server Spoofing Vulnerability | ||
| CVE-2020-1205 | Med | 0.30 | 4.6 | 0.02 | Sep 11, 2020 | A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected… | ||
| CVE-2020-0943 | Med | 0.30 | 4.6 | 0.01 | Apr 15, 2020 | An authentication bypass vulnerability exists in Microsoft YourPhoneCompanion application for Android, in the way the application processes notifications generated by work profiles.This could allow an unauthenticated attacker to view notifications, aka 'Microsoft YourPhone… | ||
| CVE-2019-1460 | Med | 0.30 | 4.6 | 0.01 | Jan 24, 2020 | A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages, aka 'Outlook for Android Spoofing Vulnerability'. | ||
| CVE-2019-1368 | Med | 0.30 | 4.6 | 0.01 | Oct 10, 2019 | A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality, aka 'Windows Secure Boot Security Feature Bypass Vulnerability'. | ||
| CVE-2019-1294 | Med | 0.30 | 4.6 | 0.01 | Sep 11, 2019 | A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality, aka 'Windows Secure Boot Security Feature Bypass Vulnerability'. | ||
| CVE-2019-0622 | Med | 0.30 | 4.6 | 0.02 | Jan 8, 2019 | An elevation of privilege vulnerability exists when Skype for Andriod fails to properly handle specific authentication requests, aka "Skype for Android Elevation of Privilege Vulnerability." This affects Skype 8.35. | ||
| CVE-2018-8566 | Med | 0.30 | 4.6 | 0.01 | Nov 14, 2018 | A security feature bypass vulnerability exists when Windows improperly suspends BitLocker Device Encryption, aka "BitLocker Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. | ||
| CVE-2018-8253 | Med | 0.30 | 4.6 | 0.02 | Aug 15, 2018 | An elevation of privilege vulnerability exists when Microsoft Cortana allows arbitrary website browsing on the lockscreen, aka "Microsoft Cortana Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10. | ||
| CVE-2017-0140 | Med | 0.30 | 4.2 | 0.29 | Mar 17, 2017 | Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0066 and CVE-2017-0135. | ||
| CVE-2017-0066 | Med | 0.30 | 4.2 | 0.30 | Mar 17, 2017 | Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0135 and CVE-2017-0140. | ||
| CVE-2017-0065 | Med | 0.30 | 4.3 | 0.27 | Mar 17, 2017 | Microsoft Edge allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009, CVE-2017-0011, CVE-2017-0017,… | ||
| CVE-2016-0059 | Med | 0.30 | 4.3 | 0.24 | Feb 10, 2016 | The Hyperlink Object Library in Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted URL in a (1) e-mail message or (2) Office document, aka "Internet Explorer Information Disclosure Vulnerability." | ||
| CVE-2016-0005 | Med | 0.30 | 4.3 | 0.28 | Jan 13, 2016 | Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability." | ||
| CVE-2007-5460 | Med | 0.30 | 4.6 | 0.02 | Oct 15, 2007 | Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained… |
- risk 0.31cvss 4.7epss 0.02
The kernel in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an authenticated attacker to obtain memory contents via a specially…
- risk 0.31cvss 4.7epss 0.03
An information disclosure vulnerability exists in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows Server 2016 when the Windows kernel improperly handles objects in memory, aka "GDI Information Disclosure…
- risk 0.31cvss 4.3epss 0.33
The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from…
- risk 0.31cvss 4.3epss 0.39
The VBScript engine in Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability." This vulnerability is different from those described in…
- risk 0.31cvss 4.3epss 0.42
Microsoft Edge allows remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009, CVE-2017-0017, CVE-2017-0065, and CVE-2017-0068.
- risk 0.31cvss 4.3epss 0.40
Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0011,…
- risk 0.31cvss 4.3epss 0.37
Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009 and…
- risk 0.31cvss 4.7epss 0.03
Bowser.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive…
- risk 0.31cvss 4.7epss 0.01
Race condition in the kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to bypass the Low Integrity protection mechanism and write to files by leveraging unspecified object-manager features, aka…
- risk 0.30cvss 4.6epss 0.01
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
- risk 0.30cvss 4.6epss 0.01
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
- risk 0.30cvss 4.6epss 0.01
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
- risk 0.30cvss 4.6epss 0.01
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
- risk 0.30cvss 4.6epss 0.01
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
- risk 0.30cvss 4.6epss 0.01
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Project Server allows an authorized attacker to perform spoofing over a network.
- risk 0.30cvss 4.6epss 0.01
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
- risk 0.30cvss 4.6epss 0.01
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
- risk 0.30cvss 4.6epss 0.01
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
- risk 0.30cvss 4.6epss 0.01
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
- risk 0.30cvss 4.6epss 0.00
Use of uninitialized resource in Windows Boot Manager allows an unauthorized attacker to bypass a security feature with a physical attack.
- risk 0.30cvss 4.6epss 0.25
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
- risk 0.30cvss 4.6epss 0.00
Improper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an unauthorized attacker to bypass a security feature with a physical attack.
- risk 0.30cvss 4.6epss 0.01
Secure Boot Security Feature Bypass Vulnerability
- risk 0.30cvss 4.6epss 0.01
Secure Boot Security Feature Bypass Vulnerability
- risk 0.30cvss 4.6epss 0.01
Windows Mobile Broadband Driver Information Disclosure Vulnerability
- risk 0.30cvss 4.6epss 0.01
Windows Kernel Information Disclosure Vulnerability
- risk 0.30cvss 4.6epss 0.00
Microsoft OneNote Spoofing Vulnerability
- risk 0.30cvss 4.6epss 0.01
Azure HDInsight Jupyter Notebook Spoofing Vulnerability
- risk 0.30cvss 4.6epss 0.04
BitLocker Security Feature Bypass Vulnerability
- risk 0.30cvss 4.6epss 0.01
Windows Hyper-V Security Feature Bypass Vulnerability
- risk 0.30cvss 4.6epss 0.01
Windows Hyper-V Security Feature Bypass Vulnerability
- risk 0.30cvss 4.6epss 0.02
Microsoft Edge for Android Information Disclosure Vulnerability
- risk 0.30cvss 4.6epss 0.01
Microsoft SharePoint Server Spoofing Vulnerability
- risk 0.30cvss 4.6epss 0.01
Microsoft SharePoint Server Spoofing Vulnerability
- risk 0.30cvss 4.6epss 0.02
Microsoft SharePoint Server Spoofing Vulnerability
- risk 0.30cvss 4.6epss 0.02
Microsoft SharePoint Server Spoofing Vulnerability
- risk 0.30cvss 4.6epss 0.02
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected…
- risk 0.30cvss 4.6epss 0.01
An authentication bypass vulnerability exists in Microsoft YourPhoneCompanion application for Android, in the way the application processes notifications generated by work profiles.This could allow an unauthenticated attacker to view notifications, aka 'Microsoft YourPhone…
- risk 0.30cvss 4.6epss 0.01
A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages, aka 'Outlook for Android Spoofing Vulnerability'.
- risk 0.30cvss 4.6epss 0.01
A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality, aka 'Windows Secure Boot Security Feature Bypass Vulnerability'.
- risk 0.30cvss 4.6epss 0.01
A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality, aka 'Windows Secure Boot Security Feature Bypass Vulnerability'.
- risk 0.30cvss 4.6epss 0.02
An elevation of privilege vulnerability exists when Skype for Andriod fails to properly handle specific authentication requests, aka "Skype for Android Elevation of Privilege Vulnerability." This affects Skype 8.35.
- risk 0.30cvss 4.6epss 0.01
A security feature bypass vulnerability exists when Windows improperly suspends BitLocker Device Encryption, aka "BitLocker Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers.
- risk 0.30cvss 4.6epss 0.02
An elevation of privilege vulnerability exists when Microsoft Cortana allows arbitrary website browsing on the lockscreen, aka "Microsoft Cortana Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10.
- risk 0.30cvss 4.2epss 0.29
Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0066 and CVE-2017-0135.
- risk 0.30cvss 4.2epss 0.30
Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0135 and CVE-2017-0140.
- risk 0.30cvss 4.3epss 0.27
Microsoft Edge allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009, CVE-2017-0011, CVE-2017-0017,…
- risk 0.30cvss 4.3epss 0.24
The Hyperlink Object Library in Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted URL in a (1) e-mail message or (2) Office document, aka "Internet Explorer Information Disclosure Vulnerability."
- risk 0.30cvss 4.3epss 0.28
Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability."
- risk 0.30cvss 4.6epss 0.02
Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained…
Page 191 of 287