Vendor CVEs
Microsoft
All CVEs
14,318 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-46383 | Med | 0.29 | 5.5 | 0.01 | May 15, 2026 | Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.13.0, Microsoft APM contains a Windows-specific archive extraction boundary failure in the legacy-bundle probe used by apm install on supported Python 3.10 and 3.11 runtimes.… | ||
| CVE-2026-32209 | Med | 0.29 | 4.4 | 0.00 | May 12, 2026 | Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally. | ||
| CVE-2026-32220 | Med | 0.29 | 4.4 | 0.00 | Apr 14, 2026 | Improper access control in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally. | ||
| CVE-2026-27906 | Med | 0.29 | 4.4 | 0.00 | Apr 14, 2026 | Improper input validation in Windows Hello allows an authorized attacker to bypass a security feature locally. | ||
| CVE-2025-53765 | Med | 0.29 | 4.4 | 0.00 | Aug 12, 2025 | Exposure of private personal information to an unauthorized actor in Azure Stack allows an authorized attacker to disclose information locally. | ||
| CVE-2025-47969 | Med | 0.29 | 4.4 | 0.01 | Jun 10, 2025 | Exposure of sensitive information to an unauthorized actor in Windows Hello allows an authorized attacker to disclose information locally. | ||
| CVE-2025-24997 | Med | 0.29 | 4.4 | 0.01 | Mar 11, 2025 | Null pointer dereference in Windows Kernel Memory allows an authorized attacker to deny service locally. | ||
| CVE-2025-21401 | Med | 0.29 | 4.5 | 0.00 | Feb 15, 2025 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | ||
| CVE-2025-21267 | Med | 0.29 | 4.4 | 0.01 | Feb 6, 2025 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||
| CVE-2024-38123 | Med | 0.29 | 4.4 | 0.01 | Aug 13, 2024 | Windows Bluetooth Driver Information Disclosure Vulnerability | ||
| CVE-2024-35255 | Med | 0.29 | 5.5 | 0.01 | Jun 11, 2024 | Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability | ||
| CVE-2024-35253 | Med | 0.29 | 4.4 | 0.01 | Jun 11, 2024 | Microsoft Azure File Sync Elevation of Privilege Vulnerability | ||
| CVE-2024-21305 | Med | 0.29 | 4.4 | 0.01 | Jan 9, 2024 | Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability | ||
| CVE-2023-36722 | Med | 0.29 | 4.4 | 0.01 | Oct 10, 2023 | Active Directory Domain Services Information Disclosure Vulnerability | ||
| CVE-2023-36698 | Med | 0.29 | 4.4 | 0.00 | Oct 10, 2023 | Windows Kernel Security Feature Bypass Vulnerability | ||
| CVE-2023-36736 | Med | 0.29 | 4.4 | 0.02 | Sep 12, 2023 | Microsoft Identity Linux Broker Remote Code Execution Vulnerability | ||
| CVE-2023-38188 | Med | 0.29 | 4.5 | 0.01 | Aug 8, 2023 | Azure Apache Hadoop Spoofing Vulnerability | ||
| CVE-2023-36881 | Med | 0.29 | 4.5 | 0.01 | Aug 8, 2023 | Azure Apache Ambari Spoofing Vulnerability | ||
| CVE-2023-36877 | Med | 0.29 | 4.5 | 0.01 | Aug 8, 2023 | Azure Apache Oozie Spoofing Vulnerability | ||
| CVE-2023-35393 | Med | 0.29 | 4.5 | 0.01 | Aug 8, 2023 | Azure Apache Hive Spoofing Vulnerability | ||
| CVE-2023-28276 | Med | 0.29 | 4.4 | 0.00 | Apr 11, 2023 | Windows Group Policy Security Feature Bypass Vulnerability | ||
| CVE-2022-41066 | Med | 0.29 | 4.4 | 0.01 | Nov 9, 2022 | Microsoft Business Central Information Disclosure Vulnerability | ||
| CVE-2022-35821 | Med | 0.29 | 4.4 | 0.01 | Aug 9, 2022 | Azure Sphere Information Disclosure Vulnerability | ||
| CVE-2022-35783 | Med | 0.29 | 4.4 | 0.01 | Aug 9, 2022 | Azure Site Recovery Elevation of Privilege Vulnerability | ||
| CVE-2022-22010 | Med | 0.29 | 4.4 | 0.02 | Mar 9, 2022 | Media Foundation Information Disclosure Vulnerability | ||
| CVE-2022-21921 | Med | 0.29 | 4.4 | 0.01 | Jan 11, 2022 | Windows Defender Credential Guard Security Feature Bypass Vulnerability | ||
| CVE-2022-21894 | Med | 0.29 | 4.4 | 0.07 | Jan 11, 2022 | Secure Boot Security Feature Bypass Vulnerability | ||
| CVE-2021-41375 | Med | 0.29 | 4.4 | 0.01 | Nov 10, 2021 | Azure Sphere Information Disclosure Vulnerability | ||
| CVE-2021-41371 | Med | 0.29 | 4.4 | 0.01 | Nov 10, 2021 | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | ||
| CVE-2021-38631 | Med | 0.29 | 4.4 | 0.02 | Nov 10, 2021 | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | ||
| CVE-2021-36956 | Med | 0.29 | 4.4 | 0.01 | Sep 15, 2021 | Azure Sphere Information Disclosure Vulnerability | ||
| CVE-2021-36931 | Med | 0.29 | 4.4 | 0.01 | Aug 26, 2021 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | ||
| CVE-2021-26428 | Med | 0.29 | 4.4 | 0.01 | Aug 12, 2021 | Azure Sphere Information Disclosure Vulnerability | ||
| CVE-2021-28447 | Med | 0.29 | 4.4 | 0.02 | Apr 13, 2021 | Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability | ||
| CVE-2021-27094 | Med | 0.29 | 4.4 | 0.01 | Apr 13, 2021 | Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability | ||
| CVE-2020-1592 | Med | 0.29 | 4.4 | 0.01 | Sep 11, 2020 | An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this… | ||
| CVE-2020-1589 | Med | 0.29 | 4.4 | 0.01 | Sep 11, 2020 | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an… | ||
| CVE-2020-1444 | Med | 0.29 | 4.3 | 0.09 | Jul 14, 2020 | A remote code execution vulnerability exists in the way Microsoft SharePoint software parses specially crafted email messages, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. | ||
| CVE-2020-0621 | Med | 0.29 | 4.4 | 0.01 | Jan 14, 2020 | A security feature bypass vulnerability exists in Windows 10 when third party filters are called during a password update, aka 'Windows Security Feature Bypass Vulnerability'. | ||
| CVE-2019-1481 | Med | 0.29 | 4.3 | 0.12 | Dec 10, 2019 | An information disclosure vulnerability exists in Windows Media Player when it fails to properly handle objects in memory, aka 'Windows Media Player Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1480. | ||
| CVE-2019-1202 | Med | 0.29 | 4.4 | 0.02 | Aug 14, 2019 | An information disclosure vulnerability exists in the way Microsoft SharePoint handles session objects. An authenticated attacker who successfully exploited the vulnerability could hijack the session of another user. To exploit this vulnerability, the attacker could run a… | ||
| CVE-2019-0941 | Med | 0.29 | 4.4 | 0.03 | Jun 12, 2019 | A denial of service exists in Microsoft IIS Server when the optional request filtering feature improperly handles requests. An attacker who successfully exploited this vulnerability could perform a temporary denial of service against pages configured to use request filtering. To… | ||
| CVE-2019-0839 | Med | 0.29 | 4.4 | 0.02 | Apr 9, 2019 | An information disclosure vulnerability exists when the Terminal Services component improperly discloses the contents of its memory, aka 'Windows Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0838. | ||
| CVE-2018-8324 | Med | 0.29 | 4.3 | 0.09 | Jul 11, 2018 | An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8289, CVE-2018-8297, CVE-2018-8325. | ||
| CVE-2018-8297 | Med | 0.29 | 4.3 | 0.09 | Jul 11, 2018 | An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8289, CVE-2018-8324, CVE-2018-8325. | ||
| CVE-2018-8289 | Med | 0.29 | 4.3 | 0.09 | Jul 11, 2018 | An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8297, CVE-2018-8324, CVE-2018-8325. | ||
| CVE-2018-8201 | Med | 0.29 | 4.5 | 0.02 | Jun 14, 2018 | A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10,… | ||
| CVE-2018-8151 | Med | 0.29 | 4.3 | 0.08 | May 9, 2018 | An information disclosure vulnerability exists when Microsoft Exchange improperly handles objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server. This CVE ID is unique from CVE-2018-8154. | ||
| CVE-2018-0766 | Med | 0.29 | 4.3 | 0.08 | Jan 4, 2018 | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the Microsoft Edge PDF Reader handles objects in memory, aka "Microsoft Edge Information… | ||
| CVE-2017-11848 | Med | 0.29 | 4.3 | 0.07 | Nov 15, 2017 | Internet Explorer in Microsoft Microsoft Windows 7 SP1, Windows Server 2008 SP2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to detect the navigation… |
- risk 0.29cvss 5.5epss 0.01
Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.13.0, Microsoft APM contains a Windows-specific archive extraction boundary failure in the legacy-bundle probe used by apm install on supported Python 3.10 and 3.11 runtimes.…
- risk 0.29cvss 4.4epss 0.00
Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally.
- risk 0.29cvss 4.4epss 0.00
Improper access control in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.
- risk 0.29cvss 4.4epss 0.00
Improper input validation in Windows Hello allows an authorized attacker to bypass a security feature locally.
- risk 0.29cvss 4.4epss 0.00
Exposure of private personal information to an unauthorized actor in Azure Stack allows an authorized attacker to disclose information locally.
- risk 0.29cvss 4.4epss 0.01
Exposure of sensitive information to an unauthorized actor in Windows Hello allows an authorized attacker to disclose information locally.
- risk 0.29cvss 4.4epss 0.01
Null pointer dereference in Windows Kernel Memory allows an authorized attacker to deny service locally.
- risk 0.29cvss 4.5epss 0.00
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
- risk 0.29cvss 4.4epss 0.01
Microsoft Edge (Chromium-based) Spoofing Vulnerability
- risk 0.29cvss 4.4epss 0.01
Windows Bluetooth Driver Information Disclosure Vulnerability
- risk 0.29cvss 5.5epss 0.01
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
- risk 0.29cvss 4.4epss 0.01
Microsoft Azure File Sync Elevation of Privilege Vulnerability
- risk 0.29cvss 4.4epss 0.01
Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability
- risk 0.29cvss 4.4epss 0.01
Active Directory Domain Services Information Disclosure Vulnerability
- risk 0.29cvss 4.4epss 0.00
Windows Kernel Security Feature Bypass Vulnerability
- risk 0.29cvss 4.4epss 0.02
Microsoft Identity Linux Broker Remote Code Execution Vulnerability
- risk 0.29cvss 4.5epss 0.01
Azure Apache Hadoop Spoofing Vulnerability
- risk 0.29cvss 4.5epss 0.01
Azure Apache Ambari Spoofing Vulnerability
- risk 0.29cvss 4.5epss 0.01
Azure Apache Oozie Spoofing Vulnerability
- risk 0.29cvss 4.5epss 0.01
Azure Apache Hive Spoofing Vulnerability
- risk 0.29cvss 4.4epss 0.00
Windows Group Policy Security Feature Bypass Vulnerability
- risk 0.29cvss 4.4epss 0.01
Microsoft Business Central Information Disclosure Vulnerability
- risk 0.29cvss 4.4epss 0.01
Azure Sphere Information Disclosure Vulnerability
- risk 0.29cvss 4.4epss 0.01
Azure Site Recovery Elevation of Privilege Vulnerability
- risk 0.29cvss 4.4epss 0.02
Media Foundation Information Disclosure Vulnerability
- risk 0.29cvss 4.4epss 0.01
Windows Defender Credential Guard Security Feature Bypass Vulnerability
- risk 0.29cvss 4.4epss 0.07
Secure Boot Security Feature Bypass Vulnerability
- risk 0.29cvss 4.4epss 0.01
Azure Sphere Information Disclosure Vulnerability
- risk 0.29cvss 4.4epss 0.01
Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
- risk 0.29cvss 4.4epss 0.02
Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
- risk 0.29cvss 4.4epss 0.01
Azure Sphere Information Disclosure Vulnerability
- risk 0.29cvss 4.4epss 0.01
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
- risk 0.29cvss 4.4epss 0.01
Azure Sphere Information Disclosure Vulnerability
- risk 0.29cvss 4.4epss 0.02
Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability
- risk 0.29cvss 4.4epss 0.01
Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability
- risk 0.29cvss 4.4epss 0.01
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this…
- risk 0.29cvss 4.4epss 0.01
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an…
- risk 0.29cvss 4.3epss 0.09
A remote code execution vulnerability exists in the way Microsoft SharePoint software parses specially crafted email messages, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'.
- risk 0.29cvss 4.4epss 0.01
A security feature bypass vulnerability exists in Windows 10 when third party filters are called during a password update, aka 'Windows Security Feature Bypass Vulnerability'.
- risk 0.29cvss 4.3epss 0.12
An information disclosure vulnerability exists in Windows Media Player when it fails to properly handle objects in memory, aka 'Windows Media Player Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1480.
- risk 0.29cvss 4.4epss 0.02
An information disclosure vulnerability exists in the way Microsoft SharePoint handles session objects. An authenticated attacker who successfully exploited the vulnerability could hijack the session of another user. To exploit this vulnerability, the attacker could run a…
- risk 0.29cvss 4.4epss 0.03
A denial of service exists in Microsoft IIS Server when the optional request filtering feature improperly handles requests. An attacker who successfully exploited this vulnerability could perform a temporary denial of service against pages configured to use request filtering. To…
- risk 0.29cvss 4.4epss 0.02
An information disclosure vulnerability exists when the Terminal Services component improperly discloses the contents of its memory, aka 'Windows Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0838.
- risk 0.29cvss 4.3epss 0.09
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8289, CVE-2018-8297, CVE-2018-8325.
- risk 0.29cvss 4.3epss 0.09
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8289, CVE-2018-8324, CVE-2018-8325.
- risk 0.29cvss 4.3epss 0.09
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8297, CVE-2018-8324, CVE-2018-8325.
- risk 0.29cvss 4.5epss 0.02
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10,…
- risk 0.29cvss 4.3epss 0.08
An information disclosure vulnerability exists when Microsoft Exchange improperly handles objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server. This CVE ID is unique from CVE-2018-8154.
- risk 0.29cvss 4.3epss 0.08
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the Microsoft Edge PDF Reader handles objects in memory, aka "Microsoft Edge Information…
- risk 0.29cvss 4.3epss 0.07
Internet Explorer in Microsoft Microsoft Windows 7 SP1, Windows Server 2008 SP2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to detect the navigation…
Page 192 of 287