Vendor CVEs
Microsoft
All CVEs
14,318 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-8726 | Med | 0.29 | 4.3 | 0.07 | Oct 13, 2017 | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how affected Microsoft scripting engines handle objects in memory, aka "Microsoft Edge Memory Corruption… | ||
| CVE-2017-11818 | Med | 0.29 | 4.5 | 0.01 | Oct 13, 2017 | The Microsoft Windows Storage component on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass vulnerability when it fails to validate an integrity-level check, aka… | ||
| CVE-2017-8736 | Med | 0.29 | 4.3 | 0.08 | Sep 13, 2017 | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to obtain specific… | ||
| CVE-2017-8555 | Med | 0.29 | 4.3 | 0.13 | Jun 15, 2017 | Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to trick a user into loading a page with malicious content when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass… | ||
| CVE-2017-0164 | Med | 0.29 | 4.4 | 0.04 | Apr 12, 2017 | A denial of service vulnerability exists in Windows 10 1607 and Windows Server 2016 Active Directory when an authenticated attacker sends malicious search queries, aka "Active Directory Denial of Service Vulnerability." | ||
| CVE-2017-0154 | Med | 0.29 | 4.4 | 0.11 | Mar 17, 2017 | Microsoft Internet Explorer 11 on Windows 10, 1511, and 1606 and Windows Server 2016 does not enforce cross-domain policies, allowing attackers to access information from one domain and inject it into another via a crafted application, aka, "Internet Explorer Elevation of… | ||
| CVE-2017-0069 | Med | 0.29 | 4.3 | 0.09 | Mar 17, 2017 | Microsoft Edge allows remote attackers to spoof web content via a crafted web site, aka "Microsoft Edge Spoofing Vulnerability." This vulnerability is different from those described in CVE-2017-0012 and CVE-2017-0033. | ||
| CVE-2017-0068 | Med | 0.29 | 4.3 | 0.15 | Mar 17, 2017 | Browsers in Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009, CVE-2017-0011,… | ||
| CVE-2017-0057 | Med | 0.29 | 4.3 | 0.14 | Mar 17, 2017 | DNS client in Microsoft Windows 8.1; Windows Server 2012 R2, Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 fails to properly process DNS queries, which allows remote attackers to obtain sensitive information via (1) convincing a workstation user to… | ||
| CVE-2017-0033 | Med | 0.29 | 4.3 | 0.08 | Mar 17, 2017 | Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka "Microsoft Browser Spoofing Vulnerability." This vulnerability is different from those described in CVE-2017-0012 and CVE-2017-0069. | ||
| CVE-2017-0012 | Med | 0.29 | 4.3 | 0.08 | Mar 17, 2017 | Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka "Microsoft Browser Spoofing Vulnerability." This vulnerability is different from those described in CVE-2017-0033 and CVE-2017-0069. | ||
| CVE-2016-7284 | Med | 0.29 | 4.3 | 0.15 | Dec 20, 2016 | Microsoft Internet Explorer 10 and 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." | ||
| CVE-2016-0138 | Med | 0.29 | 4.3 | 0.13 | Sep 14, 2016 | Microsoft Exchange Server 2007 SP3, 2010 SP3, 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 misparses e-mail messages, which allows remote authenticated users to obtain sensitive Outlook application… | ||
| CVE-2016-3287 | Med | 0.29 | 4.4 | 0.01 | Jul 13, 2016 | Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to bypass the Secure Boot protection mechanism by leveraging administrative access to install a crafted policy, aka "Secure Boot Security Feature Bypass." | ||
| CVE-2016-3244 | Med | 0.29 | 4.3 | 0.19 | Jul 13, 2016 | Microsoft Edge allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Edge Security Feature Bypass." | ||
| CVE-2016-0080 | Med | 0.29 | 4.3 | 0.15 | Feb 10, 2016 | Microsoft Edge mishandles exceptions during window-message dispatch operations, which allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Edge ASLR Bypass." | ||
| CVE-2016-0077 | Med | 0.29 | 4.3 | 0.10 | Feb 10, 2016 | Microsoft Internet Explorer 9 through 11 and Microsoft Edge misparse HTTP responses, which allows remote attackers to spoof web sites via a crafted URL, aka "Microsoft Browser Spoofing Vulnerability." | ||
| CVE-2016-0012 | Med | 0.29 | 4.3 | 0.11 | Jan 13, 2016 | Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT… | ||
| CVE-2016-0008 | Med | 0.29 | 4.3 | 0.14 | Jan 13, 2016 | The graphics device interface in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to bypass the ASLR protection mechanism via unspecified… | ||
| CVE-2010-3243 | Med | 0.29 | 4.3 | 0.16 | Oct 13, 2010 | Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or… | ||
| CVE-1999-0524 | Med | 0.29 | 4.0 | 0.32 | Aug 1, 1997 | ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts. | ||
| CVE-2026-45650 | Med | 0.28 | 4.3 | 0.01 | Jun 9, 2026 | User interface (ui) misrepresentation of critical information in Microsoft Bing allows an unauthorized attacker to perform spoofing over a network. | ||
| CVE-2026-24597 | Med | 0.28 | 4.3 | 0.00 | May 25, 2026 | Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Organization chart allows Cross Site Request Forgery. This issue affects Organization chart: from n/a through 1.7.5. | ||
| CVE-2026-40421 | Med | 0.28 | 4.3 | 0.01 | May 12, 2026 | Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | ||
| CVE-2026-40416 | Med | 0.28 | 4.3 | 0.00 | May 12, 2026 | User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | ||
| CVE-2026-35429 | Med | 0.28 | 4.3 | 0.01 | May 12, 2026 | User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | ||
| CVE-2026-33118 | Med | 0.28 | 4.3 | 0.01 | Apr 10, 2026 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||
| CVE-2025-62223 | Med | 0.28 | 4.3 | 0.00 | Dec 5, 2025 | User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network. | ||
| CVE-2025-60728 | Med | 0.28 | 4.3 | 0.01 | Nov 11, 2025 | Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2025-62931 | Med | 0.28 | 4.3 | 0.00 | Oct 27, 2025 | Missing Authorization vulnerability in microsoftstart MSN Partner Hub microsoft-start allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MSN Partner Hub: from n/a through <= 2.9. | ||
| CVE-2025-54917 | Med | 0.28 | 4.3 | 0.01 | Sep 9, 2025 | Protection mechanism failure in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. | ||
| CVE-2025-54107 | Med | 0.28 | 4.3 | 0.01 | Sep 9, 2025 | Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. | ||
| CVE-2025-49755 | Med | 0.28 | 4.3 | 0.00 | Aug 12, 2025 | User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. | ||
| CVE-2025-49736 | Med | 0.28 | 4.3 | 0.00 | Aug 12, 2025 | The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. | ||
| CVE-2025-25001 | Med | 0.28 | 4.3 | 0.01 | Apr 4, 2025 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | ||
| CVE-2025-24055 | Med | 0.28 | 4.3 | 0.01 | Mar 11, 2025 | Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to disclose information with a physical attack. | ||
| CVE-2025-21247 | Med | 0.28 | 4.3 | 0.03 | Mar 11, 2025 | Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. | ||
| CVE-2025-21404 | Med | 0.28 | 4.3 | 0.01 | Feb 6, 2025 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||
| CVE-2025-21332 | Med | 0.28 | 4.3 | 0.01 | Jan 14, 2025 | MapUrlToZone Security Feature Bypass Vulnerability | ||
| CVE-2025-21329 | Med | 0.28 | 4.3 | 0.01 | Jan 14, 2025 | MapUrlToZone Security Feature Bypass Vulnerability | ||
| CVE-2025-21328 | Med | 0.28 | 4.3 | 0.01 | Jan 14, 2025 | MapUrlToZone Security Feature Bypass Vulnerability | ||
| CVE-2025-21269 | Med | 0.28 | 4.3 | 0.04 | Jan 14, 2025 | Windows HTML Platforms Security Feature Bypass Vulnerability | ||
| CVE-2025-21268 | Med | 0.28 | 4.3 | 0.02 | Jan 14, 2025 | MapUrlToZone Security Feature Bypass Vulnerability | ||
| CVE-2025-21219 | Med | 0.28 | 4.3 | 0.03 | Jan 14, 2025 | MapUrlToZone Security Feature Bypass Vulnerability | ||
| CVE-2025-21189 | Med | 0.28 | 4.3 | 0.03 | Jan 14, 2025 | MapUrlToZone Security Feature Bypass Vulnerability | ||
| CVE-2024-49103 | Med | 0.28 | 4.3 | 0.01 | Dec 12, 2024 | Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability | ||
| CVE-2024-49099 | Med | 0.28 | 4.3 | 0.01 | Dec 12, 2024 | Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability | ||
| CVE-2024-49098 | Med | 0.28 | 4.3 | 0.01 | Dec 12, 2024 | Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability | ||
| CVE-2024-49041 | Med | 0.28 | 4.3 | 0.01 | Dec 6, 2024 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||
| CVE-2024-49054 | Med | 0.28 | 4.3 | 0.01 | Nov 22, 2024 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
- risk 0.29cvss 4.3epss 0.07
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how affected Microsoft scripting engines handle objects in memory, aka "Microsoft Edge Memory Corruption…
- risk 0.29cvss 4.5epss 0.01
The Microsoft Windows Storage component on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass vulnerability when it fails to validate an integrity-level check, aka…
- risk 0.29cvss 4.3epss 0.08
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to obtain specific…
- risk 0.29cvss 4.3epss 0.13
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to trick a user into loading a page with malicious content when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass…
- risk 0.29cvss 4.4epss 0.04
A denial of service vulnerability exists in Windows 10 1607 and Windows Server 2016 Active Directory when an authenticated attacker sends malicious search queries, aka "Active Directory Denial of Service Vulnerability."
- risk 0.29cvss 4.4epss 0.11
Microsoft Internet Explorer 11 on Windows 10, 1511, and 1606 and Windows Server 2016 does not enforce cross-domain policies, allowing attackers to access information from one domain and inject it into another via a crafted application, aka, "Internet Explorer Elevation of…
- risk 0.29cvss 4.3epss 0.09
Microsoft Edge allows remote attackers to spoof web content via a crafted web site, aka "Microsoft Edge Spoofing Vulnerability." This vulnerability is different from those described in CVE-2017-0012 and CVE-2017-0033.
- risk 0.29cvss 4.3epss 0.15
Browsers in Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009, CVE-2017-0011,…
- risk 0.29cvss 4.3epss 0.14
DNS client in Microsoft Windows 8.1; Windows Server 2012 R2, Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 fails to properly process DNS queries, which allows remote attackers to obtain sensitive information via (1) convincing a workstation user to…
- risk 0.29cvss 4.3epss 0.08
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka "Microsoft Browser Spoofing Vulnerability." This vulnerability is different from those described in CVE-2017-0012 and CVE-2017-0069.
- risk 0.29cvss 4.3epss 0.08
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka "Microsoft Browser Spoofing Vulnerability." This vulnerability is different from those described in CVE-2017-0033 and CVE-2017-0069.
- risk 0.29cvss 4.3epss 0.15
Microsoft Internet Explorer 10 and 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
- risk 0.29cvss 4.3epss 0.13
Microsoft Exchange Server 2007 SP3, 2010 SP3, 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 misparses e-mail messages, which allows remote authenticated users to obtain sensitive Outlook application…
- risk 0.29cvss 4.4epss 0.01
Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to bypass the Secure Boot protection mechanism by leveraging administrative access to install a crafted policy, aka "Secure Boot Security Feature Bypass."
- risk 0.29cvss 4.3epss 0.19
Microsoft Edge allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Edge Security Feature Bypass."
- risk 0.29cvss 4.3epss 0.15
Microsoft Edge mishandles exceptions during window-message dispatch operations, which allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Edge ASLR Bypass."
- risk 0.29cvss 4.3epss 0.10
Microsoft Internet Explorer 9 through 11 and Microsoft Edge misparse HTTP responses, which allows remote attackers to spoof web sites via a crafted URL, aka "Microsoft Browser Spoofing Vulnerability."
- risk 0.29cvss 4.3epss 0.11
Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT…
- risk 0.29cvss 4.3epss 0.14
The graphics device interface in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to bypass the ASLR protection mechanism via unspecified…
- risk 0.29cvss 4.3epss 0.16
Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or…
- risk 0.29cvss 4.0epss 0.32
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.
- risk 0.28cvss 4.3epss 0.01
User interface (ui) misrepresentation of critical information in Microsoft Bing allows an unauthorized attacker to perform spoofing over a network.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Organization chart allows Cross Site Request Forgery. This issue affects Organization chart: from n/a through 1.7.5.
- risk 0.28cvss 4.3epss 0.01
Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
- risk 0.28cvss 4.3epss 0.00
User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
- risk 0.28cvss 4.3epss 0.01
User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
- risk 0.28cvss 4.3epss 0.01
Microsoft Edge (Chromium-based) Spoofing Vulnerability
- risk 0.28cvss 4.3epss 0.00
User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network.
- risk 0.28cvss 4.3epss 0.01
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in microsoftstart MSN Partner Hub microsoft-start allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MSN Partner Hub: from n/a through <= 2.9.
- risk 0.28cvss 4.3epss 0.01
Protection mechanism failure in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.
- risk 0.28cvss 4.3epss 0.01
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.
- risk 0.28cvss 4.3epss 0.00
User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
- risk 0.28cvss 4.3epss 0.00
The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
- risk 0.28cvss 4.3epss 0.01
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
- risk 0.28cvss 4.3epss 0.01
Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to disclose information with a physical attack.
- risk 0.28cvss 4.3epss 0.03
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.
- risk 0.28cvss 4.3epss 0.01
Microsoft Edge (Chromium-based) Spoofing Vulnerability
- risk 0.28cvss 4.3epss 0.01
MapUrlToZone Security Feature Bypass Vulnerability
- risk 0.28cvss 4.3epss 0.01
MapUrlToZone Security Feature Bypass Vulnerability
- risk 0.28cvss 4.3epss 0.01
MapUrlToZone Security Feature Bypass Vulnerability
- risk 0.28cvss 4.3epss 0.04
Windows HTML Platforms Security Feature Bypass Vulnerability
- risk 0.28cvss 4.3epss 0.02
MapUrlToZone Security Feature Bypass Vulnerability
- risk 0.28cvss 4.3epss 0.03
MapUrlToZone Security Feature Bypass Vulnerability
- risk 0.28cvss 4.3epss 0.03
MapUrlToZone Security Feature Bypass Vulnerability
- risk 0.28cvss 4.3epss 0.01
Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability
- risk 0.28cvss 4.3epss 0.01
Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability
- risk 0.28cvss 4.3epss 0.01
Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability
- risk 0.28cvss 4.3epss 0.01
Microsoft Edge (Chromium-based) Spoofing Vulnerability
- risk 0.28cvss 4.3epss 0.01
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Page 193 of 287