VYPR

Vendor CVEs

Microsoft

All CVEs

14,318 total · sorted by risk
  • CVE-2017-8726MedOct 13, 2017
    risk 0.29cvss 4.3epss 0.07

    Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how affected Microsoft scripting engines handle objects in memory, aka "Microsoft Edge Memory Corruption…

  • CVE-2017-11818MedOct 13, 2017
    risk 0.29cvss 4.5epss 0.01

    The Microsoft Windows Storage component on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass vulnerability when it fails to validate an integrity-level check, aka…

  • CVE-2017-8736MedSep 13, 2017
    risk 0.29cvss 4.3epss 0.08

    Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to obtain specific…

  • CVE-2017-8555MedJun 15, 2017
    risk 0.29cvss 4.3epss 0.13

    Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to trick a user into loading a page with malicious content when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass…

  • CVE-2017-0164MedApr 12, 2017
    risk 0.29cvss 4.4epss 0.04

    A denial of service vulnerability exists in Windows 10 1607 and Windows Server 2016 Active Directory when an authenticated attacker sends malicious search queries, aka "Active Directory Denial of Service Vulnerability."

  • CVE-2017-0154MedMar 17, 2017
    risk 0.29cvss 4.4epss 0.11

    Microsoft Internet Explorer 11 on Windows 10, 1511, and 1606 and Windows Server 2016 does not enforce cross-domain policies, allowing attackers to access information from one domain and inject it into another via a crafted application, aka, "Internet Explorer Elevation of…

  • CVE-2017-0069MedMar 17, 2017
    risk 0.29cvss 4.3epss 0.09

    Microsoft Edge allows remote attackers to spoof web content via a crafted web site, aka "Microsoft Edge Spoofing Vulnerability." This vulnerability is different from those described in CVE-2017-0012 and CVE-2017-0033.

  • CVE-2017-0068MedMar 17, 2017
    risk 0.29cvss 4.3epss 0.15

    Browsers in Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009, CVE-2017-0011,…

  • CVE-2017-0057MedMar 17, 2017
    risk 0.29cvss 4.3epss 0.14

    DNS client in Microsoft Windows 8.1; Windows Server 2012 R2, Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 fails to properly process DNS queries, which allows remote attackers to obtain sensitive information via (1) convincing a workstation user to…

  • CVE-2017-0033MedMar 17, 2017
    risk 0.29cvss 4.3epss 0.08

    Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka "Microsoft Browser Spoofing Vulnerability." This vulnerability is different from those described in CVE-2017-0012 and CVE-2017-0069.

  • CVE-2017-0012MedMar 17, 2017
    risk 0.29cvss 4.3epss 0.08

    Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka "Microsoft Browser Spoofing Vulnerability." This vulnerability is different from those described in CVE-2017-0033 and CVE-2017-0069.

  • CVE-2016-7284MedDec 20, 2016
    risk 0.29cvss 4.3epss 0.15

    Microsoft Internet Explorer 10 and 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."

  • CVE-2016-0138MedSep 14, 2016
    risk 0.29cvss 4.3epss 0.13

    Microsoft Exchange Server 2007 SP3, 2010 SP3, 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 misparses e-mail messages, which allows remote authenticated users to obtain sensitive Outlook application…

  • CVE-2016-3287MedJul 13, 2016
    risk 0.29cvss 4.4epss 0.01

    Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to bypass the Secure Boot protection mechanism by leveraging administrative access to install a crafted policy, aka "Secure Boot Security Feature Bypass."

  • CVE-2016-3244MedJul 13, 2016
    risk 0.29cvss 4.3epss 0.19

    Microsoft Edge allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Edge Security Feature Bypass."

  • CVE-2016-0080MedFeb 10, 2016
    risk 0.29cvss 4.3epss 0.15

    Microsoft Edge mishandles exceptions during window-message dispatch operations, which allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Edge ASLR Bypass."

  • CVE-2016-0077MedFeb 10, 2016
    risk 0.29cvss 4.3epss 0.10

    Microsoft Internet Explorer 9 through 11 and Microsoft Edge misparse HTTP responses, which allows remote attackers to spoof web sites via a crafted URL, aka "Microsoft Browser Spoofing Vulnerability."

  • CVE-2016-0012MedJan 13, 2016
    risk 0.29cvss 4.3epss 0.11

    Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT…

  • CVE-2016-0008MedJan 13, 2016
    risk 0.29cvss 4.3epss 0.14

    The graphics device interface in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to bypass the ASLR protection mechanism via unspecified…

  • CVE-2010-3243MedOct 13, 2010
    risk 0.29cvss 4.3epss 0.16

    Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or…

  • CVE-1999-0524MedAug 1, 1997
    risk 0.29cvss 4.0epss 0.32

    ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.

  • CVE-2026-45650MedJun 9, 2026
    risk 0.28cvss 4.3epss 0.01

    User interface (ui) misrepresentation of critical information in Microsoft Bing allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2026-24597MedMay 25, 2026
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Organization chart allows Cross Site Request Forgery. This issue affects Organization chart: from n/a through 1.7.5.

  • CVE-2026-40421MedMay 12, 2026
    risk 0.28cvss 4.3epss 0.01

    Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

  • CVE-2026-40416MedMay 12, 2026
    risk 0.28cvss 4.3epss 0.00

    User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2026-35429MedMay 12, 2026
    risk 0.28cvss 4.3epss 0.01

    User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2026-33118MedApr 10, 2026
    risk 0.28cvss 4.3epss 0.01

    Microsoft Edge (Chromium-based) Spoofing Vulnerability

  • CVE-2025-62223MedDec 5, 2025
    risk 0.28cvss 4.3epss 0.00

    User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2025-60728MedNov 11, 2025
    risk 0.28cvss 4.3epss 0.01

    Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.

  • CVE-2025-62931MedOct 27, 2025
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in microsoftstart MSN Partner Hub microsoft-start allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MSN Partner Hub: from n/a through <= 2.9.

  • CVE-2025-54917MedSep 9, 2025
    risk 0.28cvss 4.3epss 0.01

    Protection mechanism failure in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.

  • CVE-2025-54107MedSep 9, 2025
    risk 0.28cvss 4.3epss 0.01

    Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.

  • CVE-2025-49755MedAug 12, 2025
    risk 0.28cvss 4.3epss 0.00

    User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2025-49736MedAug 12, 2025
    risk 0.28cvss 4.3epss 0.00

    The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2025-25001MedApr 4, 2025
    risk 0.28cvss 4.3epss 0.01

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2025-24055MedMar 11, 2025
    risk 0.28cvss 4.3epss 0.01

    Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to disclose information with a physical attack.

  • CVE-2025-21247MedMar 11, 2025
    risk 0.28cvss 4.3epss 0.03

    Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.

  • CVE-2025-21404MedFeb 6, 2025
    risk 0.28cvss 4.3epss 0.01

    Microsoft Edge (Chromium-based) Spoofing Vulnerability

  • CVE-2025-21332MedJan 14, 2025
    risk 0.28cvss 4.3epss 0.01

    MapUrlToZone Security Feature Bypass Vulnerability

  • CVE-2025-21329MedJan 14, 2025
    risk 0.28cvss 4.3epss 0.01

    MapUrlToZone Security Feature Bypass Vulnerability

  • CVE-2025-21328MedJan 14, 2025
    risk 0.28cvss 4.3epss 0.01

    MapUrlToZone Security Feature Bypass Vulnerability

  • CVE-2025-21269MedJan 14, 2025
    risk 0.28cvss 4.3epss 0.04

    Windows HTML Platforms Security Feature Bypass Vulnerability

  • CVE-2025-21268MedJan 14, 2025
    risk 0.28cvss 4.3epss 0.02

    MapUrlToZone Security Feature Bypass Vulnerability

  • CVE-2025-21219MedJan 14, 2025
    risk 0.28cvss 4.3epss 0.03

    MapUrlToZone Security Feature Bypass Vulnerability

  • CVE-2025-21189MedJan 14, 2025
    risk 0.28cvss 4.3epss 0.03

    MapUrlToZone Security Feature Bypass Vulnerability

  • CVE-2024-49103MedDec 12, 2024
    risk 0.28cvss 4.3epss 0.01

    Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability

  • CVE-2024-49099MedDec 12, 2024
    risk 0.28cvss 4.3epss 0.01

    Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability

  • CVE-2024-49098MedDec 12, 2024
    risk 0.28cvss 4.3epss 0.01

    Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability

  • CVE-2024-49041MedDec 6, 2024
    risk 0.28cvss 4.3epss 0.01

    Microsoft Edge (Chromium-based) Spoofing Vulnerability

  • CVE-2024-49054MedNov 22, 2024
    risk 0.28cvss 4.3epss 0.01

    Microsoft Edge (Chromium-based) Spoofing Vulnerability

Page 193 of 287