VYPR

Vendor CVEs

Microsoft

All CVEs

14,318 total · sorted by risk
  • CVE-2026-45642LowJun 9, 2026
    risk 0.25cvss 3.9epss 0.00

    Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.

  • CVE-2024-26246LowMar 14, 2024
    risk 0.25cvss 3.9epss 0.01

    Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

  • CVE-2018-8449LowSep 13, 2018
    risk 0.25cvss 3.3epss 0.03

    A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka "Device Guard Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.

  • CVE-2018-0966LowApr 12, 2018
    risk 0.25cvss 3.3epss 0.02

    A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka "Device Guard Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.

  • CVE-2018-0878LowMar 14, 2018
    risk 0.25cvss 3.1epss 0.22

    Windows Remote Assistance in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure…

  • CVE-2025-32016MedApr 9, 2025
    risk 0.24cvss 4.7epss 0.00

    Microsoft Identity Web is a library which contains a set of reusable classes used in conjunction with ASP.NET Core for integrating with the Microsoft identity platform (formerly Azure AD v2.0 endpoint) and AAD B2C. This vulnerability affects confidential client applications,…

  • CVE-2023-28301LowApr 11, 2023
    risk 0.24cvss 3.7epss 0.01

    Microsoft Edge (Chromium-based) Tampering Vulnerability

  • CVE-2022-23292LowApr 15, 2022
    risk 0.24cvss 3.7epss 0.01

    Microsoft Power BI Spoofing Vulnerability

  • CVE-2020-0884LowMar 12, 2020
    risk 0.24cvss 3.7epss 0.02

    A spoofing vulnerability exists in Microsoft Visual Studio as it includes a reply URL that is not secured by SSL, aka 'Microsoft Visual Studio Spoofing Vulnerability'.

  • CVE-2017-0159LowApr 12, 2017
    risk 0.24cvss 3.7epss 0.04

    A security feature bypass vulnerability exists in Windows 10 1607, Windows Server 2012 R2, and Windows 2016 when ADFS incorrectly treats requests coming from Extranet clients as Intranet requests, aka "ADFS Security Feature Bypass Vulnerability."

  • CVE-2025-49760LowJul 8, 2025
    risk 0.23cvss 3.5epss 0.01

    External control of file name or path in Windows Storage allows an authorized attacker to perform spoofing over a network.

  • CVE-2020-24588LowMay 11, 2021
    risk 0.23cvss 3.5epss 0.04

    The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is…

  • CVE-2017-8676LowSep 13, 2017
    risk 0.23cvss 3.3epss 0.14

    The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for…

  • CVE-2017-0042LowMar 17, 2017
    risk 0.23cvss 3.1epss 0.30

    Windows Media Player in Microsoft Windows 8.1; Windows Server 2012 R2; Windows RT 8.1; Windows 7 SP1; Windows 2008 SP2 and R2 SP1, Windows Server 2016; Windows Vista SP2; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information via a crafted…

  • CVE-2016-3354LowSep 14, 2016
    risk 0.23cvss 3.3epss 0.14

    The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to bypass the ASLR protection mechanism via…

  • CVE-2016-3251LowJul 13, 2016
    risk 0.23cvss 2.8epss 0.58

    The GDI component in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to obtain sensitive kernel-address…

  • CVE-2016-4534LowMay 5, 2016
    risk 0.23cvss 3.0epss 0.02

    The McAfee VirusScan Console (mcconsol.exe) in McAfee VirusScan Enterprise 8.8.0 before Hotfix 1123565 (8.8.0.1546) on Windows allows local administrators to bypass intended self-protection rules and unlock the console window by closing registry handles.

  • CVE-2025-59284LowOct 14, 2025
    risk 0.22cvss 3.3epss 0.01

    Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing locally.

  • CVE-2023-28303LowJun 13, 2023
    risk 0.22cvss 3.3epss 0.02

    Windows Snipping Tool Information Disclosure Vulnerability

  • CVE-2022-41043LowOct 11, 2022
    risk 0.22cvss 3.3epss 0.01

    Microsoft Office Information Disclosure Vulnerability

  • CVE-2022-30130LowMay 10, 2022
    risk 0.22cvss 3.3epss 0.03

    .NET Framework Denial of Service Vulnerability

  • CVE-2022-24465LowMar 9, 2022
    risk 0.22cvss 3.3epss 0.01

    Microsoft Intune Portal for iOS Security Feature Bypass Vulnerability

  • CVE-2022-21977LowMar 9, 2022
    risk 0.22cvss 3.3epss 0.02

    Media Foundation Information Disclosure Vulnerability

  • CVE-2021-42323LowNov 10, 2021
    risk 0.22cvss 3.3epss 0.01

    Azure RTOS Information Disclosure Vulnerability

  • CVE-2021-42301LowNov 10, 2021
    risk 0.22cvss 3.3epss 0.01

    Azure RTOS Information Disclosure Vulnerability

  • CVE-2021-26444LowNov 10, 2021
    risk 0.22cvss 3.3epss 0.01

    Azure RTOS Information Disclosure Vulnerability

  • CVE-2021-28312LowApr 13, 2021
    risk 0.22cvss 3.3epss 0.07

    Windows NTFS Denial of Service Vulnerability

  • CVE-2020-24003LowJan 11, 2021
    risk 0.22cvss 3.3epss 0.01

    Microsoft Skype through 8.59.0.77 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Skype Client's microphone…

  • CVE-2020-17097LowDec 10, 2020
    risk 0.22cvss 3.3epss 0.01

    Windows Digital Media Receiver Elevation of Privilege Vulnerability

  • CVE-2020-17020LowNov 11, 2020
    risk 0.22cvss 3.3epss 0.01

    Microsoft Word Security Feature Bypass Vulnerability

  • CVE-2019-1488LowDec 10, 2019
    risk 0.22cvss 3.3epss 0.01

    A security feature bypass vulnerability exists when Microsoft Defender improperly handles specific buffers, aka 'Microsoft Defender Security Feature Bypass Vulnerability'.

  • CVE-2019-1418LowNov 12, 2019
    risk 0.22cvss 3.3epss 0.02

    An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Service Information Disclosure Vulnerability'.

  • CVE-2018-0919LowMar 14, 2018
    risk 0.22cvss 3.3epss 0.12

    Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016,…

  • CVE-2018-0853LowFeb 15, 2018
    risk 0.22cvss 3.3epss 0.12

    Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow an information disclosure vulnerability, due to how Office initializes the affected variable, aka "Microsoft Office Information Disclosure…

  • CVE-2017-0208MedApr 12, 2017
    risk 0.22cvss 4.3epss 0.15

    An information disclosure vulnerability exists in Microsoft Edge when the Chakra scripting engine does not properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, a.k.a.…

  • CVE-2017-0188LowApr 12, 2017
    risk 0.22cvss 3.3epss 0.03

    A Win32k information disclosure vulnerability exists in Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, Windows 10, and Windows Server 2016 when the win32k component improperly provides kernel information. An attacker who successfully exploited the…

  • CVE-2016-7220LowNov 10, 2016
    risk 0.22cvss 3.3epss 0.03

    Virtual Secure Mode in Microsoft Windows 10 allows local users to obtain sensitive information via a crafted application, aka "Virtual Secure Mode Information Disclosure Vulnerability."

  • CVE-2016-7214LowNov 10, 2016
    risk 0.22cvss 3.3epss 0.04

    The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to bypass the ASLR protection…

  • CVE-2016-3344LowSep 14, 2016
    risk 0.22cvss 3.3epss 0.04

    The Secure Kernel Mode feature in Microsoft Windows 10 Gold and 1511 allows local users to obtain sensitive information via a crafted application, aka "Windows Secure Kernel Mode Information Disclosure Vulnerability."

  • CVE-2016-0137LowSep 14, 2016
    risk 0.22cvss 3.3epss 0.07

    The Click-to-Run (C2R) implementation in Microsoft Office 2013 SP1 and 2016 allows local users to bypass the ASLR protection mechanism via a crafted application, aka "Microsoft APP-V ASLR Bypass."

  • CVE-2016-3321LowAug 9, 2016
    risk 0.22cvss 2.5epss 0.35

    Microsoft Internet Explorer 10 and 11 load different files for attempts to open a file:// URL depending on whether the file exists, which allows local users to enumerate files via vectors involving a file:// URL and an HTML5 sandbox iframe, aka "Internet Explorer Information…

  • CVE-2016-3272LowJul 13, 2016
    risk 0.22cvss 2.8epss 0.43

    The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles page-fault system calls, which allows local users to obtain sensitive information from an arbitrary process via a crafted application, aka "Windows…

  • CVE-2016-0175LowMay 11, 2016
    risk 0.22cvss 3.3epss 0.04

    The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to obtain sensitive information about kernel-object addresses,…

  • CVE-2026-45485LowJun 9, 2026
    risk 0.21cvss 3.3epss 0.00

    Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

  • CVE-2026-45466LowJun 9, 2026
    risk 0.21cvss 3.3epss 0.00

    Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

  • CVE-2026-45459LowJun 9, 2026
    risk 0.21cvss 3.3epss 0.00

    Protection mechanism failure in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally.

  • CVE-2026-45455LowJun 9, 2026
    risk 0.21cvss 3.3epss 0.01

    Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.

  • CVE-2025-49756LowJul 8, 2025
    risk 0.21cvss 3.3epss 0.00

    Use of a broken or risky cryptographic algorithm in Office Developer Platform allows an authorized attacker to bypass a security feature locally.

  • CVE-2025-21337LowFeb 11, 2025
    risk 0.21cvss 3.3epss 0.01

    Windows NTFS Elevation of Privilege Vulnerability

  • CVE-2024-21383LowJan 26, 2024
    risk 0.21cvss 3.3epss 0.00

    Microsoft Edge (Chromium-based) Spoofing Vulnerability

Page 197 of 287