VYPR

Vendor CVEs

Microsoft

All CVEs

14,318 total · sorted by risk
  • CVE-2016-4140HigJun 16, 2016
    risk 0.58cvss 8.8epss 0.04

    Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

  • CVE-2016-4126HigJun 16, 2016
    risk 0.58cvss 8.8epss 0.04

    Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

  • CVE-2016-3228HigJun 16, 2016
    risk 0.58cvss 8.8epss 0.13

    Microsoft Windows Server 2008 SP2 and R2 SP1 and Windows Server 2012 Gold and R2 allow remote authenticated users to execute arbitrary code via a crafted NetLogon request, aka "Windows Netlogon Memory Corruption Remote Code Execution Vulnerability."

  • CVE-2016-0183HigMay 11, 2016
    risk 0.58cvss 8.8epss 0.16

    The Windows font library in Microsoft Office 2010 SP2, Word 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Microsoft Office Graphics RCE…

  • CVE-2016-0147HigApr 12, 2016
    risk 0.58cvss 8.8epss 0.16

    Microsoft XML Core Services 3.0 allows remote attackers to execute arbitrary code via a crafted web site, aka "MSXML 3.0 Remote Code Execution Vulnerability."

  • CVE-2016-0068HigFeb 18, 2016
    risk 0.58cvss 8.8epss 0.15

    Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0069.

  • CVE-2016-0071HigFeb 10, 2016
    risk 0.58cvss 8.8epss 0.14

    Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

  • CVE-2016-0067HigFeb 10, 2016
    risk 0.58cvss 8.8epss 0.14

    Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0060,…

  • CVE-2016-0064HigFeb 10, 2016
    risk 0.58cvss 8.8epss 0.14

    Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

  • CVE-2016-0015HigJan 13, 2016
    risk 0.58cvss 7.8epss 0.51

    DirectShow in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file, aka "DirectShow Heap…

  • CVE-2016-0009HigJan 13, 2016
    risk 0.58cvss 8.8epss 0.16

    Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows 10 Gold and 1511 allow remote attackers to execute arbitrary code via unspecified vectors, aka "Win32k Remote Code Execution Vulnerability."

  • CVE-2011-1265HigJul 13, 2011
    risk 0.58cvss 8.8epss 0.06

    The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to objects in memory that (1) were not properly initialized or (2) have been deleted, which allows remote attackers to execute arbitrary code via crafted Bluetooth…

  • CVE-2010-0820HigSep 15, 2010
    risk 0.58cvss 8.8epss 0.14

    Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2; Active Directory Application Mode (ADAM) in Windows XP SP2 and SP3 and Windows Server…

  • CVE-2007-4040HigJul 27, 2007
    risk 0.58cvss 8.8epss 0.13

    Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are…

  • CVE-2026-47653HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.01

    Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

  • CVE-2026-47289HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.01

    Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

  • CVE-2026-45648HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.01

    Stack-based buffer overflow in Active Directory Domain Services allows an authorized attacker to execute code over a network.

  • CVE-2026-45504HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.00

    Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.

  • CVE-2026-45484HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.02

    Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.

  • CVE-2026-42985HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.01

    Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

  • CVE-2026-40371HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.01

    Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to elevate privileges over a network.

  • CVE-2026-32193HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.00

    Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Azure Kubernetes Service allows an authorized attacker to execute code locally.

  • CVE-2026-46414HigMay 27, 2026
    risk 0.57cvss 8.8epss 0.01

    Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's WebSocket control plane trusts client-supplied identity and role fields in task messages. A client connection can register as a normal device, but…

  • CVE-2026-35430HigMay 22, 2026
    risk 0.57cvss 8.8epss 0.00

    Authorization bypass through user-controlled key in Azure Privileged Identity Management (PIM) allows an authorized attacker to elevate privileges over a network.

  • CVE-2026-45495HigMay 18, 2026
    risk 0.57cvss 8.8epss 0.01

    Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

  • CVE-2026-41109HigMay 12, 2026
    risk 0.57cvss 8.8epss 0.01

    Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network.

  • CVE-2026-41094HigMay 12, 2026
    risk 0.57cvss 8.8epss 0.01

    Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network.

  • CVE-2026-41086HigMay 12, 2026
    risk 0.57cvss 8.8epss 0.00

    Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

  • CVE-2026-40420HigMay 12, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

  • CVE-2026-40403HigMay 12, 2026
    risk 0.57cvss 8.8epss 0.00

    Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally.

  • CVE-2026-40365HigMay 12, 2026
    risk 0.57cvss 8.8epss 0.01

    Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

  • CVE-2026-40357HigMay 12, 2026
    risk 0.57cvss 8.8epss 0.02

    Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

  • CVE-2026-35439HigMay 12, 2026
    risk 0.57cvss 8.8epss 0.02

    Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

  • CVE-2026-35436HigMay 12, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

  • CVE-2026-34329HigMay 12, 2026
    risk 0.57cvss 8.8epss 0.00

    Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network.

  • CVE-2026-33112HigMay 12, 2026
    risk 0.57cvss 8.8epss 0.02

    Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

  • CVE-2026-33110HigMay 12, 2026
    risk 0.57cvss 8.8epss 0.02

    Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

  • CVE-2026-32207HigMay 7, 2026
    risk 0.57cvss 8.8epss 0.01

    Improper neutralization of input during web page generation ('cross-site scripting') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2026-33120HigApr 14, 2026
    risk 0.57cvss 8.8epss 0.01

    Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.

  • CVE-2026-32225HigApr 14, 2026
    risk 0.57cvss 8.8epss 0.01

    Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

  • CVE-2026-32171HigApr 14, 2026
    risk 0.57cvss 8.8epss 0.00

    Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.

  • CVE-2026-32157HigApr 14, 2026
    risk 0.57cvss 8.8epss 0.01

    Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

  • CVE-2026-27928HigApr 14, 2026
    risk 0.57cvss 8.7epss 0.00

    Improper input validation in Windows Hello allows an unauthorized attacker to bypass a security feature over a network.

  • CVE-2026-26178HigApr 14, 2026
    risk 0.57cvss 8.8epss 0.00

    Integer size truncation in Windows Advanced Rasterization Platform (WARP) allows an unauthorized attacker to elevate privileges locally.

  • CVE-2026-26167HigApr 14, 2026
    risk 0.57cvss 8.8epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

  • CVE-2006-10003CriMar 19, 2026
    risk 0.57cvss 9.8epss 0.01

    XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack. In the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equals stacksize and therefore falls…

  • CVE-2026-25592CriFeb 6, 2026
    risk 0.57cvss 9.9epss 0.02

    Semantic Kernel is an SDK used to build, orchestrate, and deploy AI agents and multi-agent systems. Prior to 1.71.0, an Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the SessionsPythonPlugin. The problem…

  • CVE-2025-64655HigNov 20, 2025
    risk 0.57cvss 8.8epss 0.00

    Improper authorization in Dynamics OmniChannel SDK Storage Containers allows an unauthorized attacker to elevate privileges over a network.

  • CVE-2025-62222HigNov 11, 2025
    risk 0.57cvss 8.8epss 0.01

    Improper neutralization of special elements used in a command ('command injection') in Visual Studio Code CoPilot Chat Extension allows an unauthorized attacker to execute code over a network.

  • CVE-2025-62220HigNov 11, 2025
    risk 0.57cvss 8.8epss 0.01

    Heap-based buffer overflow in Windows Subsystem for Linux GUI allows an unauthorized attacker to execute code over a network.

Page 23 of 287