Vendor CVEs
Microsoft
All CVEs
14,318 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-62211 | Hig | 0.57 | 8.7 | 0.01 | Nov 11, 2025 | Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network. | ||
| CVE-2025-62210 | Hig | 0.57 | 8.7 | 0.01 | Nov 11, 2025 | Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network. | ||
| CVE-2025-59499 | Hig | 0.57 | 8.8 | 0.01 | Nov 11, 2025 | Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2025-59295 | Hig | 0.57 | 8.8 | 0.02 | Oct 14, 2025 | Heap-based buffer overflow in Internet Explorer allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-59249 | Hig | 0.57 | 8.8 | 0.01 | Oct 14, 2025 | Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2025-59237 | Hig | 0.57 | 8.8 | 0.02 | Oct 14, 2025 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||
| CVE-2025-59228 | Hig | 0.57 | 8.8 | 0.01 | Oct 14, 2025 | Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||
| CVE-2025-59213 | Hig | 0.57 | 8.8 | 0.00 | Oct 14, 2025 | Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an unauthorized attacker to elevate privileges over an adjacent network. | ||
| CVE-2025-58718 | Hig | 0.57 | 8.8 | 0.01 | Oct 14, 2025 | Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-58716 | Hig | 0.57 | 8.8 | 0.00 | Oct 14, 2025 | Improper input validation in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-58715 | Hig | 0.57 | 8.8 | 0.00 | Oct 14, 2025 | Integer overflow or wraparound in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-59247 | Hig | 0.57 | 8.8 | 0.01 | Oct 9, 2025 | Azure PlayFab Elevation of Privilege Vulnerability | ||
| CVE-2025-55319 | Hig | 0.57 | 8.8 | 0.01 | Sep 12, 2025 | Ai command injection in Agentic AI and Visual Studio Code allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-55227 | Hig | 0.57 | 8.8 | 0.01 | Sep 9, 2025 | Improper neutralization of special elements used in a command ('command injection') in SQL Server allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2025-54113 | Hig | 0.57 | 8.8 | 0.01 | Sep 9, 2025 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-54106 | Hig | 0.57 | 8.8 | 0.01 | Sep 9, 2025 | Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-36855 | Hig | 0.57 | 8.8 | 0.01 | Sep 8, 2025 | A vulnerability ( CVE-2025-21176 https://www.cve.org/CVERecord ) exists in DiaSymReader.dll due to buffer over-read. Per CWE-126: Buffer Over-read https://cwe.mitre.org/data/definitions/126.html , Buffer Over-read is when a product reads from a buffer using buffer access… | ||
| CVE-2025-53727 | Hig | 0.57 | 8.8 | 0.01 | Aug 12, 2025 | Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2025-53143 | Hig | 0.57 | 8.8 | 0.01 | Aug 12, 2025 | Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network. | ||
| CVE-2025-53131 | Hig | 0.57 | 8.8 | 0.01 | Aug 12, 2025 | Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-50163 | Hig | 0.57 | 8.8 | 0.01 | Aug 12, 2025 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-49759 | Hig | 0.57 | 8.8 | 0.01 | Aug 12, 2025 | Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2025-49758 | Hig | 0.57 | 8.8 | 0.01 | Aug 12, 2025 | Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2025-49757 | Hig | 0.57 | 8.8 | 0.01 | Aug 12, 2025 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-47954 | Hig | 0.57 | 8.8 | 0.01 | Aug 12, 2025 | Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2025-24999 | Hig | 0.57 | 8.8 | 0.02 | Aug 12, 2025 | Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2025-53762 | Hig | 0.57 | 8.7 | 0.01 | Jul 18, 2025 | Permissive list of allowed inputs in Microsoft Purview allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2025-49753 | Hig | 0.57 | 8.8 | 0.01 | Jul 8, 2025 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-49740 | Hig | 0.57 | 8.8 | 0.01 | Jul 8, 2025 | Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network. | ||
| CVE-2025-49739 | Hig | 0.57 | 8.8 | 0.01 | Jul 8, 2025 | Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network. | ||
| CVE-2025-49729 | Hig | 0.57 | 8.8 | 0.01 | Jul 8, 2025 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-49723 | Hig | 0.57 | 8.8 | 0.00 | Jul 8, 2025 | Missing authorization in Windows StateRepository API allows an authorized attacker to perform tampering locally. | ||
| CVE-2025-49701 | Hig | 0.57 | 8.8 | 0.01 | Jul 8, 2025 | Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||
| CVE-2025-49688 | Hig | 0.57 | 8.8 | 0.01 | Jul 8, 2025 | Double free in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-49687 | Hig | 0.57 | 8.8 | 0.00 | Jul 8, 2025 | Out-of-bounds read in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-49676 | Hig | 0.57 | 8.8 | 0.01 | Jul 8, 2025 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-49674 | Hig | 0.57 | 8.8 | 0.01 | Jul 8, 2025 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-49673 | Hig | 0.57 | 8.8 | 0.01 | Jul 8, 2025 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-49672 | Hig | 0.57 | 8.8 | 0.01 | Jul 8, 2025 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-49669 | Hig | 0.57 | 8.8 | 0.01 | Jul 8, 2025 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-49668 | Hig | 0.57 | 8.8 | 0.01 | Jul 8, 2025 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-49663 | Hig | 0.57 | 8.8 | 0.01 | Jul 8, 2025 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-49657 | Hig | 0.57 | 8.8 | 0.01 | Jul 8, 2025 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-48824 | Hig | 0.57 | 8.8 | 0.01 | Jul 8, 2025 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-48817 | Hig | 0.57 | 8.8 | 0.01 | Jul 8, 2025 | Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-47998 | Hig | 0.57 | 8.8 | 0.01 | Jul 8, 2025 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-47986 | Hig | 0.57 | 8.8 | 0.00 | Jul 8, 2025 | Use after free in Universal Print Management Service allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-49713 | Hig | 0.57 | 8.8 | 0.01 | Jul 2, 2025 | Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-47172 | Hig | 0.57 | 8.8 | 0.02 | Jun 10, 2025 | Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||
| CVE-2025-33066 | Hig | 0.57 | 8.8 | 0.01 | Jun 10, 2025 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. |
- risk 0.57cvss 8.7epss 0.01
Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network.
- risk 0.57cvss 8.7epss 0.01
Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network.
- risk 0.57cvss 8.8epss 0.01
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
- risk 0.57cvss 8.8epss 0.02
Heap-based buffer overflow in Internet Explorer allows an unauthorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.01
Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.
- risk 0.57cvss 8.8epss 0.02
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.01
Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.00
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an unauthorized attacker to elevate privileges over an adjacent network.
- risk 0.57cvss 8.8epss 0.01
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.00
Improper input validation in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.
- risk 0.57cvss 8.8epss 0.00
Integer overflow or wraparound in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.
- risk 0.57cvss 8.8epss 0.01
Azure PlayFab Elevation of Privilege Vulnerability
- risk 0.57cvss 8.8epss 0.01
Ai command injection in Agentic AI and Visual Studio Code allows an unauthorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.01
Improper neutralization of special elements used in a command ('command injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
- risk 0.57cvss 8.8epss 0.01
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.01
Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.01
A vulnerability ( CVE-2025-21176 https://www.cve.org/CVERecord ) exists in DiaSymReader.dll due to buffer over-read. Per CWE-126: Buffer Over-read https://cwe.mitre.org/data/definitions/126.html , Buffer Over-read is when a product reads from a buffer using buffer access…
- risk 0.57cvss 8.8epss 0.01
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
- risk 0.57cvss 8.8epss 0.01
Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.01
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.01
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.01
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
- risk 0.57cvss 8.8epss 0.01
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
- risk 0.57cvss 8.8epss 0.01
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.01
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
- risk 0.57cvss 8.8epss 0.02
Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.
- risk 0.57cvss 8.7epss 0.01
Permissive list of allowed inputs in Microsoft Purview allows an authorized attacker to elevate privileges over a network.
- risk 0.57cvss 8.8epss 0.01
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.01
Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network.
- risk 0.57cvss 8.8epss 0.01
Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network.
- risk 0.57cvss 8.8epss 0.01
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.00
Missing authorization in Windows StateRepository API allows an authorized attacker to perform tampering locally.
- risk 0.57cvss 8.8epss 0.01
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.01
Double free in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.00
Out-of-bounds read in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally.
- risk 0.57cvss 8.8epss 0.01
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.01
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.01
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.01
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.01
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.01
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.01
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.01
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.01
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.01
Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.01
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.00
Use after free in Universal Print Management Service allows an authorized attacker to elevate privileges locally.
- risk 0.57cvss 8.8epss 0.01
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.02
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.01
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Page 24 of 287