Vendor CVEs
Microsoft
All CVEs
14,318 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-33064 | Hig | 0.57 | 8.8 | 0.01 | Jun 10, 2025 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. | ||
| CVE-2025-47181 | Hig | 0.57 | 8.8 | 0.00 | May 22, 2025 | Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-29967 | Hig | 0.57 | 8.8 | 0.01 | May 13, 2025 | Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-29966 | Hig | 0.57 | 8.8 | 0.01 | May 13, 2025 | Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-29964 | Hig | 0.57 | 8.8 | 0.01 | May 13, 2025 | Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-29963 | Hig | 0.57 | 8.8 | 0.01 | May 13, 2025 | Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-29840 | Hig | 0.57 | 8.8 | 0.01 | May 13, 2025 | Stack-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-47732 | Hig | 0.57 | 8.7 | 0.03 | May 8, 2025 | Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network. | ||
| CVE-2025-30389 | Hig | 0.57 | 8.7 | 0.01 | Apr 30, 2025 | Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network. | ||
| CVE-2025-27740 | Hig | 0.57 | 8.8 | 0.03 | Apr 8, 2025 | Weak authentication in Windows Active Directory Certificate Services allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2025-27481 | Hig | 0.57 | 8.8 | 0.01 | Apr 8, 2025 | Stack-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-27477 | Hig | 0.57 | 8.8 | 0.01 | Apr 8, 2025 | Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-26669 | Hig | 0.57 | 8.8 | 0.01 | Apr 8, 2025 | Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2025-26647 | Hig | 0.57 | 8.8 | 0.02 | Apr 8, 2025 | Improper input validation in Windows Kerberos allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2025-21222 | Hig | 0.57 | 8.8 | 0.01 | Apr 8, 2025 | Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-21221 | Hig | 0.57 | 8.8 | 0.01 | Apr 8, 2025 | Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-21205 | Hig | 0.57 | 8.8 | 0.01 | Apr 8, 2025 | Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-25000 | Hig | 0.57 | 8.8 | 0.01 | Apr 4, 2025 | Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-29807 | Hig | 0.57 | 8.7 | 0.01 | Mar 21, 2025 | Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network. | ||
| CVE-2025-26645 | Hig | 0.57 | 8.8 | 0.03 | Mar 11, 2025 | Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-24056 | Hig | 0.57 | 8.8 | 0.02 | Mar 11, 2025 | Heap-based buffer overflow in Windows Telephony Server allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-24051 | Hig | 0.57 | 8.8 | 0.02 | Mar 11, 2025 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-21410 | Hig | 0.57 | 8.8 | 0.02 | Feb 11, 2025 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | ||
| CVE-2025-21407 | Hig | 0.57 | 8.8 | 0.02 | Feb 11, 2025 | Windows Telephony Service Remote Code Execution Vulnerability | ||
| CVE-2025-21406 | Hig | 0.57 | 8.8 | 0.02 | Feb 11, 2025 | Windows Telephony Service Remote Code Execution Vulnerability | ||
| CVE-2025-21371 | Hig | 0.57 | 8.8 | 0.02 | Feb 11, 2025 | Windows Telephony Service Remote Code Execution Vulnerability | ||
| CVE-2025-21369 | Hig | 0.57 | 8.8 | 0.02 | Feb 11, 2025 | Microsoft Digest Authentication Remote Code Execution Vulnerability | ||
| CVE-2025-21368 | Hig | 0.57 | 8.8 | 0.02 | Feb 11, 2025 | Microsoft Digest Authentication Remote Code Execution Vulnerability | ||
| CVE-2025-21208 | Hig | 0.57 | 8.8 | 0.02 | Feb 11, 2025 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | ||
| CVE-2025-21201 | Hig | 0.57 | 8.8 | 0.02 | Feb 11, 2025 | Windows Telephony Server Remote Code Execution Vulnerability | ||
| CVE-2025-21200 | Hig | 0.57 | 8.8 | 0.02 | Feb 11, 2025 | Windows Telephony Service Remote Code Execution Vulnerability | ||
| CVE-2025-21190 | Hig | 0.57 | 8.8 | 0.02 | Feb 11, 2025 | Windows Telephony Service Remote Code Execution Vulnerability | ||
| CVE-2025-21408 | Hig | 0.57 | 8.8 | 0.01 | Feb 6, 2025 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | ||
| CVE-2025-21342 | Hig | 0.57 | 8.8 | 0.01 | Feb 6, 2025 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | ||
| CVE-2025-21177 | Hig | 0.57 | 8.7 | 0.01 | Feb 6, 2025 | Server-side request forgery (ssrf) in Microsoft Dynamics 365 Sales allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2025-21417 | Hig | 0.57 | 8.8 | 0.01 | Jan 14, 2025 | Windows Telephony Service Remote Code Execution Vulnerability | ||
| CVE-2025-21413 | Hig | 0.57 | 8.8 | 0.01 | Jan 14, 2025 | Windows Telephony Service Remote Code Execution Vulnerability | ||
| CVE-2025-21411 | Hig | 0.57 | 8.8 | 0.01 | Jan 14, 2025 | Windows Telephony Service Remote Code Execution Vulnerability | ||
| CVE-2025-21409 | Hig | 0.57 | 8.8 | 0.01 | Jan 14, 2025 | Windows Telephony Service Remote Code Execution Vulnerability | ||
| CVE-2025-21339 | Hig | 0.57 | 8.8 | 0.01 | Jan 14, 2025 | Windows Telephony Service Remote Code Execution Vulnerability | ||
| CVE-2025-21306 | Hig | 0.57 | 8.8 | 0.01 | Jan 14, 2025 | Windows Telephony Service Remote Code Execution Vulnerability | ||
| CVE-2025-21305 | Hig | 0.57 | 8.8 | 0.01 | Jan 14, 2025 | Windows Telephony Service Remote Code Execution Vulnerability | ||
| CVE-2025-21303 | Hig | 0.57 | 8.8 | 0.01 | Jan 14, 2025 | Windows Telephony Service Remote Code Execution Vulnerability | ||
| CVE-2025-21302 | Hig | 0.57 | 8.8 | 0.01 | Jan 14, 2025 | Windows Telephony Service Remote Code Execution Vulnerability | ||
| CVE-2025-21292 | Hig | 0.57 | 8.8 | 0.01 | Jan 14, 2025 | Windows Search Service Elevation of Privilege Vulnerability | ||
| CVE-2025-21291 | Hig | 0.57 | 8.8 | 0.01 | Jan 14, 2025 | Windows Direct Show Remote Code Execution Vulnerability | ||
| CVE-2025-21286 | Hig | 0.57 | 8.8 | 0.01 | Jan 14, 2025 | Windows Telephony Service Remote Code Execution Vulnerability | ||
| CVE-2025-21282 | Hig | 0.57 | 8.8 | 0.01 | Jan 14, 2025 | Windows Telephony Service Remote Code Execution Vulnerability | ||
| CVE-2025-21273 | Hig | 0.57 | 8.8 | 0.01 | Jan 14, 2025 | Windows Telephony Service Remote Code Execution Vulnerability | ||
| CVE-2025-21266 | Hig | 0.57 | 8.8 | 0.01 | Jan 14, 2025 | Windows Telephony Service Remote Code Execution Vulnerability |
- risk 0.57cvss 8.8epss 0.01
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.00
Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally.
- risk 0.57cvss 8.8epss 0.01
Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.01
Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.01
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.01
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.01
Stack-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.
- risk 0.57cvss 8.7epss 0.03
Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network.
- risk 0.57cvss 8.7epss 0.01
Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network.
- risk 0.57cvss 8.8epss 0.03
Weak authentication in Windows Active Directory Certificate Services allows an authorized attacker to elevate privileges over a network.
- risk 0.57cvss 8.8epss 0.01
Stack-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.01
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.01
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
- risk 0.57cvss 8.8epss 0.02
Improper input validation in Windows Kerberos allows an authorized attacker to elevate privileges over a network.
- risk 0.57cvss 8.8epss 0.01
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.01
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.01
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.01
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
- risk 0.57cvss 8.7epss 0.01
Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.03
Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.02
Heap-based buffer overflow in Windows Telephony Server allows an unauthorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.02
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.02
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.02
Windows Telephony Service Remote Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.02
Windows Telephony Service Remote Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.02
Windows Telephony Service Remote Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.02
Microsoft Digest Authentication Remote Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.02
Microsoft Digest Authentication Remote Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.02
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.02
Windows Telephony Server Remote Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.02
Windows Telephony Service Remote Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.02
Windows Telephony Service Remote Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.01
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.01
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
- risk 0.57cvss 8.7epss 0.01
Server-side request forgery (ssrf) in Microsoft Dynamics 365 Sales allows an authorized attacker to elevate privileges over a network.
- risk 0.57cvss 8.8epss 0.01
Windows Telephony Service Remote Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.01
Windows Telephony Service Remote Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.01
Windows Telephony Service Remote Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.01
Windows Telephony Service Remote Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.01
Windows Telephony Service Remote Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.01
Windows Telephony Service Remote Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.01
Windows Telephony Service Remote Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.01
Windows Telephony Service Remote Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.01
Windows Telephony Service Remote Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.01
Windows Search Service Elevation of Privilege Vulnerability
- risk 0.57cvss 8.8epss 0.01
Windows Direct Show Remote Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.01
Windows Telephony Service Remote Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.01
Windows Telephony Service Remote Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.01
Windows Telephony Service Remote Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.01
Windows Telephony Service Remote Code Execution Vulnerability
Page 25 of 287