Vendor CVEs
Microsoft
All CVEs
14,200 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-24996 | 0.00 | — | 0.01 | Mar 11, 2025 | External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2025-24995 | 0.00 | — | 0.01 | Mar 11, 2025 | Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-21180 | 0.00 | — | 0.01 | Mar 11, 2025 | Heap-based buffer overflow in Windows exFAT File System allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-24988 | 0.00 | — | 0.01 | Mar 11, 2025 | Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack. | |||
| CVE-2025-24987 | 0.00 | — | 0.01 | Mar 11, 2025 | Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack. | |||
| CVE-2025-24986 | 0.00 | — | 0.00 | Mar 11, 2025 | Improper isolation or compartmentalization in Azure PromptFlow allows an unauthorized attacker to execute code over a network. | |||
| CVE-2025-24083 | 0.00 | — | 0.01 | Mar 11, 2025 | Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-24082 | 0.00 | — | 0.01 | Mar 11, 2025 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-24081 | 0.00 | — | 0.01 | Mar 11, 2025 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-24080 | 0.00 | — | 0.01 | Mar 11, 2025 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-24079 | 0.00 | — | 0.01 | Mar 11, 2025 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-24078 | 0.00 | — | 0.01 | Mar 11, 2025 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-24077 | 0.00 | — | 0.01 | Mar 11, 2025 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-24070 | 0.00 | — | 0.01 | Mar 11, 2025 | Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network. | |||
| CVE-2025-24057 | 0.00 | — | 0.01 | Mar 11, 2025 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-24044 | 0.00 | — | 0.01 | Mar 11, 2025 | Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-24035 | 0.00 | — | 0.02 | Mar 11, 2025 | Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. | |||
| CVE-2025-26634 | 0.00 | — | 0.01 | Mar 11, 2025 | Heap-based buffer overflow in Windows Core Messaging allows an authorized attacker to elevate privileges over a network. | |||
| CVE-2025-26643 | 0.00 | — | 0.01 | Mar 7, 2025 | The UI performs the wrong action in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2025-21401 | 0.00 | — | 0.00 | Feb 14, 2025 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | |||
| CVE-2025-24042 | 0.00 | — | 0.01 | Feb 11, 2025 | Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability | |||
| CVE-2025-21373 | 0.00 | — | 0.01 | Feb 11, 2025 | Windows Installer Elevation of Privilege Vulnerability | |||
| CVE-2025-21414 | 0.00 | — | 0.01 | Feb 11, 2025 | Windows Core Messaging Elevation of Privileges Vulnerability | |||
| CVE-2025-21254 | 0.00 | — | 0.01 | Feb 11, 2025 | Internet Connection Sharing (ICS) Denial of Service Vulnerability | |||
| CVE-2025-21216 | 0.00 | — | 0.01 | Feb 11, 2025 | Internet Connection Sharing (ICS) Denial of Service Vulnerability | |||
| CVE-2025-21212 | 0.00 | — | 0.01 | Feb 11, 2025 | Internet Connection Sharing (ICS) Denial of Service Vulnerability | |||
| CVE-2025-21184 | 0.00 | — | 0.01 | Feb 11, 2025 | Windows Core Messaging Elevation of Privileges Vulnerability | |||
| CVE-2025-21179 | 0.00 | — | 0.01 | Feb 11, 2025 | DHCP Client Service Denial of Service Vulnerability | |||
| CVE-2025-21400 | 0.00 | — | 0.30 | Feb 11, 2025 | Microsoft SharePoint Server Remote Code Execution Vulnerability | |||
| CVE-2025-21397 | 0.00 | — | 0.01 | Feb 11, 2025 | Microsoft Office Remote Code Execution Vulnerability | |||
| CVE-2025-21394 | 0.00 | — | 0.01 | Feb 11, 2025 | Microsoft Excel Remote Code Execution Vulnerability | |||
| CVE-2025-21392 | 0.00 | — | 0.01 | Feb 11, 2025 | Microsoft Office Remote Code Execution Vulnerability | |||
| CVE-2025-21390 | 0.00 | — | 0.01 | Feb 11, 2025 | Microsoft Excel Remote Code Execution Vulnerability | |||
| CVE-2025-21387 | 0.00 | — | 0.01 | Feb 11, 2025 | Microsoft Excel Remote Code Execution Vulnerability | |||
| CVE-2025-21386 | 0.00 | — | 0.01 | Feb 11, 2025 | Microsoft Excel Remote Code Execution Vulnerability | |||
| CVE-2025-21381 | 0.00 | — | 0.01 | Feb 11, 2025 | Microsoft Excel Remote Code Execution Vulnerability | |||
| CVE-2025-21377 | 0.00 | — | 0.22 | Feb 11, 2025 | NTLM Hash Disclosure Spoofing Vulnerability | |||
| CVE-2025-21371 | 0.00 | — | 0.02 | Feb 11, 2025 | Windows Telephony Service Remote Code Execution Vulnerability | |||
| CVE-2025-21367 | 0.00 | — | 0.01 | Feb 11, 2025 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | |||
| CVE-2025-21359 | 0.00 | — | 0.01 | Feb 11, 2025 | Windows Kernel Security Feature Bypass Vulnerability | |||
| CVE-2025-21358 | 0.00 | — | 0.01 | Feb 11, 2025 | Windows Core Messaging Elevation of Privileges Vulnerability | |||
| CVE-2025-21350 | 0.00 | — | 0.02 | Feb 11, 2025 | Windows Kerberos Denial of Service Vulnerability | |||
| CVE-2025-21349 | 0.00 | — | 0.01 | Feb 11, 2025 | Windows Remote Desktop Configuration Service Tampering Vulnerability | |||
| CVE-2025-21347 | 0.00 | — | 0.01 | Feb 11, 2025 | Windows Deployment Services Denial of Service Vulnerability | |||
| CVE-2025-21337 | 0.00 | — | 0.01 | Feb 11, 2025 | Windows NTFS Elevation of Privilege Vulnerability | |||
| CVE-2025-21198 | 0.00 | — | 0.01 | Feb 11, 2025 | Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability | |||
| CVE-2025-21201 | 0.00 | — | 0.02 | Feb 11, 2025 | Windows Telephony Server Remote Code Execution Vulnerability | |||
| CVE-2025-21200 | 0.00 | — | 0.02 | Feb 11, 2025 | Windows Telephony Service Remote Code Execution Vulnerability | |||
| CVE-2025-21190 | 0.00 | — | 0.02 | Feb 11, 2025 | Windows Telephony Service Remote Code Execution Vulnerability | |||
| CVE-2025-21410 | 0.00 | — | 0.02 | Feb 11, 2025 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
- CVE-2025-24996Mar 11, 2025risk 0.00cvss —epss 0.01
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
- CVE-2025-24995Mar 11, 2025risk 0.00cvss —epss 0.01
Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.
- CVE-2025-21180Mar 11, 2025risk 0.00cvss —epss 0.01
Heap-based buffer overflow in Windows exFAT File System allows an unauthorized attacker to execute code locally.
- CVE-2025-24988Mar 11, 2025risk 0.00cvss —epss 0.01
Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack.
- CVE-2025-24987Mar 11, 2025risk 0.00cvss —epss 0.01
Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack.
- CVE-2025-24986Mar 11, 2025risk 0.00cvss —epss 0.00
Improper isolation or compartmentalization in Azure PromptFlow allows an unauthorized attacker to execute code over a network.
- CVE-2025-24083Mar 11, 2025risk 0.00cvss —epss 0.01
Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.
- CVE-2025-24082Mar 11, 2025risk 0.00cvss —epss 0.01
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- CVE-2025-24081Mar 11, 2025risk 0.00cvss —epss 0.01
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- CVE-2025-24080Mar 11, 2025risk 0.00cvss —epss 0.01
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
- CVE-2025-24079Mar 11, 2025risk 0.00cvss —epss 0.01
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- CVE-2025-24078Mar 11, 2025risk 0.00cvss —epss 0.01
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- CVE-2025-24077Mar 11, 2025risk 0.00cvss —epss 0.01
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- CVE-2025-24070Mar 11, 2025risk 0.00cvss —epss 0.01
Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network.
- CVE-2025-24057Mar 11, 2025risk 0.00cvss —epss 0.01
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
- CVE-2025-24044Mar 11, 2025risk 0.00cvss —epss 0.01
Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.
- CVE-2025-24035Mar 11, 2025risk 0.00cvss —epss 0.02
Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
- CVE-2025-26634Mar 11, 2025risk 0.00cvss —epss 0.01
Heap-based buffer overflow in Windows Core Messaging allows an authorized attacker to elevate privileges over a network.
- CVE-2025-26643Mar 7, 2025risk 0.00cvss —epss 0.01
The UI performs the wrong action in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
- CVE-2025-21401Feb 14, 2025risk 0.00cvss —epss 0.00
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
- CVE-2025-24042Feb 11, 2025risk 0.00cvss —epss 0.01
Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability
- CVE-2025-21373Feb 11, 2025risk 0.00cvss —epss 0.01
Windows Installer Elevation of Privilege Vulnerability
- CVE-2025-21414Feb 11, 2025risk 0.00cvss —epss 0.01
Windows Core Messaging Elevation of Privileges Vulnerability
- CVE-2025-21254Feb 11, 2025risk 0.00cvss —epss 0.01
Internet Connection Sharing (ICS) Denial of Service Vulnerability
- CVE-2025-21216Feb 11, 2025risk 0.00cvss —epss 0.01
Internet Connection Sharing (ICS) Denial of Service Vulnerability
- CVE-2025-21212Feb 11, 2025risk 0.00cvss —epss 0.01
Internet Connection Sharing (ICS) Denial of Service Vulnerability
- CVE-2025-21184Feb 11, 2025risk 0.00cvss —epss 0.01
Windows Core Messaging Elevation of Privileges Vulnerability
- CVE-2025-21179Feb 11, 2025risk 0.00cvss —epss 0.01
DHCP Client Service Denial of Service Vulnerability
- CVE-2025-21400Feb 11, 2025risk 0.00cvss —epss 0.30
Microsoft SharePoint Server Remote Code Execution Vulnerability
- CVE-2025-21397Feb 11, 2025risk 0.00cvss —epss 0.01
Microsoft Office Remote Code Execution Vulnerability
- CVE-2025-21394Feb 11, 2025risk 0.00cvss —epss 0.01
Microsoft Excel Remote Code Execution Vulnerability
- CVE-2025-21392Feb 11, 2025risk 0.00cvss —epss 0.01
Microsoft Office Remote Code Execution Vulnerability
- CVE-2025-21390Feb 11, 2025risk 0.00cvss —epss 0.01
Microsoft Excel Remote Code Execution Vulnerability
- CVE-2025-21387Feb 11, 2025risk 0.00cvss —epss 0.01
Microsoft Excel Remote Code Execution Vulnerability
- CVE-2025-21386Feb 11, 2025risk 0.00cvss —epss 0.01
Microsoft Excel Remote Code Execution Vulnerability
- CVE-2025-21381Feb 11, 2025risk 0.00cvss —epss 0.01
Microsoft Excel Remote Code Execution Vulnerability
- CVE-2025-21377Feb 11, 2025risk 0.00cvss —epss 0.22
NTLM Hash Disclosure Spoofing Vulnerability
- CVE-2025-21371Feb 11, 2025risk 0.00cvss —epss 0.02
Windows Telephony Service Remote Code Execution Vulnerability
- CVE-2025-21367Feb 11, 2025risk 0.00cvss —epss 0.01
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
- CVE-2025-21359Feb 11, 2025risk 0.00cvss —epss 0.01
Windows Kernel Security Feature Bypass Vulnerability
- CVE-2025-21358Feb 11, 2025risk 0.00cvss —epss 0.01
Windows Core Messaging Elevation of Privileges Vulnerability
- CVE-2025-21350Feb 11, 2025risk 0.00cvss —epss 0.02
Windows Kerberos Denial of Service Vulnerability
- CVE-2025-21349Feb 11, 2025risk 0.00cvss —epss 0.01
Windows Remote Desktop Configuration Service Tampering Vulnerability
- CVE-2025-21347Feb 11, 2025risk 0.00cvss —epss 0.01
Windows Deployment Services Denial of Service Vulnerability
- CVE-2025-21337Feb 11, 2025risk 0.00cvss —epss 0.01
Windows NTFS Elevation of Privilege Vulnerability
- CVE-2025-21198Feb 11, 2025risk 0.00cvss —epss 0.01
Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability
- CVE-2025-21201Feb 11, 2025risk 0.00cvss —epss 0.02
Windows Telephony Server Remote Code Execution Vulnerability
- CVE-2025-21200Feb 11, 2025risk 0.00cvss —epss 0.02
Windows Telephony Service Remote Code Execution Vulnerability
- CVE-2025-21190Feb 11, 2025risk 0.00cvss —epss 0.02
Windows Telephony Service Remote Code Execution Vulnerability
- CVE-2025-21410Feb 11, 2025risk 0.00cvss —epss 0.02
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Page 252 of 284