VYPR

Vendor CVEs

Microsoft

All CVEs

14,318 total · sorted by risk
  • CVE-2018-8145HigMay 9, 2018
    risk 0.57cvss 7.5epss 0.67

    An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This…

  • CVE-2018-0953HigMay 9, 2018
    risk 0.57cvss 7.5epss 0.67

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945,…

  • CVE-2018-0775HigJan 4, 2018
    risk 0.57cvss 7.5epss 0.68

    Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758,…

  • CVE-2018-0774HigJan 4, 2018
    risk 0.57cvss 7.5epss 0.68

    Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758,…

  • CVE-2017-11918HigDec 12, 2017
    risk 0.57cvss 7.5epss 0.63

    ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption…

  • CVE-2017-11907HigDec 12, 2017
    risk 0.57cvss 7.5epss 0.64

    Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to…

  • CVE-2017-11876HigNov 15, 2017
    risk 0.57cvss 8.8epss 0.02

    Microsoft Project Server and Microsoft SharePoint Enterprise Server 2016 allow an attacker to use cross-site forgery to read content that they are not authorized to read, use the victim's identity to take actions on the web application on behalf of the victim, such as change…

  • CVE-2017-11873HigNov 15, 2017
    risk 0.57cvss 7.5epss 0.70

    ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory…

  • CVE-2017-11861HigNov 15, 2017
    risk 0.57cvss 7.5epss 0.64

    Microsoft Edge in Windows 10 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption…

  • CVE-2017-11841HigNov 15, 2017
    risk 0.57cvss 7.5epss 0.60

    ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine…

  • CVE-2017-11840HigNov 15, 2017
    risk 0.57cvss 7.5epss 0.60

    ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine…

  • CVE-2017-11839HigNov 15, 2017
    risk 0.57cvss 7.5epss 0.62

    Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to take control of an affected system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption…

  • CVE-2017-11767CriNov 2, 2017
    risk 0.57cvss 9.8epss 0.10

    ChakraCore allows an attacker to gain the same user rights as the current user, due to the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

  • CVE-2017-11811HigOct 13, 2017
    risk 0.57cvss 7.5epss 0.65

    ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory…

  • CVE-2017-11809HigOct 13, 2017
    risk 0.57cvss 7.5epss 0.68

    ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory…

  • CVE-2017-11802HigOct 13, 2017
    risk 0.57cvss 7.5epss 0.69

    ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory…

  • CVE-2017-11799HigOct 13, 2017
    risk 0.57cvss 7.5epss 0.64

    ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory…

  • CVE-2017-8755HigSep 13, 2017
    risk 0.57cvss 7.5epss 0.71

    Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory…

  • CVE-2017-11764HigSep 13, 2017
    risk 0.57cvss 7.5epss 0.64

    Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption…

  • CVE-2017-8671HigAug 8, 2017
    risk 0.57cvss 7.5epss 0.69

    Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka…

  • CVE-2017-8670HigAug 8, 2017
    risk 0.57cvss 7.5epss 0.69

    Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting…

  • CVE-2017-8656HigAug 8, 2017
    risk 0.57cvss 7.5epss 0.69

    Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting…

  • CVE-2017-8646HigAug 8, 2017
    risk 0.57cvss 7.5epss 0.69

    Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine…

  • CVE-2017-8645HigAug 8, 2017
    risk 0.57cvss 7.5epss 0.69

    Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine…

  • CVE-2017-8641HigAug 8, 2017
    risk 0.57cvss 7.5epss 0.72

    Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to…

  • CVE-2017-8640HigAug 8, 2017
    risk 0.57cvss 7.5epss 0.69

    Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting…

  • CVE-2017-8634HigAug 8, 2017
    risk 0.57cvss 7.5epss 0.70

    Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption…

  • CVE-2017-8620HigAug 8, 2017
    risk 0.57cvss 8.1epss 0.55

    Windows Search in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it improperly handles objects in…

  • CVE-2017-8503HigAug 8, 2017
    risk 0.57cvss 8.8epss 0.01

    Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to escape from the AppContainer sandbox, aka "Microsoft Edge Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8642.

  • CVE-2017-8601HigJul 11, 2017
    risk 0.57cvss 7.5epss 0.67

    Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting…

  • CVE-2017-8590HigJul 11, 2017
    risk 0.57cvss 8.8epss 0.01

    Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way that the Windows Common Log File…

  • CVE-2017-8558HigJun 29, 2017
    risk 0.57cvss 7.8epss 0.44

    The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on 32-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703…

  • CVE-2017-8548HigJun 15, 2017
    risk 0.57cvss 7.5epss 0.68

    Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system when Microsoft Edge improperly handles objects in memory, aka "Scripting Engine Memory Corruption…

  • CVE-2016-7288HigDec 20, 2016
    risk 0.57cvss 7.5epss 0.70

    The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7286, CVE-2016-7296,…

  • CVE-2016-7287HigDec 20, 2016
    risk 0.57cvss 7.5epss 0.69

    The scripting engines in Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."

  • CVE-2016-7286HigDec 20, 2016
    risk 0.57cvss 7.5epss 0.69

    The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7288, CVE-2016-7296,…

  • CVE-2016-7241HigNov 10, 2016
    risk 0.57cvss 7.5epss 0.71

    Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."

  • CVE-2016-3298MedKEVOct 14, 2016
    risk 0.57cvss 6.5epss 0.33

    Microsoft Internet Explorer 9 through 11 and the Internet Messaging API in Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow remote attackers to determine the existence of arbitrary files via a crafted web site, aka "Internet Explorer Information…

  • CVE-2016-3247HigSep 14, 2016
    risk 0.57cvss 7.5epss 0.71

    Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."

  • CVE-2016-3316HigAug 9, 2016
    risk 0.57cvss 7.8epss 0.47

    Microsoft Word 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to execute arbitrary code via a crafted file, aka "Microsoft Office Memory Corruption Vulnerability."

  • CVE-2016-3301HigAug 9, 2016
    risk 0.57cvss 7.8epss 0.44

    The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync…

  • CVE-2016-3225HigJun 16, 2016
    risk 0.57cvss 7.8epss 0.43

    The SMB server component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application that forwards an…

  • CVE-2016-3223HigJun 16, 2016
    risk 0.57cvss 8.1epss 0.21

    Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandle LDAP authentication, which allows man-in-the-middle attackers to gain privileges by modifying…

  • CVE-2016-0122HigApr 12, 2016
    risk 0.57cvss 7.8epss 0.41

    Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Word 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption…

  • CVE-2016-0117HigMar 9, 2016
    risk 0.57cvss 7.8epss 0.73

    The PDF library in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted PDF document, aka "Windows Remote Code Execution Vulnerability."

  • CVE-2015-0071MedKEVFeb 11, 2015
    risk 0.57cvss 6.5epss 0.34

    Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability."

  • CVE-2026-35435HigMay 7, 2026
    risk 0.56cvss 8.6epss 0.01

    Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network.

  • CVE-2026-26150HigApr 23, 2026
    risk 0.56cvss 8.6epss 0.01

    Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.

  • CVE-2026-32173HigApr 3, 2026
    risk 0.56cvss 8.6epss 0.01

    Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information over a network.

  • CVE-2026-23659HigMar 19, 2026
    risk 0.56cvss 8.6epss 0.01

    Exposure of sensitive information to an unauthorized actor in Azure Data Factory allows an unauthorized attacker to disclose information over a network.

Page 36 of 287