VYPR

Vendor CVEs

Microsoft

All CVEs

14,318 total · sorted by risk
  • CVE-2026-23658HigMar 19, 2026
    risk 0.56cvss 8.6epss 0.01

    Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.

  • CVE-2026-24302HigFeb 5, 2026
    risk 0.56cvss 8.6epss 0.02

    Improper access control in Azure Arc allows an unauthorized attacker to elevate privileges over a network.

  • CVE-2025-62207HigNov 20, 2025
    risk 0.56cvss 8.6epss 0.01

    Azure Monitor Elevation of Privilege Vulnerability

  • CVE-2025-9491HigAug 26, 2025
    risk 0.56cvss 7.8epss 0.63

    Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target…

  • CVE-2025-48822HigJul 8, 2025
    risk 0.56cvss 8.6epss 0.01

    Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.

  • CVE-2025-27737HigApr 8, 2025
    risk 0.56cvss 8.6epss 0.01

    Improper input validation in Windows Security Zone Mapping allows an unauthorized attacker to bypass a security feature locally.

  • CVE-2025-21355HigFeb 19, 2025
    risk 0.56cvss 8.6epss 0.01

    Missing Authentication for Critical Function in Microsoft Bing allows an unauthorized attacker to execute code over a network

  • CVE-2024-38190HigOct 15, 2024
    risk 0.56cvss 8.6epss 0.01

    Missing authorization in Power Platform allows an unauthenticated attacker to view sensitive information through a network attack vector.

  • CVE-2024-38206HigAug 6, 2024
    risk 0.56cvss 8.5epss 0.12

    An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network.

  • CVE-2023-36563MedKEVOct 10, 2023
    risk 0.56cvss 6.5epss 0.21

    Microsoft WordPad Information Disclosure Vulnerability

  • CVE-2023-36761MedKEVSep 12, 2023
    risk 0.56cvss 6.5epss 0.19

    Microsoft Word Information Disclosure Vulnerability

  • CVE-2023-28302HigApr 11, 2023
    risk 0.56cvss 7.5epss 0.94

    Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

  • CVE-2023-28288HigApr 11, 2023
    risk 0.56cvss 8.1epss 0.06

    Microsoft SharePoint Server Spoofing Vulnerability

  • CVE-2023-21769HigApr 11, 2023
    risk 0.56cvss 7.5epss 0.92

    Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

  • CVE-2023-21758HigJan 10, 2023
    risk 0.56cvss 7.5epss 0.92

    Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability

  • CVE-2023-21547HigJan 10, 2023
    risk 0.56cvss 7.5epss 0.88

    Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability

  • CVE-2021-40487HigOct 13, 2021
    risk 0.56cvss 8.1epss 0.46

    Microsoft SharePoint Server Remote Code Execution Vulnerability

  • CVE-2021-31977HigJun 8, 2021
    risk 0.56cvss 8.6epss 0.03

    Windows Hyper-V Denial of Service Vulnerability

  • CVE-2021-28472HigApr 13, 2021
    risk 0.56cvss 7.8epss 0.63

    Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability

  • CVE-2021-27084HigMar 11, 2021
    risk 0.56cvss 7.8epss 0.61

    Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability

  • CVE-2021-27083HigMar 11, 2021
    risk 0.56cvss 7.8epss 0.63

    Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability

  • CVE-2020-17095HigDec 10, 2020
    risk 0.56cvss 8.5epss 0.05

    Windows Hyper-V Remote Code Execution Vulnerability

  • CVE-2020-17084HigNov 11, 2020
    risk 0.56cvss 8.5epss 0.04

    Microsoft Exchange Server Remote Code Execution Vulnerability

  • CVE-2020-16951HigOct 16, 2020
    risk 0.56cvss 8.6epss 0.01

    A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application…

  • CVE-2020-1460HigSep 11, 2020
    risk 0.56cvss 8.6epss 0.04

    A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls. An authenticated attacker who successfully exploited the vulnerability could use a specially crafted page to perform actions…

  • CVE-2020-1453HigSep 11, 2020
    risk 0.56cvss 8.6epss 0.02

    A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application…

  • CVE-2020-1452HigSep 11, 2020
    risk 0.56cvss 8.6epss 0.02

    A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application…

  • CVE-2020-1200HigSep 11, 2020
    risk 0.56cvss 8.6epss 0.02

    A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application…

  • CVE-2020-0668HigFeb 11, 2020
    risk 0.56cvss 7.8epss 0.26

    An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0669, CVE-2020-0670, CVE-2020-0671, CVE-2020-0672.

  • CVE-2019-0572HigJan 8, 2019
    risk 0.56cvss 7.8epss 0.25

    An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10…

  • CVE-2018-8552HigNov 14, 2018
    risk 0.56cvss 7.5epss 0.51

    An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka "Windows Scripting Engine Memory Corruption Vulnerability." This…

  • CVE-2018-8284HigJul 11, 2018
    risk 0.56cvss 8.1epss 0.43

    A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework…

  • CVE-2018-0935HigMar 14, 2018
    risk 0.56cvss 7.5epss 0.56

    Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles…

  • CVE-2018-0840HigFeb 15, 2018
    risk 0.56cvss 7.5epss 0.54

    Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to…

  • CVE-2017-11890HigDec 12, 2017
    risk 0.56cvss 7.5epss 0.49

    Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how…

  • CVE-2017-11855HigNov 15, 2017
    risk 0.56cvss 7.5epss 0.48

    Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user…

  • CVE-2017-11810HigOct 13, 2017
    risk 0.56cvss 7.5epss 0.54

    Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current…

  • CVE-2017-11793HigOct 13, 2017
    risk 0.56cvss 7.5epss 0.49

    Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current…

  • CVE-2017-8751HigSep 13, 2017
    risk 0.56cvss 7.5epss 0.50

    Microsoft Edge in Microsoft Windows 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from…

  • CVE-2017-8734HigSep 13, 2017
    risk 0.56cvss 7.5epss 0.53

    Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption…

  • CVE-2017-8731HigSep 13, 2017
    risk 0.56cvss 7.5epss 0.52

    Microsoft Edge in Microsoft Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID…

  • CVE-2017-8657HigAug 8, 2017
    risk 0.56cvss 7.5epss 0.55

    Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka…

  • CVE-2017-8635HigAug 8, 2017
    risk 0.56cvss 7.5epss 0.56

    Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to…

  • CVE-2017-8618HigJul 11, 2017
    risk 0.56cvss 7.5epss 0.58

    Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 Internet Explorer in the way affected Microsoft scripting engines render when…

  • CVE-2017-8594HigJul 11, 2017
    risk 0.56cvss 7.5epss 0.50

    Internet Explorer on Microsoft Windows 8.1 and Windows RT 8.1, and Windows Server 2012 R2 allows an attacker to execute arbitrary code in the context of the current user when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption…

  • CVE-2017-0176HigJun 22, 2017
    risk 0.56cvss 8.1epss 0.46

    A buffer overflow in Smart Card authentication code in gpkcsp.dll in Microsoft Windows XP through SP3 and Server 2003 through SP2 allows a remote attacker to execute arbitrary code on the target computer, provided that the computer is joined in a Windows domain and has Remote…

  • CVE-2017-8496HigJun 15, 2017
    risk 0.56cvss 7.5epss 0.51

    Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from…

  • CVE-2017-0022MedKEVMar 17, 2017
    risk 0.56cvss 6.5epss 0.18

    Microsoft XML Core Services (MSXML) in Windows 10 Gold, 1511, and 1607; Windows 7 SP1; Windows 8.1; Windows RT 8.1; Windows Server 2008 SP2 and R2 SP1; Windows Server 2012 Gold and R2; Windows Server 2016; and Windows Vista SP2 improperly handles objects in memory, allowing…

  • CVE-2017-0004HigJan 10, 2017
    risk 0.56cvss 7.5epss 0.90

    The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to cause a denial of service (reboot) via a crafted authentication request, aka "Local Security Authority…

  • CVE-2016-7212HigNov 10, 2016
    risk 0.56cvss 7.8epss 0.70

    Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow remote attackers to execute arbitrary code via a crafted image file, aka…

Page 37 of 287