VYPR

Vendor CVEs

Microsoft

All CVEs

14,318 total · sorted by risk
  • CVE-2016-7194HigOct 14, 2016
    risk 0.56cvss 7.5epss 0.58

    The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3386,…

  • CVE-2016-3288HigAug 9, 2016
    risk 0.56cvss 7.5epss 0.52

    Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code via a crafted web page, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3290.

  • CVE-2016-0051HigFeb 10, 2016
    risk 0.56cvss 7.8epss 0.23

    The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "WebDAV Elevation…

  • CVE-2016-0016HigJan 13, 2016
    risk 0.56cvss 7.8epss 0.31

    Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted…

  • CVE-2013-3896MedKEVOct 9, 2013
    risk 0.56cvss 5.5epss 0.70

    Microsoft Silverlight 5 before 5.1.20913.0 does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application, aka "Silverlight Vulnerability."

  • CVE-2013-3894HigOct 9, 2013
    risk 0.56cvss 8.1epss 0.43

    The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted CMAP table in…

  • CVE-2010-0258HigMar 10, 2010
    risk 0.56cvss 7.8epss 0.61

    Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly…

  • CVE-2006-1364HigMar 23, 2006
    risk 0.56cvss 7.5epss 0.59

    Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several…

  • CVE-2026-47635HigJun 9, 2026
    risk 0.55cvss 8.4epss 0.00

    Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

  • CVE-2026-45641HigJun 9, 2026
    risk 0.55cvss 8.4epss 0.00

    Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.

  • CVE-2026-45607HigJun 9, 2026
    risk 0.55cvss 8.4epss 0.00

    Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.

  • CVE-2026-45482HigJun 9, 2026
    risk 0.55cvss 8.4epss 0.00

    Improper limitation of a pathname to a restricted directory ('path traversal') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.

  • CVE-2026-45474HigJun 9, 2026
    risk 0.55cvss 8.4epss 0.00

    Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

  • CVE-2026-45472HigJun 9, 2026
    risk 0.55cvss 8.4epss 0.00

    Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

  • CVE-2026-45463HigJun 9, 2026
    risk 0.55cvss 8.4epss 0.00

    Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

  • CVE-2026-45461HigJun 9, 2026
    risk 0.55cvss 8.4epss 0.00

    Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

  • CVE-2026-45458HigJun 9, 2026
    risk 0.55cvss 8.4epss 0.00

    Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

  • CVE-2026-45456HigJun 9, 2026
    risk 0.55cvss 8.4epss 0.00

    Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

  • CVE-2026-44810HigJun 9, 2026
    risk 0.55cvss 8.4epss 0.00

    Improper authentication in Windows Cryptographic Services allows an unauthorized attacker to elevate privileges locally.

  • CVE-2026-41098HigJun 9, 2026
    risk 0.55cvss 8.4epss 0.01

    Improper neutralization of input during web page generation ('cross-site scripting') in Azure Stack Edge allows an authorized attacker to perform spoofing over a network.

  • CVE-2026-40367HigMay 12, 2026
    risk 0.55cvss 8.4epss 0.00

    Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.

  • CVE-2026-40366HigMay 12, 2026
    risk 0.55cvss 8.4epss 0.00

    Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.

  • CVE-2026-40364HigMay 12, 2026
    risk 0.55cvss 8.4epss 0.04

    Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.

  • CVE-2026-40363HigMay 12, 2026
    risk 0.55cvss 8.4epss 0.00

    Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

  • CVE-2026-40361HigMay 12, 2026
    risk 0.55cvss 8.4epss 0.01

    Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

  • CVE-2026-40358HigMay 12, 2026
    risk 0.55cvss 8.4epss 0.00

    Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

  • CVE-2026-33115HigApr 14, 2026
    risk 0.55cvss 8.4epss 0.00

    Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

  • CVE-2026-33114HigApr 14, 2026
    risk 0.55cvss 8.4epss 0.00

    Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

  • CVE-2026-32221HigApr 14, 2026
    risk 0.55cvss 8.4epss 0.00

    Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code locally.

  • CVE-2026-32201MedKEVApr 14, 2026
    risk 0.55cvss 6.5epss 0.24

    Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2026-32190HigApr 14, 2026
    risk 0.55cvss 8.4epss 0.00

    Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

  • CVE-2026-32162HigApr 14, 2026
    risk 0.55cvss 8.4epss 0.02

    Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate privileges locally.

  • CVE-2026-32091HigApr 14, 2026
    risk 0.55cvss 8.4epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.

  • CVE-2026-26110HigMar 10, 2026
    risk 0.55cvss 8.4epss 0.00

    Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

  • CVE-2025-62557HigDec 9, 2025
    risk 0.55cvss 8.4epss 0.00

    Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

  • CVE-2025-62554HigDec 9, 2025
    risk 0.55cvss 8.4epss 0.00

    Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

  • CVE-2025-59236HigOct 14, 2025
    risk 0.55cvss 8.4epss 0.00

    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  • CVE-2025-53782HigOct 14, 2025
    risk 0.55cvss 8.4epss 0.00

    Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally.

  • CVE-2025-54910HigSep 9, 2025
    risk 0.55cvss 8.4epss 0.01

    Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

  • CVE-2025-53784HigAug 12, 2025
    risk 0.55cvss 8.4epss 0.00

    Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

  • CVE-2025-53740HigAug 12, 2025
    risk 0.55cvss 8.4epss 0.01

    Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

  • CVE-2025-53733HigAug 12, 2025
    risk 0.55cvss 8.4epss 0.00

    Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally.

  • CVE-2025-53731HigAug 12, 2025
    risk 0.55cvss 8.4epss 0.01

    Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

  • CVE-2025-49717HigJul 8, 2025
    risk 0.55cvss 8.5epss 0.01

    Heap-based buffer overflow in SQL Server allows an authorized attacker to execute code over a network.

  • CVE-2025-49697HigJul 8, 2025
    risk 0.55cvss 8.4epss 0.00

    Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

  • CVE-2025-49696HigJul 8, 2025
    risk 0.55cvss 8.4epss 0.01

    Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.

  • CVE-2025-49695HigJul 8, 2025
    risk 0.55cvss 8.4epss 0.01

    Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

  • CVE-2025-32717HigJun 11, 2025
    risk 0.55cvss 8.4epss 0.01

    Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.

  • CVE-2025-47953HigJun 10, 2025
    risk 0.55cvss 8.4epss 0.00

    Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

  • CVE-2025-47167HigJun 10, 2025
    risk 0.55cvss 8.4epss 0.01

    Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

Page 38 of 287