Vendor CVEs
Microsoft
All CVEs
14,318 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-7194 | Hig | 0.56 | 7.5 | 0.58 | Oct 14, 2016 | The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3386,… | ||
| CVE-2016-3288 | Hig | 0.56 | 7.5 | 0.52 | Aug 9, 2016 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code via a crafted web page, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3290. | ||
| CVE-2016-0051 | Hig | 0.56 | 7.8 | 0.23 | Feb 10, 2016 | The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "WebDAV Elevation… | ||
| CVE-2016-0016 | Hig | 0.56 | 7.8 | 0.31 | Jan 13, 2016 | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted… | ||
| CVE-2013-3896 | Med | 0.56 | 5.5 | 0.70 | KEV | Oct 9, 2013 | Microsoft Silverlight 5 before 5.1.20913.0 does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application, aka "Silverlight Vulnerability." | |
| CVE-2013-3894 | Hig | 0.56 | 8.1 | 0.43 | Oct 9, 2013 | The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted CMAP table in… | ||
| CVE-2010-0258 | Hig | 0.56 | 7.8 | 0.61 | Mar 10, 2010 | Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly… | ||
| CVE-2006-1364 | Hig | 0.56 | 7.5 | 0.59 | Mar 23, 2006 | Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several… | ||
| CVE-2026-47635 | Hig | 0.55 | 8.4 | 0.00 | Jun 9, 2026 | Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-45641 | Hig | 0.55 | 8.4 | 0.00 | Jun 9, 2026 | Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-45607 | Hig | 0.55 | 8.4 | 0.00 | Jun 9, 2026 | Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-45482 | Hig | 0.55 | 8.4 | 0.00 | Jun 9, 2026 | Improper limitation of a pathname to a restricted directory ('path traversal') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature locally. | ||
| CVE-2026-45474 | Hig | 0.55 | 8.4 | 0.00 | Jun 9, 2026 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-45472 | Hig | 0.55 | 8.4 | 0.00 | Jun 9, 2026 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-45463 | Hig | 0.55 | 8.4 | 0.00 | Jun 9, 2026 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-45461 | Hig | 0.55 | 8.4 | 0.00 | Jun 9, 2026 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-45458 | Hig | 0.55 | 8.4 | 0.00 | Jun 9, 2026 | Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-45456 | Hig | 0.55 | 8.4 | 0.00 | Jun 9, 2026 | Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-44810 | Hig | 0.55 | 8.4 | 0.00 | Jun 9, 2026 | Improper authentication in Windows Cryptographic Services allows an unauthorized attacker to elevate privileges locally. | ||
| CVE-2026-41098 | Hig | 0.55 | 8.4 | 0.01 | Jun 9, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') in Azure Stack Edge allows an authorized attacker to perform spoofing over a network. | ||
| CVE-2026-40367 | Hig | 0.55 | 8.4 | 0.00 | May 12, 2026 | Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-40366 | Hig | 0.55 | 8.4 | 0.00 | May 12, 2026 | Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-40364 | Hig | 0.55 | 8.4 | 0.04 | May 12, 2026 | Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-40363 | Hig | 0.55 | 8.4 | 0.00 | May 12, 2026 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-40361 | Hig | 0.55 | 8.4 | 0.01 | May 12, 2026 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-40358 | Hig | 0.55 | 8.4 | 0.00 | May 12, 2026 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-33115 | Hig | 0.55 | 8.4 | 0.00 | Apr 14, 2026 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-33114 | Hig | 0.55 | 8.4 | 0.00 | Apr 14, 2026 | Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-32221 | Hig | 0.55 | 8.4 | 0.00 | Apr 14, 2026 | Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-32201 | Med | 0.55 | 6.5 | 0.24 | KEV | Apr 14, 2026 | Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. | |
| CVE-2026-32190 | Hig | 0.55 | 8.4 | 0.00 | Apr 14, 2026 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-32162 | Hig | 0.55 | 8.4 | 0.02 | Apr 14, 2026 | Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate privileges locally. | ||
| CVE-2026-32091 | Hig | 0.55 | 8.4 | 0.00 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally. | ||
| CVE-2026-26110 | Hig | 0.55 | 8.4 | 0.00 | Mar 10, 2026 | Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-62557 | Hig | 0.55 | 8.4 | 0.00 | Dec 9, 2025 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-62554 | Hig | 0.55 | 8.4 | 0.00 | Dec 9, 2025 | Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-59236 | Hig | 0.55 | 8.4 | 0.00 | Oct 14, 2025 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-53782 | Hig | 0.55 | 8.4 | 0.00 | Oct 14, 2025 | Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally. | ||
| CVE-2025-54910 | Hig | 0.55 | 8.4 | 0.01 | Sep 9, 2025 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-53784 | Hig | 0.55 | 8.4 | 0.00 | Aug 12, 2025 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-53740 | Hig | 0.55 | 8.4 | 0.01 | Aug 12, 2025 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-53733 | Hig | 0.55 | 8.4 | 0.00 | Aug 12, 2025 | Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-53731 | Hig | 0.55 | 8.4 | 0.01 | Aug 12, 2025 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-49717 | Hig | 0.55 | 8.5 | 0.01 | Jul 8, 2025 | Heap-based buffer overflow in SQL Server allows an authorized attacker to execute code over a network. | ||
| CVE-2025-49697 | Hig | 0.55 | 8.4 | 0.00 | Jul 8, 2025 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-49696 | Hig | 0.55 | 8.4 | 0.01 | Jul 8, 2025 | Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-49695 | Hig | 0.55 | 8.4 | 0.01 | Jul 8, 2025 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-32717 | Hig | 0.55 | 8.4 | 0.01 | Jun 11, 2025 | Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-47953 | Hig | 0.55 | 8.4 | 0.00 | Jun 10, 2025 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-47167 | Hig | 0.55 | 8.4 | 0.01 | Jun 10, 2025 | Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. |
- risk 0.56cvss 7.5epss 0.58
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3386,…
- risk 0.56cvss 7.5epss 0.52
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code via a crafted web page, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3290.
- risk 0.56cvss 7.8epss 0.23
The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "WebDAV Elevation…
- risk 0.56cvss 7.8epss 0.31
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted…
- risk 0.56cvss 5.5epss 0.70
Microsoft Silverlight 5 before 5.1.20913.0 does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application, aka "Silverlight Vulnerability."
- risk 0.56cvss 8.1epss 0.43
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted CMAP table in…
- risk 0.56cvss 7.8epss 0.61
Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly…
- risk 0.56cvss 7.5epss 0.59
Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several…
- risk 0.55cvss 8.4epss 0.00
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.4epss 0.00
Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.4epss 0.00
Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.4epss 0.00
Improper limitation of a pathname to a restricted directory ('path traversal') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
- risk 0.55cvss 8.4epss 0.00
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.4epss 0.00
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.4epss 0.00
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.4epss 0.00
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.4epss 0.00
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.4epss 0.00
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.4epss 0.00
Improper authentication in Windows Cryptographic Services allows an unauthorized attacker to elevate privileges locally.
- risk 0.55cvss 8.4epss 0.01
Improper neutralization of input during web page generation ('cross-site scripting') in Azure Stack Edge allows an authorized attacker to perform spoofing over a network.
- risk 0.55cvss 8.4epss 0.00
Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.4epss 0.00
Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.4epss 0.04
Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.4epss 0.00
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.4epss 0.01
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.4epss 0.00
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.4epss 0.00
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.4epss 0.00
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.4epss 0.00
Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 6.5epss 0.24
Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
- risk 0.55cvss 8.4epss 0.00
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.4epss 0.02
Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate privileges locally.
- risk 0.55cvss 8.4epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.
- risk 0.55cvss 8.4epss 0.00
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.4epss 0.00
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.4epss 0.00
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.4epss 0.00
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.4epss 0.00
Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally.
- risk 0.55cvss 8.4epss 0.01
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.4epss 0.00
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.4epss 0.01
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.4epss 0.00
Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.4epss 0.01
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.5epss 0.01
Heap-based buffer overflow in SQL Server allows an authorized attacker to execute code over a network.
- risk 0.55cvss 8.4epss 0.00
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.4epss 0.01
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.4epss 0.01
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.4epss 0.01
Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.4epss 0.00
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.4epss 0.01
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
Page 38 of 287