Vendor CVEs
Microsoft
All CVEs
14,318 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-47164 | Hig | 0.55 | 8.4 | 0.01 | Jun 10, 2025 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-47162 | Hig | 0.55 | 8.4 | 0.01 | Jun 10, 2025 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-33067 | Hig | 0.55 | 8.4 | 0.00 | Jun 10, 2025 | Improper privilege management in Windows Kernel allows an unauthorized attacker to elevate privileges locally. | ||
| CVE-2025-32704 | Hig | 0.55 | 8.4 | 0.00 | May 13, 2025 | Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-30386 | Hig | 0.55 | 8.4 | 0.01 | May 13, 2025 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-30377 | Hig | 0.55 | 8.4 | 0.01 | May 13, 2025 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-21416 | Hig | 0.55 | 8.5 | 0.01 | Apr 30, 2025 | Missing authorization in Azure Virtual Desktop allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2025-26678 | Hig | 0.55 | 8.4 | 0.00 | Apr 8, 2025 | Improper access control in Windows Defender Application Control (WDAC) allows an unauthorized attacker to bypass a security feature locally. | ||
| CVE-2025-24084 | Hig | 0.55 | 8.4 | 0.01 | Mar 11, 2025 | Untrusted pointer dereference in Windows Subsystem for Linux allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-24049 | Hig | 0.55 | 8.4 | 0.00 | Mar 11, 2025 | Improper neutralization of special elements used in a command ('command injection') in Azure Command Line Integration (CLI) allows an unauthorized attacker to elevate privileges locally. | ||
| CVE-2025-21362 | Hig | 0.55 | 8.4 | 0.01 | Jan 14, 2025 | Microsoft Excel Remote Code Execution Vulnerability | ||
| CVE-2025-21354 | Hig | 0.55 | 8.4 | 0.01 | Jan 14, 2025 | Microsoft Excel Remote Code Execution Vulnerability | ||
| CVE-2024-12902 | Hig | 0.55 | 8.4 | 0.00 | Dec 23, 2024 | ANCHOR from Global Wisdom Software is an integrated product running on a Windows virtual machine. The underlying Windows OS of the product contains high-privilege service accounts. If these accounts use default passwords, attackers could remotely log in to the virtual machine… | ||
| CVE-2024-49113 | Hig | 0.55 | 7.5 | 0.84 | Dec 12, 2024 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | ||
| CVE-2024-49105 | Hig | 0.55 | 8.4 | 0.02 | Dec 12, 2024 | Remote Desktop Client Remote Code Execution Vulnerability | ||
| CVE-2024-49063 | Hig | 0.55 | 8.4 | 0.02 | Dec 12, 2024 | Microsoft/Muzic Remote Code Execution Vulnerability | ||
| CVE-2024-43479 | Hig | 0.55 | 8.5 | 0.01 | Sep 10, 2024 | Microsoft Power Automate Desktop Remote Code Execution Vulnerability | ||
| CVE-2024-38194 | Hig | 0.55 | 8.4 | 0.01 | Sep 10, 2024 | An authenticated attacker can exploit an improper authorization vulnerability in Azure Web Apps to elevate privileges over a network. | ||
| CVE-2024-38213 | Med | 0.55 | 6.5 | 0.13 | KEV | Aug 13, 2024 | Windows Mark of the Web Security Feature Bypass Vulnerability | |
| CVE-2024-38218 | Hig | 0.55 | 8.4 | 0.01 | Aug 12, 2024 | Microsoft Edge (HTML-based) Memory Corruption Vulnerability | ||
| CVE-2024-37984 | Hig | 0.55 | 8.4 | 0.01 | Jul 9, 2024 | Secure Boot Security Feature Bypass Vulnerability | ||
| CVE-2024-30085 | Hig | 0.55 | 7.8 | 0.15 | Jun 11, 2024 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | ||
| CVE-2024-29989 | Hig | 0.55 | 8.4 | 0.01 | Apr 9, 2024 | Azure Monitor Agent Elevation of Privilege Vulnerability | ||
| CVE-2024-29050 | Hig | 0.55 | 8.4 | 0.01 | Apr 9, 2024 | Windows Cryptographic Services Remote Code Execution Vulnerability | ||
| CVE-2024-21357 | Hig | 0.55 | 8.1 | 0.27 | Feb 13, 2024 | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | ||
| CVE-2023-36050 | Hig | 0.55 | 8.0 | 0.39 | Nov 14, 2023 | Microsoft Exchange Server Spoofing Vulnerability | ||
| CVE-2023-36041 | Hig | 0.55 | 7.8 | 0.57 | Nov 14, 2023 | Microsoft Excel Remote Code Execution Vulnerability | ||
| CVE-2023-36569 | Hig | 0.55 | 8.4 | 0.01 | Oct 10, 2023 | Microsoft Office Elevation of Privilege Vulnerability | ||
| CVE-2023-32029 | Hig | 0.55 | 7.8 | 0.54 | Jun 14, 2023 | Microsoft Excel Remote Code Execution Vulnerability | ||
| CVE-2023-28291 | Hig | 0.55 | 8.4 | 0.01 | Apr 11, 2023 | Raw Image Extension Remote Code Execution Vulnerability | ||
| CVE-2022-41127 | Hig | 0.55 | 8.5 | 0.02 | Dec 13, 2022 | Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability | ||
| CVE-2022-38044 | Hig | 0.55 | 7.8 | 0.56 | Oct 11, 2022 | Windows CD-ROM File System Driver Remote Code Execution Vulnerability | ||
| CVE-2022-30222 | Hig | 0.55 | 8.4 | 0.01 | Jul 12, 2022 | Windows Shell Remote Code Execution Vulnerability | ||
| CVE-2022-30163 | Hig | 0.55 | 8.5 | 0.02 | Jun 15, 2022 | Windows Hyper-V Remote Code Execution Vulnerability | ||
| CVE-2021-41379 | Med | 0.55 | 5.5 | 0.20 | KEV | Nov 10, 2021 | Windows Installer Elevation of Privilege Vulnerability | |
| CVE-2021-36952 | Hig | 0.55 | 7.8 | 0.54 | Sep 15, 2021 | Visual Studio Remote Code Execution Vulnerability | ||
| CVE-2021-34478 | Hig | 0.55 | 7.8 | 0.54 | Aug 12, 2021 | Microsoft Office Remote Code Execution Vulnerability | ||
| CVE-2021-34450 | Hig | 0.55 | 8.5 | 0.02 | Jul 16, 2021 | Windows Hyper-V Remote Code Execution Vulnerability | ||
| CVE-2021-34501 | Hig | 0.55 | 7.8 | 0.53 | Jul 14, 2021 | Microsoft Excel Remote Code Execution Vulnerability | ||
| CVE-2021-31213 | Hig | 0.55 | 7.8 | 0.53 | May 11, 2021 | Visual Studio Code Remote Containers Extension Remote Code Execution Vulnerability | ||
| CVE-2021-26864 | Hig | 0.55 | 8.4 | 0.01 | Mar 11, 2021 | Windows Virtual Registry Provider Elevation of Privilege Vulnerability | ||
| CVE-2021-26701 | Hig | 0.55 | 8.1 | 0.30 | Feb 25, 2021 | .NET Core Remote Code Execution Vulnerability | ||
| CVE-2021-24105 | Hig | 0.55 | 8.4 | 0.02 | Feb 25, 2021 | Depending on configuration of various package managers it is possible for an attacker to insert a malicious package into a package manager's repository which can be retrieved and used during development, build, and release processes. This insertion could lead to remote code… | ||
| CVE-2020-17141 | Hig | 0.55 | 8.4 | 0.07 | Dec 10, 2020 | Microsoft Exchange Remote Code Execution Vulnerability | ||
| CVE-2020-17136 | Hig | 0.55 | 7.8 | 0.14 | Dec 10, 2020 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | ||
| CVE-2020-1576 | Hig | 0.55 | 8.5 | 0.02 | Sep 11, 2020 | A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application… | ||
| CVE-2020-1285 | Hig | 0.55 | 8.4 | 0.04 | Sep 11, 2020 | A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install… | ||
| CVE-2020-1074 | Hig | 0.55 | 7.8 | 0.53 | Sep 11, 2020 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this… | ||
| CVE-2020-1337 | Hig | 0.55 | 7.8 | 0.14 | Aug 17, 2020 | An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could… | ||
| CVE-2020-1048 | Hig | 0.55 | 7.8 | 0.17 | May 21, 2020 | An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1070. |
- risk 0.55cvss 8.4epss 0.01
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.4epss 0.01
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.4epss 0.00
Improper privilege management in Windows Kernel allows an unauthorized attacker to elevate privileges locally.
- risk 0.55cvss 8.4epss 0.00
Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.4epss 0.01
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.4epss 0.01
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.5epss 0.01
Missing authorization in Azure Virtual Desktop allows an authorized attacker to elevate privileges over a network.
- risk 0.55cvss 8.4epss 0.00
Improper access control in Windows Defender Application Control (WDAC) allows an unauthorized attacker to bypass a security feature locally.
- risk 0.55cvss 8.4epss 0.01
Untrusted pointer dereference in Windows Subsystem for Linux allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.4epss 0.00
Improper neutralization of special elements used in a command ('command injection') in Azure Command Line Integration (CLI) allows an unauthorized attacker to elevate privileges locally.
- risk 0.55cvss 8.4epss 0.01
Microsoft Excel Remote Code Execution Vulnerability
- risk 0.55cvss 8.4epss 0.01
Microsoft Excel Remote Code Execution Vulnerability
- risk 0.55cvss 8.4epss 0.00
ANCHOR from Global Wisdom Software is an integrated product running on a Windows virtual machine. The underlying Windows OS of the product contains high-privilege service accounts. If these accounts use default passwords, attackers could remotely log in to the virtual machine…
- risk 0.55cvss 7.5epss 0.84
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
- risk 0.55cvss 8.4epss 0.02
Remote Desktop Client Remote Code Execution Vulnerability
- risk 0.55cvss 8.4epss 0.02
Microsoft/Muzic Remote Code Execution Vulnerability
- risk 0.55cvss 8.5epss 0.01
Microsoft Power Automate Desktop Remote Code Execution Vulnerability
- risk 0.55cvss 8.4epss 0.01
An authenticated attacker can exploit an improper authorization vulnerability in Azure Web Apps to elevate privileges over a network.
- risk 0.55cvss 6.5epss 0.13
Windows Mark of the Web Security Feature Bypass Vulnerability
- risk 0.55cvss 8.4epss 0.01
Microsoft Edge (HTML-based) Memory Corruption Vulnerability
- risk 0.55cvss 8.4epss 0.01
Secure Boot Security Feature Bypass Vulnerability
- risk 0.55cvss 7.8epss 0.15
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
- risk 0.55cvss 8.4epss 0.01
Azure Monitor Agent Elevation of Privilege Vulnerability
- risk 0.55cvss 8.4epss 0.01
Windows Cryptographic Services Remote Code Execution Vulnerability
- risk 0.55cvss 8.1epss 0.27
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
- risk 0.55cvss 8.0epss 0.39
Microsoft Exchange Server Spoofing Vulnerability
- risk 0.55cvss 7.8epss 0.57
Microsoft Excel Remote Code Execution Vulnerability
- risk 0.55cvss 8.4epss 0.01
Microsoft Office Elevation of Privilege Vulnerability
- risk 0.55cvss 7.8epss 0.54
Microsoft Excel Remote Code Execution Vulnerability
- risk 0.55cvss 8.4epss 0.01
Raw Image Extension Remote Code Execution Vulnerability
- risk 0.55cvss 8.5epss 0.02
Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability
- risk 0.55cvss 7.8epss 0.56
Windows CD-ROM File System Driver Remote Code Execution Vulnerability
- risk 0.55cvss 8.4epss 0.01
Windows Shell Remote Code Execution Vulnerability
- risk 0.55cvss 8.5epss 0.02
Windows Hyper-V Remote Code Execution Vulnerability
- risk 0.55cvss 5.5epss 0.20
Windows Installer Elevation of Privilege Vulnerability
- risk 0.55cvss 7.8epss 0.54
Visual Studio Remote Code Execution Vulnerability
- risk 0.55cvss 7.8epss 0.54
Microsoft Office Remote Code Execution Vulnerability
- risk 0.55cvss 8.5epss 0.02
Windows Hyper-V Remote Code Execution Vulnerability
- risk 0.55cvss 7.8epss 0.53
Microsoft Excel Remote Code Execution Vulnerability
- risk 0.55cvss 7.8epss 0.53
Visual Studio Code Remote Containers Extension Remote Code Execution Vulnerability
- risk 0.55cvss 8.4epss 0.01
Windows Virtual Registry Provider Elevation of Privilege Vulnerability
- risk 0.55cvss 8.1epss 0.30
.NET Core Remote Code Execution Vulnerability
- risk 0.55cvss 8.4epss 0.02
Depending on configuration of various package managers it is possible for an attacker to insert a malicious package into a package manager's repository which can be retrieved and used during development, build, and release processes. This insertion could lead to remote code…
- risk 0.55cvss 8.4epss 0.07
Microsoft Exchange Remote Code Execution Vulnerability
- risk 0.55cvss 7.8epss 0.14
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
- risk 0.55cvss 8.5epss 0.02
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application…
- risk 0.55cvss 8.4epss 0.04
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install…
- risk 0.55cvss 7.8epss 0.53
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this…
- risk 0.55cvss 7.8epss 0.14
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could…
- risk 0.55cvss 7.8epss 0.17
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1070.
Page 39 of 287