VYPR

Vendor CVEs

Microsoft

All CVEs

14,175 total · sorted by risk
  • CVE-2026-48567CriJun 4, 2026
    risk 0.65cvss 10.0epss 0.01

    Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges over a network.

  • CVE-2026-47280CriMay 22, 2026
    risk 0.65cvss 10.0epss 0.00

    Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate privileges over a network.

  • CVE-2026-42901CriMay 22, 2026
    risk 0.65cvss 10.0epss 0.00

    Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network.

  • CVE-2026-41104CriMay 22, 2026
    risk 0.65cvss 10.0epss 0.01

    Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an unauthorized attacker to disclose information over a network.

  • CVE-2026-40412CriMay 22, 2026
    risk 0.65cvss 10.0epss 0.01

    Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network.

  • CVE-2026-23652CriMay 22, 2026
    risk 0.65cvss 10.0epss 0.01

    Improper neutralization of special elements used in a command ('command injection') in Microsoft Power Pages allows an unauthorized attacker to execute code over a network.

  • CVE-2026-42822CriMay 18, 2026
    risk 0.65cvss 10.0epss 0.00

    Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate privileges over a network.

  • CVE-2026-42897HigKEVMay 14, 2026
    risk 0.65cvss 8.1epss 0.06

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2026-42826CriMay 7, 2026
    risk 0.65cvss 10.0epss 0.01

    Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose information over a network.

  • CVE-2026-35431CriApr 23, 2026
    risk 0.65cvss 10.0epss 0.01

    Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2026-33819CriApr 23, 2026
    risk 0.65cvss 10.0epss 0.01

    Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network.

  • CVE-2026-32186CriApr 3, 2026
    risk 0.65cvss 10.0epss 0.01

    Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to elevate privileges over a network.

  • CVE-2026-33107CriApr 3, 2026
    risk 0.65cvss 10.0epss 0.01

    Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a network.

  • CVE-2026-33105CriApr 3, 2026
    risk 0.65cvss 10.0epss 0.01

    Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network.

  • CVE-2026-32213CriApr 3, 2026
    risk 0.65cvss 10.0epss 0.01

    Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network.

  • CVE-2026-32169CriMar 19, 2026
    risk 0.65cvss 10.0epss 0.01

    Server-side request forgery (ssrf) in Azure Cloud Shell allows an unauthorized attacker to elevate privileges over a network.

  • CVE-2023-44487HigKEVOct 10, 2023
    risk 0.65cvss 7.5epss 1.00

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • CVE-2018-8327CriJul 11, 2018
    risk 0.65cvss 9.8epss 0.21

    A remote code execution vulnerability exists in PowerShell Editor Services, aka "PowerShell Editor Services Remote Code Execution Vulnerability." This affects PowerShell Editor, PowerShell Extension.

  • CVE-2018-8154CriMay 9, 2018
    risk 0.65cvss 9.8epss 0.22

    A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server. This CVE ID is unique from CVE-2018-8151.

  • CVE-2018-0986HigApr 4, 2018
    risk 0.65cvss 8.8epss 0.61

    A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption, aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability." This affects Windows Defender,…

  • CVE-2017-0028CriJul 17, 2017
    risk 0.65cvss 9.8epss 0.19

    A remote code execution vulnerability exists when Microsoft scripting engine improperly accesses objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully…

  • CVE-2017-0089HigMar 17, 2017
    risk 0.65cvss 8.8epss 0.57

    Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in…

  • CVE-2016-3222HigJun 16, 2016
    risk 0.65cvss 8.8epss 0.57

    Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability."

  • CVE-2016-0132CriMar 9, 2016
    risk 0.65cvss 9.8epss 0.22

    Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 mishandles signature validation for unspecified elements of XML documents, which allows remote attackers to spoof signatures via a modified document, aka ".NET XML Validation Security Feature Bypass."

  • CVE-2008-3465CriDec 10, 2008
    risk 0.65cvss 9.8epss 0.14

    Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed…

  • CVE-2006-3730HigJul 21, 2006
    risk 0.65cvss 8.8epss 0.64

    Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory…

  • CVE-2026-47643CriJun 9, 2026
    risk 0.64cvss 9.8epss 0.01

    External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network.

  • CVE-2026-47291CriJun 9, 2026
    risk 0.64cvss 9.8epss 0.22

    Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.

  • CVE-2026-45657CriJun 9, 2026
    risk 0.64cvss 9.8epss 0.15

    Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network.

  • CVE-2026-44815CriJun 9, 2026
    risk 0.64cvss 9.8epss 0.01

    Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code over a network.

  • CVE-2025-71316CriJun 4, 2026
    risk 0.64cvss 9.8epss 0.00

    SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unicode characters to ANSI codepages. An attacker could use the '-L' option to load an arbitrary DLL with a crafted command line argument string that results in command line file…

  • CVE-2026-40411CriMay 22, 2026
    risk 0.64cvss 9.9epss 0.01

    Improper input validation in Azure Virtual Network Gateway allows an authorized attacker to execute code over a network.

  • CVE-2026-42898CriMay 12, 2026
    risk 0.64cvss 9.9epss 0.01

    Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.

  • CVE-2026-42823CriMay 12, 2026
    risk 0.64cvss 9.9epss 0.01

    Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.

  • CVE-2026-41096CriMay 12, 2026
    risk 0.64cvss 9.8epss 0.02

    Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.

  • CVE-2026-41089CriMay 12, 2026
    risk 0.64cvss 9.8epss 0.72

    Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.

  • CVE-2026-33109CriMay 7, 2026
    risk 0.64cvss 9.9epss 0.01

    Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.

  • CVE-2022-50993CriApr 30, 2026
    risk 0.64cvss 9.8epss 0.01

    Weaver (Fanwei) E-office versions prior to 10.0_20221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint that allows remote attackers to upload malicious files by sending multipart POST requests with arbitrary filenames and…

  • CVE-2026-21515CriApr 24, 2026
    risk 0.64cvss 9.9epss 0.01

    Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network.

  • CVE-2026-33824CriApr 14, 2026
    risk 0.64cvss 9.8epss 0.56

    Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.

  • CVE-2026-32194CriMar 19, 2026
    risk 0.64cvss 9.8epss 0.01

    Improper neutralization of special elements used in a command ('command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network.

  • CVE-2026-32191CriMar 19, 2026
    risk 0.64cvss 9.8epss 0.01

    Improper neutralization of special elements used in an os command ('os command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network.

  • CVE-2025-60724CriNov 11, 2025
    risk 0.64cvss 9.8epss 0.06

    Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.

  • CVE-2025-60710HigKEVNov 11, 2025
    risk 0.64cvss 7.8epss 0.05

    Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.

  • CVE-2025-53766CriAug 12, 2025
    risk 0.64cvss 9.8epss 0.07

    Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.

  • CVE-2018-8319CriJul 11, 2018
    risk 0.64cvss 9.8epss 0.07

    A Security Feature Bypass vulnerability exists in MSR JavaScript Cryptography Library that is caused by incorrect arithmetic computations, aka "MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability." This affects Microsoft Research JavaScript Cryptography…

  • CVE-2017-11899CriDec 12, 2017
    risk 0.64cvss 9.8epss 0.06

    Device Guard in Windows 10 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way untrusted files are handled, aka "Microsoft Windows Security Feature Bypass Vulnerability".

  • CVE-2017-8682HigSep 13, 2017
    risk 0.64cvss 8.8epss 0.50

    Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, Windows Server 2016, Microsoft Office Word Viewer, Microsoft Office 2007 Service Pack 3 , and…

  • CVE-2017-0090HigMar 17, 2017
    risk 0.64cvss 8.8epss 0.43

    Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in…

  • CVE-2017-0088HigMar 17, 2017
    risk 0.64cvss 8.8epss 0.42

    Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Uniscribe Remote Code Execution Vulnerability."

Page 4 of 284