Vendor CVEs
Microsoft
All CVEs
14,318 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2011-1271 | Hig | 0.55 | 7.7 | 0.20 | May 10, 2011 | The JIT compiler in Microsoft .NET Framework 3.5 Gold and SP1, 3.5.1, and 4.0, when IsJITOptimizerDisabled is false, does not properly handle expressions related to null strings, which allows context-dependent attackers to bypass intended access restrictions, and consequently… | ||
| CVE-2011-1231 | Hig | 0.55 | 8.4 | 0.01 | Apr 13, 2011 | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers… | ||
| CVE-2011-0671 | Hig | 0.55 | 8.4 | 0.01 | Apr 13, 2011 | Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a… | ||
| CVE-2011-0346 | Hig | 0.55 | 8.1 | 0.31 | Jan 7, 2011 | Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the… | ||
| CVE-2010-3941 | Hig | 0.55 | 8.4 | 0.01 | Dec 16, 2010 | Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Windows 7 allows local users to gain privileges via a crafted application, aka… | ||
| CVE-2010-1896 | Hig | 0.55 | 8.4 | 0.01 | Aug 11, 2010 | The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 do not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges… | ||
| CVE-2010-0492 | Hig | 0.55 | 8.1 | 0.28 | Mar 31, 2010 | Use-after-free vulnerability in mstime.dll in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via vectors related to the TIME2 behavior, the CTimeAction object, and destruction of markup, leading to memory corruption, aka "HTML Object Memory… | ||
| CVE-2009-1529 | Hig | 0.55 | 8.1 | 0.29 | Jun 10, 2009 | Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by calling the setCapture method on a… | ||
| CVE-2009-0551 | Hig | 0.55 | 8.1 | 0.25 | Apr 15, 2009 | Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for… | ||
| CVE-2008-4036 | Hig | 0.55 | 8.4 | 0.02 | Oct 15, 2008 | Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of… | ||
| CVE-2008-1447 | Med | 0.55 | 6.8 | 0.95 | Jul 8, 2008 | The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses… | ||
| CVE-2004-2339 | Hig | 0.55 | 8.4 | 0.01 | Dec 31, 2004 | Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been… | ||
| CVE-2004-0213 | Hig | 0.55 | 7.8 | 0.21 | Aug 6, 2004 | Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly… | ||
| CVE-2026-35438 | Hig | 0.54 | 8.3 | 0.01 | May 12, 2026 | Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2025-62575 | Hig | 0.54 | 8.3 | 0.00 | Dec 2, 2025 | NMIS/BioDose V22.02 and previous versions rely on a Microsoft SQL Server database. The SQL user account 'nmdbuser' and other created accounts by default have the sysadmin role. This can lead to remote code execution through the use of certain built-in stored procedures. | ||
| CVE-2025-62459 | Hig | 0.54 | 8.3 | 0.00 | Nov 20, 2025 | Microsoft Defender Portal Spoofing Vulnerability | ||
| CVE-2025-59254 | Hig | 0.54 | 7.8 | 0.01 | Oct 14, 2025 | Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-49730 | Hig | 0.54 | 7.8 | 0.01 | Jul 8, 2025 | Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-49683 | Hig | 0.54 | 7.8 | 0.02 | Jul 8, 2025 | Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-47987 | Hig | 0.54 | 7.8 | 0.02 | Jul 8, 2025 | Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-47175 | Hig | 0.54 | 7.8 | 0.02 | Jun 10, 2025 | Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-47165 | Hig | 0.54 | 7.8 | 0.02 | Jun 10, 2025 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-33071 | Hig | 0.54 | 8.1 | 0.14 | Jun 10, 2025 | Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-47161 | Hig | 0.54 | 7.8 | 0.01 | May 15, 2025 | Improper access control in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-27751 | Hig | 0.54 | 7.8 | 0.02 | Apr 8, 2025 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-21384 | Hig | 0.54 | 8.3 | 0.01 | Apr 1, 2025 | An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network. | ||
| CVE-2025-21400 | Hig | 0.54 | 8.0 | 0.30 | Feb 11, 2025 | Microsoft SharePoint Server Remote Code Execution Vulnerability | ||
| CVE-2025-21309 | Hig | 0.54 | 8.1 | 0.15 | Jan 14, 2025 | Windows Remote Desktop Services Remote Code Execution Vulnerability | ||
| CVE-2024-49122 | Hig | 0.54 | 8.1 | 0.20 | Dec 12, 2024 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | ||
| CVE-2024-43642 | Hig | 0.54 | 7.5 | 0.62 | Nov 12, 2024 | Windows SMB Denial of Service Vulnerability | ||
| CVE-2024-43574 | Hig | 0.54 | 8.3 | 0.01 | Oct 8, 2024 | Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability | ||
| CVE-2024-30044 | Hig | 0.54 | 7.2 | 0.84 | May 14, 2024 | Microsoft SharePoint Server Remote Code Execution Vulnerability | ||
| CVE-2024-30038 | Hig | 0.54 | 7.8 | 0.03 | May 14, 2024 | Win32k Elevation of Privilege Vulnerability | ||
| CVE-2024-26212 | Hig | 0.54 | 7.5 | 0.63 | Apr 9, 2024 | DHCP Server Service Denial of Service Vulnerability | ||
| CVE-2024-21407 | Hig | 0.54 | 8.1 | 0.16 | Mar 12, 2024 | Windows Hyper-V Remote Code Execution Vulnerability | ||
| CVE-2024-21399 | Hig | 0.54 | 8.3 | 0.01 | Feb 2, 2024 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | ||
| CVE-2024-21385 | Hig | 0.54 | 8.3 | 0.01 | Jan 26, 2024 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | ||
| CVE-2023-36038 | Hig | 0.54 | 8.2 | 0.03 | Nov 14, 2023 | ASP.NET Core Denial of Service Vulnerability | ||
| CVE-2023-41763 | Med | 0.54 | 5.3 | 0.90 | KEV | Oct 10, 2023 | Skype for Business Elevation of Privilege Vulnerability | |
| CVE-2023-36606 | Hig | 0.54 | 7.5 | 0.67 | Oct 10, 2023 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | ||
| CVE-2023-36741 | Hig | 0.54 | 8.3 | 0.02 | Aug 26, 2023 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | ||
| CVE-2023-33148 | Hig | 0.54 | 7.8 | 0.02 | Jul 11, 2023 | Microsoft Office Elevation of Privilege Vulnerability | ||
| CVE-2022-29146 | Hig | 0.54 | 8.3 | 0.01 | Jun 29, 2023 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | ||
| CVE-2023-28310 | Hig | 0.54 | 8.0 | 0.25 | Jun 14, 2023 | Microsoft Exchange Server Remote Code Execution Vulnerability | ||
| CVE-2023-33137 | Hig | 0.54 | 7.8 | 0.03 | Jun 14, 2023 | Microsoft Excel Remote Code Execution Vulnerability | ||
| CVE-2023-33133 | Hig | 0.54 | 7.8 | 0.44 | Jun 14, 2023 | Microsoft Excel Remote Code Execution Vulnerability | ||
| CVE-2023-28311 | Hig | 0.54 | 7.8 | 0.03 | Apr 11, 2023 | Microsoft Word Remote Code Execution Vulnerability | ||
| CVE-2023-28293 | Hig | 0.54 | 7.8 | 0.03 | Apr 11, 2023 | Windows Kernel Elevation of Privilege Vulnerability | ||
| CVE-2023-28285 | Hig | 0.54 | 7.8 | 0.03 | Apr 11, 2023 | Microsoft Office Remote Code Execution Vulnerability | ||
| CVE-2023-28220 | Hig | 0.54 | 8.1 | 0.15 | Apr 11, 2023 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability |
- risk 0.55cvss 7.7epss 0.20
The JIT compiler in Microsoft .NET Framework 3.5 Gold and SP1, 3.5.1, and 4.0, when IsJITOptimizerDisabled is false, does not properly handle expressions related to null strings, which allows context-dependent attackers to bypass intended access restrictions, and consequently…
- risk 0.55cvss 8.4epss 0.01
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers…
- risk 0.55cvss 8.4epss 0.01
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a…
- risk 0.55cvss 8.1epss 0.31
Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the…
- risk 0.55cvss 8.4epss 0.01
Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Windows 7 allows local users to gain privileges via a crafted application, aka…
- risk 0.55cvss 8.4epss 0.01
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 do not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges…
- risk 0.55cvss 8.1epss 0.28
Use-after-free vulnerability in mstime.dll in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via vectors related to the TIME2 behavior, the CTimeAction object, and destruction of markup, leading to memory corruption, aka "HTML Object Memory…
- risk 0.55cvss 8.1epss 0.29
Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by calling the setCapture method on a…
- risk 0.55cvss 8.1epss 0.25
Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for…
- risk 0.55cvss 8.4epss 0.02
Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of…
- risk 0.55cvss 6.8epss 0.95
The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses…
- risk 0.55cvss 8.4epss 0.01
Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been…
- risk 0.55cvss 7.8epss 0.21
Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly…
- risk 0.54cvss 8.3epss 0.01
Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
- risk 0.54cvss 8.3epss 0.00
NMIS/BioDose V22.02 and previous versions rely on a Microsoft SQL Server database. The SQL user account 'nmdbuser' and other created accounts by default have the sysadmin role. This can lead to remote code execution through the use of certain built-in stored procedures.
- risk 0.54cvss 8.3epss 0.00
Microsoft Defender Portal Spoofing Vulnerability
- risk 0.54cvss 7.8epss 0.01
Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
- risk 0.54cvss 7.8epss 0.01
Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally.
- risk 0.54cvss 7.8epss 0.02
Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to execute code locally.
- risk 0.54cvss 7.8epss 0.02
Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally.
- risk 0.54cvss 7.8epss 0.02
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
- risk 0.54cvss 7.8epss 0.02
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- risk 0.54cvss 8.1epss 0.14
Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network.
- risk 0.54cvss 7.8epss 0.01
Improper access control in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.
- risk 0.54cvss 7.8epss 0.02
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- risk 0.54cvss 8.3epss 0.01
An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.
- risk 0.54cvss 8.0epss 0.30
Microsoft SharePoint Server Remote Code Execution Vulnerability
- risk 0.54cvss 8.1epss 0.15
Windows Remote Desktop Services Remote Code Execution Vulnerability
- risk 0.54cvss 8.1epss 0.20
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
- risk 0.54cvss 7.5epss 0.62
Windows SMB Denial of Service Vulnerability
- risk 0.54cvss 8.3epss 0.01
Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability
- risk 0.54cvss 7.2epss 0.84
Microsoft SharePoint Server Remote Code Execution Vulnerability
- risk 0.54cvss 7.8epss 0.03
Win32k Elevation of Privilege Vulnerability
- risk 0.54cvss 7.5epss 0.63
DHCP Server Service Denial of Service Vulnerability
- risk 0.54cvss 8.1epss 0.16
Windows Hyper-V Remote Code Execution Vulnerability
- risk 0.54cvss 8.3epss 0.01
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
- risk 0.54cvss 8.3epss 0.01
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
- risk 0.54cvss 8.2epss 0.03
ASP.NET Core Denial of Service Vulnerability
- risk 0.54cvss 5.3epss 0.90
Skype for Business Elevation of Privilege Vulnerability
- risk 0.54cvss 7.5epss 0.67
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
- risk 0.54cvss 8.3epss 0.02
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
- risk 0.54cvss 7.8epss 0.02
Microsoft Office Elevation of Privilege Vulnerability
- risk 0.54cvss 8.3epss 0.01
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
- risk 0.54cvss 8.0epss 0.25
Microsoft Exchange Server Remote Code Execution Vulnerability
- risk 0.54cvss 7.8epss 0.03
Microsoft Excel Remote Code Execution Vulnerability
- risk 0.54cvss 7.8epss 0.44
Microsoft Excel Remote Code Execution Vulnerability
- risk 0.54cvss 7.8epss 0.03
Microsoft Word Remote Code Execution Vulnerability
- risk 0.54cvss 7.8epss 0.03
Windows Kernel Elevation of Privilege Vulnerability
- risk 0.54cvss 7.8epss 0.03
Microsoft Office Remote Code Execution Vulnerability
- risk 0.54cvss 8.1epss 0.15
Layer 2 Tunneling Protocol Remote Code Execution Vulnerability
Page 41 of 287