VYPR

Vendor CVEs

Microsoft

All CVEs

14,318 total · sorted by risk
  • CVE-2011-1271HigMay 10, 2011
    risk 0.55cvss 7.7epss 0.20

    The JIT compiler in Microsoft .NET Framework 3.5 Gold and SP1, 3.5.1, and 4.0, when IsJITOptimizerDisabled is false, does not properly handle expressions related to null strings, which allows context-dependent attackers to bypass intended access restrictions, and consequently…

  • CVE-2011-1231HigApr 13, 2011
    risk 0.55cvss 8.4epss 0.01

    win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers…

  • CVE-2011-0671HigApr 13, 2011
    risk 0.55cvss 8.4epss 0.01

    Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a…

  • CVE-2011-0346HigJan 7, 2011
    risk 0.55cvss 8.1epss 0.31

    Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the…

  • CVE-2010-3941HigDec 16, 2010
    risk 0.55cvss 8.4epss 0.01

    Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Windows 7 allows local users to gain privileges via a crafted application, aka…

  • CVE-2010-1896HigAug 11, 2010
    risk 0.55cvss 8.4epss 0.01

    The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 do not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges…

  • CVE-2010-0492HigMar 31, 2010
    risk 0.55cvss 8.1epss 0.28

    Use-after-free vulnerability in mstime.dll in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via vectors related to the TIME2 behavior, the CTimeAction object, and destruction of markup, leading to memory corruption, aka "HTML Object Memory…

  • CVE-2009-1529HigJun 10, 2009
    risk 0.55cvss 8.1epss 0.29

    Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by calling the setCapture method on a…

  • CVE-2009-0551HigApr 15, 2009
    risk 0.55cvss 8.1epss 0.25

    Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for…

  • CVE-2008-4036HigOct 15, 2008
    risk 0.55cvss 8.4epss 0.02

    Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of…

  • CVE-2008-1447MedJul 8, 2008
    risk 0.55cvss 6.8epss 0.95

    The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses…

  • CVE-2004-2339HigDec 31, 2004
    risk 0.55cvss 8.4epss 0.01

    Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been…

  • CVE-2004-0213HigAug 6, 2004
    risk 0.55cvss 7.8epss 0.21

    Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly…

  • CVE-2026-35438HigMay 12, 2026
    risk 0.54cvss 8.3epss 0.01

    Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

  • CVE-2025-62575HigDec 2, 2025
    risk 0.54cvss 8.3epss 0.00

    NMIS/BioDose V22.02 and previous versions rely on a Microsoft SQL Server database. The SQL user account 'nmdbuser' and other created accounts by default have the sysadmin role. This can lead to remote code execution through the use of certain built-in stored procedures.

  • CVE-2025-62459HigNov 20, 2025
    risk 0.54cvss 8.3epss 0.00

    Microsoft Defender Portal Spoofing Vulnerability

  • CVE-2025-59254HigOct 14, 2025
    risk 0.54cvss 7.8epss 0.01

    Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

  • CVE-2025-49730HigJul 8, 2025
    risk 0.54cvss 7.8epss 0.01

    Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally.

  • CVE-2025-49683HigJul 8, 2025
    risk 0.54cvss 7.8epss 0.02

    Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to execute code locally.

  • CVE-2025-47987HigJul 8, 2025
    risk 0.54cvss 7.8epss 0.02

    Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally.

  • CVE-2025-47175HigJun 10, 2025
    risk 0.54cvss 7.8epss 0.02

    Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.

  • CVE-2025-47165HigJun 10, 2025
    risk 0.54cvss 7.8epss 0.02

    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  • CVE-2025-33071HigJun 10, 2025
    risk 0.54cvss 8.1epss 0.14

    Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network.

  • CVE-2025-47161HigMay 15, 2025
    risk 0.54cvss 7.8epss 0.01

    Improper access control in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.

  • CVE-2025-27751HigApr 8, 2025
    risk 0.54cvss 7.8epss 0.02

    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  • CVE-2025-21384HigApr 1, 2025
    risk 0.54cvss 8.3epss 0.01

    An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.

  • CVE-2025-21400HigFeb 11, 2025
    risk 0.54cvss 8.0epss 0.30

    Microsoft SharePoint Server Remote Code Execution Vulnerability

  • CVE-2025-21309HigJan 14, 2025
    risk 0.54cvss 8.1epss 0.15

    Windows Remote Desktop Services Remote Code Execution Vulnerability

  • CVE-2024-49122HigDec 12, 2024
    risk 0.54cvss 8.1epss 0.20

    Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

  • CVE-2024-43642HigNov 12, 2024
    risk 0.54cvss 7.5epss 0.62

    Windows SMB Denial of Service Vulnerability

  • CVE-2024-43574HigOct 8, 2024
    risk 0.54cvss 8.3epss 0.01

    Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability

  • CVE-2024-30044HigMay 14, 2024
    risk 0.54cvss 7.2epss 0.84

    Microsoft SharePoint Server Remote Code Execution Vulnerability

  • CVE-2024-30038HigMay 14, 2024
    risk 0.54cvss 7.8epss 0.03

    Win32k Elevation of Privilege Vulnerability

  • CVE-2024-26212HigApr 9, 2024
    risk 0.54cvss 7.5epss 0.63

    DHCP Server Service Denial of Service Vulnerability

  • CVE-2024-21407HigMar 12, 2024
    risk 0.54cvss 8.1epss 0.16

    Windows Hyper-V Remote Code Execution Vulnerability

  • CVE-2024-21399HigFeb 2, 2024
    risk 0.54cvss 8.3epss 0.01

    Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

  • CVE-2024-21385HigJan 26, 2024
    risk 0.54cvss 8.3epss 0.01

    Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

  • CVE-2023-36038HigNov 14, 2023
    risk 0.54cvss 8.2epss 0.03

    ASP.NET Core Denial of Service Vulnerability

  • CVE-2023-41763MedKEVOct 10, 2023
    risk 0.54cvss 5.3epss 0.90

    Skype for Business Elevation of Privilege Vulnerability

  • CVE-2023-36606HigOct 10, 2023
    risk 0.54cvss 7.5epss 0.67

    Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

  • CVE-2023-36741HigAug 26, 2023
    risk 0.54cvss 8.3epss 0.02

    Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

  • CVE-2023-33148HigJul 11, 2023
    risk 0.54cvss 7.8epss 0.02

    Microsoft Office Elevation of Privilege Vulnerability

  • CVE-2022-29146HigJun 29, 2023
    risk 0.54cvss 8.3epss 0.01

    Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

  • CVE-2023-28310HigJun 14, 2023
    risk 0.54cvss 8.0epss 0.25

    Microsoft Exchange Server Remote Code Execution Vulnerability

  • CVE-2023-33137HigJun 14, 2023
    risk 0.54cvss 7.8epss 0.03

    Microsoft Excel Remote Code Execution Vulnerability

  • CVE-2023-33133HigJun 14, 2023
    risk 0.54cvss 7.8epss 0.44

    Microsoft Excel Remote Code Execution Vulnerability

  • CVE-2023-28311HigApr 11, 2023
    risk 0.54cvss 7.8epss 0.03

    Microsoft Word Remote Code Execution Vulnerability

  • CVE-2023-28293HigApr 11, 2023
    risk 0.54cvss 7.8epss 0.03

    Windows Kernel Elevation of Privilege Vulnerability

  • CVE-2023-28285HigApr 11, 2023
    risk 0.54cvss 7.8epss 0.03

    Microsoft Office Remote Code Execution Vulnerability

  • CVE-2023-28220HigApr 11, 2023
    risk 0.54cvss 8.1epss 0.15

    Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

Page 41 of 287