Vendor CVEs
Microsoft
All CVEs
14,318 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42835 | Hig | 0.53 | 8.1 | 0.01 | Jun 9, 2026 | Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Teams for Android allows an authorized attacker to disclose information over a network. | ||
| CVE-2026-46402 | Hig | 0.53 | 8.1 | 0.01 | May 27, 2026 | Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO uses the user-controlled task_name value directly when constructing session log paths. An authenticated client can supply path traversal sequences in… | ||
| CVE-2026-45584 | Hig | 0.53 | 8.1 | 0.01 | May 20, 2026 | Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-41105 | Hig | 0.53 | 8.1 | 0.01 | May 7, 2026 | Server-side request forgery (ssrf) in Azure Notification Service allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2026-34327 | Hig | 0.53 | 8.2 | 0.01 | May 7, 2026 | Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network. | ||
| CVE-2026-33827 | Hig | 0.53 | 8.1 | 0.01 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-59292 | Hig | 0.53 | 8.2 | 0.00 | Oct 14, 2025 | External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-59291 | Hig | 0.53 | 8.2 | 0.00 | Oct 14, 2025 | External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-36854 | Hig | 0.53 | 8.1 | 0.01 | Sep 8, 2025 | A vulnerability ( CVE-2024-38229 https://www.cve.org/CVERecord ) exists in EOL ASP.NET when closing an HTTP/3 stream while application code is writing to the response body, a race condition may lead to use-after-free, resulting in Remote Code Execution. Per CWE-416: Use… | ||
| CVE-2025-50177 | Hig | 0.53 | 8.1 | 0.04 | Aug 12, 2025 | Use after free in Windows Message Queuing allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-53787 | Hig | 0.53 | 8.2 | 0.01 | Aug 7, 2025 | Microsoft 365 Copilot BizChat Information Disclosure Vulnerability | ||
| CVE-2025-53786 | Hig | 0.53 | 8.0 | 0.07 | Aug 6, 2025 | On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot Fix. Microsoft made these changes in the general interest of improving the security of hybrid Exchange deployments. Following further investigation,… | ||
| CVE-2025-53771 | Med | 0.53 | 6.5 | 1.00 | Jul 20, 2025 | Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. | ||
| CVE-2025-49735 | Hig | 0.53 | 8.1 | 0.01 | Jul 8, 2025 | Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-33054 | Hig | 0.53 | 8.1 | 0.01 | Jul 8, 2025 | Insufficient UI warning of dangerous operations in Remote Desktop Client allows an unauthorized attacker to perform spoofing over a network. | ||
| CVE-2025-3052 | Hig | 0.53 | 8.2 | 0.00 | Jun 10, 2025 | An arbitrary write vulnerability in Microsoft signed UEFI firmware allows for code execution of untrusted software. This allows an attacker to control its value, leading to arbitrary memory writes, including modification of critical firmware settings stored in NVRAM. Exploiting… | ||
| CVE-2025-47977 | Hig | 0.53 | 8.2 | 0.01 | Jun 10, 2025 | Improper neutralization of input during web page generation ('cross-site scripting') in Nuance Digital Engagement Platform allows an unauthorized attacker to perform spoofing over a network. | ||
| CVE-2025-33070 | Hig | 0.53 | 8.1 | 0.06 | Jun 10, 2025 | Use of uninitialized resource in Windows Netlogon allows an unauthorized attacker to elevate privileges over a network. | ||
| CVE-2025-32710 | Hig | 0.53 | 8.1 | 0.01 | Jun 10, 2025 | Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-29828 | Hig | 0.53 | 8.1 | 0.01 | Jun 10, 2025 | Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-29971 | Hig | 0.53 | 7.5 | 0.58 | May 13, 2025 | Out-of-bounds read in Web Threat Defense (WTD.sys) allows an unauthorized attacker to deny service over a network. | ||
| CVE-2025-33072 | Hig | 0.53 | 8.1 | 0.01 | May 8, 2025 | Improper access control in Azure allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2025-30391 | Hig | 0.53 | 8.1 | 0.01 | Apr 30, 2025 | Improper input validation in Microsoft Dynamics allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2025-27482 | Hig | 0.53 | 8.1 | 0.02 | Apr 8, 2025 | Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-27480 | Hig | 0.53 | 8.1 | 0.07 | Apr 8, 2025 | Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-26671 | Hig | 0.53 | 8.1 | 0.01 | Apr 8, 2025 | Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-26670 | Hig | 0.53 | 8.1 | 0.08 | Apr 8, 2025 | Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-26663 | Hig | 0.53 | 8.1 | 0.02 | Apr 8, 2025 | Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-26683 | Hig | 0.53 | 8.1 | 0.01 | Mar 31, 2025 | Improper authorization in Azure Playwright allows an unauthorized attacker to elevate privileges over a network. | ||
| CVE-2025-24064 | Hig | 0.53 | 8.1 | 0.01 | Mar 11, 2025 | Use after free in DNS Server allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-24045 | Hig | 0.53 | 8.1 | 0.01 | Mar 11, 2025 | Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-24035 | Hig | 0.53 | 8.1 | 0.02 | Mar 11, 2025 | Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-21376 | Hig | 0.53 | 8.1 | 0.09 | Feb 11, 2025 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | ||
| CVE-2025-21396 | Hig | 0.53 | 8.2 | 0.01 | Jan 29, 2025 | Missing authorization in Microsoft Account allows an unauthorized attacker to elevate privileges over a network. | ||
| CVE-2025-21297 | Hig | 0.53 | 8.1 | 0.01 | Jan 14, 2025 | Windows Remote Desktop Services Remote Code Execution Vulnerability | ||
| CVE-2025-21295 | Hig | 0.53 | 8.1 | 0.02 | Jan 14, 2025 | SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability | ||
| CVE-2025-21294 | Hig | 0.53 | 8.1 | 0.01 | Jan 14, 2025 | Microsoft Digest Authentication Remote Code Execution Vulnerability | ||
| CVE-2025-21285 | Hig | 0.53 | 7.5 | 0.55 | Jan 14, 2025 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | ||
| CVE-2025-21224 | Hig | 0.53 | 8.1 | 0.02 | Jan 14, 2025 | Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability | ||
| CVE-2024-49132 | Hig | 0.53 | 8.1 | 0.01 | Dec 12, 2024 | Windows Remote Desktop Services Remote Code Execution Vulnerability | ||
| CVE-2024-49128 | Hig | 0.53 | 8.1 | 0.01 | Dec 12, 2024 | Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. | ||
| CVE-2024-49127 | Hig | 0.53 | 8.1 | 0.01 | Dec 12, 2024 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | ||
| CVE-2024-49126 | Hig | 0.53 | 8.1 | 0.01 | Dec 12, 2024 | Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability | ||
| CVE-2024-49124 | Hig | 0.53 | 8.1 | 0.01 | Dec 12, 2024 | Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability | ||
| CVE-2024-49123 | Hig | 0.53 | 8.1 | 0.01 | Dec 12, 2024 | Windows Remote Desktop Services Remote Code Execution Vulnerability | ||
| CVE-2024-49120 | Hig | 0.53 | 8.1 | 0.01 | Dec 12, 2024 | Windows Remote Desktop Services Remote Code Execution Vulnerability | ||
| CVE-2024-49119 | Hig | 0.53 | 8.1 | 0.01 | Dec 12, 2024 | Windows Remote Desktop Services Remote Code Execution Vulnerability | ||
| CVE-2024-49118 | Hig | 0.53 | 8.1 | 0.01 | Dec 12, 2024 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | ||
| CVE-2024-49116 | Hig | 0.53 | 8.1 | 0.10 | Dec 12, 2024 | Windows Remote Desktop Services Remote Code Execution Vulnerability | ||
| CVE-2024-49115 | Hig | 0.53 | 8.1 | 0.01 | Dec 12, 2024 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
- risk 0.53cvss 8.1epss 0.01
Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Teams for Android allows an authorized attacker to disclose information over a network.
- risk 0.53cvss 8.1epss 0.01
Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO uses the user-controlled task_name value directly when constructing session log paths. An authenticated client can supply path traversal sequences in…
- risk 0.53cvss 8.1epss 0.01
Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network.
- risk 0.53cvss 8.1epss 0.01
Server-side request forgery (ssrf) in Azure Notification Service allows an authorized attacker to elevate privileges over a network.
- risk 0.53cvss 8.2epss 0.01
Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network.
- risk 0.53cvss 8.1epss 0.01
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network.
- risk 0.53cvss 8.2epss 0.00
External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally.
- risk 0.53cvss 8.2epss 0.00
External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally.
- risk 0.53cvss 8.1epss 0.01
A vulnerability ( CVE-2024-38229 https://www.cve.org/CVERecord ) exists in EOL ASP.NET when closing an HTTP/3 stream while application code is writing to the response body, a race condition may lead to use-after-free, resulting in Remote Code Execution. Per CWE-416: Use…
- risk 0.53cvss 8.1epss 0.04
Use after free in Windows Message Queuing allows an unauthorized attacker to execute code over a network.
- risk 0.53cvss 8.2epss 0.01
Microsoft 365 Copilot BizChat Information Disclosure Vulnerability
- risk 0.53cvss 8.0epss 0.07
On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot Fix. Microsoft made these changes in the general interest of improving the security of hybrid Exchange deployments. Following further investigation,…
- risk 0.53cvss 6.5epss 1.00
Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
- risk 0.53cvss 8.1epss 0.01
Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network.
- risk 0.53cvss 8.1epss 0.01
Insufficient UI warning of dangerous operations in Remote Desktop Client allows an unauthorized attacker to perform spoofing over a network.
- risk 0.53cvss 8.2epss 0.00
An arbitrary write vulnerability in Microsoft signed UEFI firmware allows for code execution of untrusted software. This allows an attacker to control its value, leading to arbitrary memory writes, including modification of critical firmware settings stored in NVRAM. Exploiting…
- risk 0.53cvss 8.2epss 0.01
Improper neutralization of input during web page generation ('cross-site scripting') in Nuance Digital Engagement Platform allows an unauthorized attacker to perform spoofing over a network.
- risk 0.53cvss 8.1epss 0.06
Use of uninitialized resource in Windows Netlogon allows an unauthorized attacker to elevate privileges over a network.
- risk 0.53cvss 8.1epss 0.01
Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
- risk 0.53cvss 8.1epss 0.01
Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a network.
- risk 0.53cvss 7.5epss 0.58
Out-of-bounds read in Web Threat Defense (WTD.sys) allows an unauthorized attacker to deny service over a network.
- risk 0.53cvss 8.1epss 0.01
Improper access control in Azure allows an unauthorized attacker to disclose information over a network.
- risk 0.53cvss 8.1epss 0.01
Improper input validation in Microsoft Dynamics allows an unauthorized attacker to disclose information over a network.
- risk 0.53cvss 8.1epss 0.02
Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.
- risk 0.53cvss 8.1epss 0.07
Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.
- risk 0.53cvss 8.1epss 0.01
Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
- risk 0.53cvss 8.1epss 0.08
Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network.
- risk 0.53cvss 8.1epss 0.02
Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network.
- risk 0.53cvss 8.1epss 0.01
Improper authorization in Azure Playwright allows an unauthorized attacker to elevate privileges over a network.
- risk 0.53cvss 8.1epss 0.01
Use after free in DNS Server allows an unauthorized attacker to execute code over a network.
- risk 0.53cvss 8.1epss 0.01
Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
- risk 0.53cvss 8.1epss 0.02
Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
- risk 0.53cvss 8.1epss 0.09
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
- risk 0.53cvss 8.2epss 0.01
Missing authorization in Microsoft Account allows an unauthorized attacker to elevate privileges over a network.
- risk 0.53cvss 8.1epss 0.01
Windows Remote Desktop Services Remote Code Execution Vulnerability
- risk 0.53cvss 8.1epss 0.02
SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability
- risk 0.53cvss 8.1epss 0.01
Microsoft Digest Authentication Remote Code Execution Vulnerability
- risk 0.53cvss 7.5epss 0.55
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
- risk 0.53cvss 8.1epss 0.02
Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
- risk 0.53cvss 8.1epss 0.01
Windows Remote Desktop Services Remote Code Execution Vulnerability
- risk 0.53cvss 8.1epss 0.01
Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
- risk 0.53cvss 8.1epss 0.01
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
- risk 0.53cvss 8.1epss 0.01
Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability
- risk 0.53cvss 8.1epss 0.01
Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability
- risk 0.53cvss 8.1epss 0.01
Windows Remote Desktop Services Remote Code Execution Vulnerability
- risk 0.53cvss 8.1epss 0.01
Windows Remote Desktop Services Remote Code Execution Vulnerability
- risk 0.53cvss 8.1epss 0.01
Windows Remote Desktop Services Remote Code Execution Vulnerability
- risk 0.53cvss 8.1epss 0.01
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
- risk 0.53cvss 8.1epss 0.10
Windows Remote Desktop Services Remote Code Execution Vulnerability
- risk 0.53cvss 8.1epss 0.01
Windows Remote Desktop Services Remote Code Execution Vulnerability
Page 44 of 287