Vendor CVEs
Microsoft
All CVEs
14,318 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-40368 | Hig | 0.52 | 8.0 | 0.02 | May 12, 2026 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||
| CVE-2026-34332 | Hig | 0.52 | 8.0 | 0.01 | May 12, 2026 | Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network. | ||
| CVE-2026-32172 | Hig | 0.52 | 8.0 | 0.00 | Apr 23, 2026 | Uncontrolled search path element in Microsoft Power Apps allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-33826 | Hig | 0.52 | 8.0 | 0.01 | Apr 14, 2026 | Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network. | ||
| CVE-2026-27912 | Hig | 0.52 | 8.0 | 0.00 | Apr 14, 2026 | Improper authorization in Windows Kerberos allows an authorized attacker to elevate privileges over an adjacent network. | ||
| CVE-2026-20931 | Hig | 0.52 | 8.0 | 0.01 | Jan 13, 2026 | External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network. | ||
| CVE-2025-64660 | Hig | 0.52 | 8.0 | 0.00 | Nov 20, 2025 | Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network. | ||
| CVE-2025-62452 | Hig | 0.52 | 8.0 | 0.01 | Nov 11, 2025 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. | ||
| CVE-2025-62204 | Hig | 0.52 | 8.0 | 0.02 | Nov 11, 2025 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||
| CVE-2025-60715 | Hig | 0.52 | 8.0 | 0.01 | Nov 11, 2025 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. | ||
| CVE-2025-53720 | Hig | 0.52 | 8.0 | 0.01 | Aug 12, 2025 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. | ||
| CVE-2025-50164 | Hig | 0.52 | 8.0 | 0.01 | Aug 12, 2025 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. | ||
| CVE-2025-50162 | Hig | 0.52 | 8.0 | 0.01 | Aug 12, 2025 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. | ||
| CVE-2025-50160 | Hig | 0.52 | 8.0 | 0.01 | Aug 12, 2025 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. | ||
| CVE-2025-49691 | Hig | 0.52 | 8.0 | 0.00 | Jul 8, 2025 | Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over an adjacent network. | ||
| CVE-2025-47972 | Hig | 0.52 | 8.0 | 0.01 | Jul 8, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2025-47178 | Hig | 0.52 | 8.0 | 0.02 | Jul 8, 2025 | Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to execute code over an adjacent network. | ||
| CVE-2025-26646 | Hig | 0.52 | 8.0 | 0.01 | May 13, 2025 | External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network. | ||
| CVE-2025-27487 | Hig | 0.52 | 8.0 | 0.01 | Apr 8, 2025 | Heap-based buffer overflow in Remote Desktop Client allows an authorized attacker to execute code over a network. | ||
| CVE-2025-21277 | Hig | 0.52 | 7.5 | 0.38 | Jan 14, 2025 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | ||
| CVE-2024-30092 | Hig | 0.52 | 8.0 | 0.01 | Oct 8, 2024 | Windows Hyper-V Remote Code Execution Vulnerability | ||
| CVE-2024-38071 | Hig | 0.52 | 7.5 | 0.36 | Jul 9, 2024 | Windows Remote Desktop Licensing Service Denial of Service Vulnerability | ||
| CVE-2024-38054 | Hig | 0.52 | 7.8 | 0.10 | Jul 9, 2024 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | ||
| CVE-2024-38011 | Hig | 0.52 | 8.0 | 0.01 | Jul 9, 2024 | Secure Boot Security Feature Bypass Vulnerability | ||
| CVE-2024-38010 | Hig | 0.52 | 8.0 | 0.01 | Jul 9, 2024 | Secure Boot Security Feature Bypass Vulnerability | ||
| CVE-2024-37989 | Hig | 0.52 | 8.0 | 0.01 | Jul 9, 2024 | Secure Boot Security Feature Bypass Vulnerability | ||
| CVE-2024-37988 | Hig | 0.52 | 8.0 | 0.01 | Jul 9, 2024 | Secure Boot Security Feature Bypass Vulnerability | ||
| CVE-2024-37987 | Hig | 0.52 | 8.0 | 0.01 | Jul 9, 2024 | Secure Boot Security Feature Bypass Vulnerability | ||
| CVE-2024-37986 | Hig | 0.52 | 8.0 | 0.01 | Jul 9, 2024 | Secure Boot Security Feature Bypass Vulnerability | ||
| CVE-2024-37981 | Hig | 0.52 | 8.0 | 0.01 | Jul 9, 2024 | Secure Boot Security Feature Bypass Vulnerability | ||
| CVE-2024-37978 | Hig | 0.52 | 8.0 | 0.01 | Jul 9, 2024 | Secure Boot Security Feature Bypass Vulnerability | ||
| CVE-2024-37977 | Hig | 0.52 | 8.0 | 0.01 | Jul 9, 2024 | Secure Boot Security Feature Bypass Vulnerability | ||
| CVE-2024-37975 | Hig | 0.52 | 8.0 | 0.01 | Jul 9, 2024 | Secure Boot Security Feature Bypass Vulnerability | ||
| CVE-2024-37974 | Hig | 0.52 | 8.0 | 0.01 | Jul 9, 2024 | Secure Boot Security Feature Bypass Vulnerability | ||
| CVE-2024-37972 | Hig | 0.52 | 8.0 | 0.01 | Jul 9, 2024 | Secure Boot Security Feature Bypass Vulnerability | ||
| CVE-2024-37971 | Hig | 0.52 | 8.0 | 0.01 | Jul 9, 2024 | Secure Boot Security Feature Bypass Vulnerability | ||
| CVE-2024-37970 | Hig | 0.52 | 8.0 | 0.01 | Jul 9, 2024 | Secure Boot Security Feature Bypass Vulnerability | ||
| CVE-2024-37969 | Hig | 0.52 | 8.0 | 0.01 | Jul 9, 2024 | Secure Boot Security Feature Bypass Vulnerability | ||
| CVE-2024-35260 | Hig | 0.52 | 8.0 | 0.01 | Jun 27, 2024 | An authenticated attacker can exploit an untrusted search path vulnerability in Microsoft Dataverse to execute code over a network. | ||
| CVE-2024-30077 | Hig | 0.52 | 8.0 | 0.02 | Jun 11, 2024 | Windows OLE Remote Code Execution Vulnerability | ||
| CVE-2024-30075 | Hig | 0.52 | 8.0 | 0.01 | Jun 11, 2024 | Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability | ||
| CVE-2024-30074 | Hig | 0.52 | 8.0 | 0.01 | Jun 11, 2024 | Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability | ||
| CVE-2024-28925 | Hig | 0.52 | 8.0 | 0.01 | Apr 9, 2024 | Secure Boot Security Feature Bypass Vulnerability | ||
| CVE-2024-26240 | Hig | 0.52 | 8.0 | 0.01 | Apr 9, 2024 | Secure Boot Security Feature Bypass Vulnerability | ||
| CVE-2024-26218 | Hig | 0.52 | 7.8 | 0.13 | Apr 9, 2024 | Windows Kernel Elevation of Privilege Vulnerability | ||
| CVE-2024-26189 | Hig | 0.52 | 8.0 | 0.01 | Apr 9, 2024 | Secure Boot Security Feature Bypass Vulnerability | ||
| CVE-2024-26180 | Hig | 0.52 | 8.0 | 0.01 | Apr 9, 2024 | Secure Boot Security Feature Bypass Vulnerability | ||
| CVE-2024-26158 | Hig | 0.52 | 7.8 | 0.12 | Apr 9, 2024 | Microsoft Install Service Elevation of Privilege Vulnerability | ||
| CVE-2024-21380 | Hig | 0.52 | 8.0 | 0.02 | Feb 13, 2024 | Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability | ||
| CVE-2024-21310 | Hig | 0.52 | 7.8 | 0.12 | Jan 9, 2024 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
- risk 0.52cvss 8.0epss 0.02
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- risk 0.52cvss 8.0epss 0.01
Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network.
- risk 0.52cvss 8.0epss 0.00
Uncontrolled search path element in Microsoft Power Apps allows an unauthorized attacker to execute code over a network.
- risk 0.52cvss 8.0epss 0.01
Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network.
- risk 0.52cvss 8.0epss 0.00
Improper authorization in Windows Kerberos allows an authorized attacker to elevate privileges over an adjacent network.
- risk 0.52cvss 8.0epss 0.01
External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network.
- risk 0.52cvss 8.0epss 0.00
Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network.
- risk 0.52cvss 8.0epss 0.01
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
- risk 0.52cvss 8.0epss 0.02
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- risk 0.52cvss 8.0epss 0.01
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
- risk 0.52cvss 8.0epss 0.01
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
- risk 0.52cvss 8.0epss 0.01
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
- risk 0.52cvss 8.0epss 0.01
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
- risk 0.52cvss 8.0epss 0.01
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
- risk 0.52cvss 8.0epss 0.00
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over an adjacent network.
- risk 0.52cvss 8.0epss 0.01
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges over a network.
- risk 0.52cvss 8.0epss 0.02
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to execute code over an adjacent network.
- risk 0.52cvss 8.0epss 0.01
External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.
- risk 0.52cvss 8.0epss 0.01
Heap-based buffer overflow in Remote Desktop Client allows an authorized attacker to execute code over a network.
- risk 0.52cvss 7.5epss 0.38
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
- risk 0.52cvss 8.0epss 0.01
Windows Hyper-V Remote Code Execution Vulnerability
- risk 0.52cvss 7.5epss 0.36
Windows Remote Desktop Licensing Service Denial of Service Vulnerability
- risk 0.52cvss 7.8epss 0.10
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
- risk 0.52cvss 8.0epss 0.01
Secure Boot Security Feature Bypass Vulnerability
- risk 0.52cvss 8.0epss 0.01
Secure Boot Security Feature Bypass Vulnerability
- risk 0.52cvss 8.0epss 0.01
Secure Boot Security Feature Bypass Vulnerability
- risk 0.52cvss 8.0epss 0.01
Secure Boot Security Feature Bypass Vulnerability
- risk 0.52cvss 8.0epss 0.01
Secure Boot Security Feature Bypass Vulnerability
- risk 0.52cvss 8.0epss 0.01
Secure Boot Security Feature Bypass Vulnerability
- risk 0.52cvss 8.0epss 0.01
Secure Boot Security Feature Bypass Vulnerability
- risk 0.52cvss 8.0epss 0.01
Secure Boot Security Feature Bypass Vulnerability
- risk 0.52cvss 8.0epss 0.01
Secure Boot Security Feature Bypass Vulnerability
- risk 0.52cvss 8.0epss 0.01
Secure Boot Security Feature Bypass Vulnerability
- risk 0.52cvss 8.0epss 0.01
Secure Boot Security Feature Bypass Vulnerability
- risk 0.52cvss 8.0epss 0.01
Secure Boot Security Feature Bypass Vulnerability
- risk 0.52cvss 8.0epss 0.01
Secure Boot Security Feature Bypass Vulnerability
- risk 0.52cvss 8.0epss 0.01
Secure Boot Security Feature Bypass Vulnerability
- risk 0.52cvss 8.0epss 0.01
Secure Boot Security Feature Bypass Vulnerability
- risk 0.52cvss 8.0epss 0.01
An authenticated attacker can exploit an untrusted search path vulnerability in Microsoft Dataverse to execute code over a network.
- risk 0.52cvss 8.0epss 0.02
Windows OLE Remote Code Execution Vulnerability
- risk 0.52cvss 8.0epss 0.01
Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability
- risk 0.52cvss 8.0epss 0.01
Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability
- risk 0.52cvss 8.0epss 0.01
Secure Boot Security Feature Bypass Vulnerability
- risk 0.52cvss 8.0epss 0.01
Secure Boot Security Feature Bypass Vulnerability
- risk 0.52cvss 7.8epss 0.13
Windows Kernel Elevation of Privilege Vulnerability
- risk 0.52cvss 8.0epss 0.01
Secure Boot Security Feature Bypass Vulnerability
- risk 0.52cvss 8.0epss 0.01
Secure Boot Security Feature Bypass Vulnerability
- risk 0.52cvss 7.8epss 0.12
Microsoft Install Service Elevation of Privilege Vulnerability
- risk 0.52cvss 8.0epss 0.02
Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability
- risk 0.52cvss 7.8epss 0.12
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Page 49 of 287