VYPR

Vendor CVEs

Microsoft

All CVEs

14,175 total · sorted by risk
  • CVE-2017-0087HigMar 17, 2017
    risk 0.64cvss 8.8epss 0.43

    Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in…

  • CVE-2017-0086HigMar 17, 2017
    risk 0.64cvss 8.8epss 0.43

    Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in…

  • CVE-2017-0083HigMar 17, 2017
    risk 0.64cvss 8.8epss 0.43

    Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in…

  • CVE-2017-0072HigMar 17, 2017
    risk 0.64cvss 8.8epss 0.43

    Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in…

  • CVE-2017-0005HigKEVMar 17, 2017
    risk 0.64cvss 7.8epss 0.11

    The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted…

  • CVE-2016-7277CriDec 20, 2016
    risk 0.64cvss 9.6epss 0.18

    Microsoft Office 2016 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

  • CVE-2016-7274HigDec 20, 2016
    risk 0.64cvss 8.8epss 0.42

    Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web…

  • CVE-2016-0199HigJun 16, 2016
    risk 0.64cvss 8.8epss 0.51

    Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0200 and…

  • CVE-2016-0170HigMay 11, 2016
    risk 0.64cvss 8.8epss 0.49

    GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted document, aka "Windows Graphics…

  • CVE-2016-0145HigApr 12, 2016
    risk 0.64cvss 8.8epss 0.43

    The font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold and 1511; Office 2007 SP3 and 2010 SP2; Word Viewer; .NET Framework 3.0 SP2, 3.5, and 3.5.1; Skype…

  • CVE-2016-0063HigFeb 10, 2016
    risk 0.64cvss 8.8epss 0.42

    Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0060,…

  • CVE-2012-1854HigKEVJul 10, 2012
    risk 0.64cvss 7.8epss 0.21

    Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic for Applications SDK allows local users to gain privileges via a Trojan horse…

  • CVE-2000-1218CriApr 14, 2000
    risk 0.64cvss 9.8epss 0.06

    The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache.

  • CVE-2026-41091HigKEVMay 20, 2026
    risk 0.63cvss 7.8epss 0.08

    Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally.

  • CVE-2026-33825HigKEVApr 14, 2026
    risk 0.63cvss 7.8epss 0.07

    Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.

  • CVE-2023-36424HigKEVNov 14, 2023
    risk 0.63cvss 7.8epss 0.12

    Windows Common Log File System Driver Elevation of Privilege Vulnerability

  • CVE-2018-8397HigAug 15, 2018
    risk 0.63cvss 8.8epss 0.68

    A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka "GDI+ Remote Code Execution Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2.

  • CVE-2017-0283HigJun 15, 2017
    risk 0.63cvss 8.8epss 0.39

    Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013…

  • CVE-2017-0084HigMar 17, 2017
    risk 0.63cvss 8.8epss 0.37

    Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web…

  • CVE-2017-0001HigKEVMar 17, 2017
    risk 0.63cvss 7.8epss 0.03

    The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted…

  • CVE-2016-0121HigMar 9, 2016
    risk 0.63cvss 8.8epss 0.41

    The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted OpenType…

  • CVE-2015-6175HigKEVDec 9, 2015
    risk 0.63cvss 7.8epss 0.05

    The kernel in Microsoft Windows 10 Gold allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Elevation of Privilege Vulnerability."

  • CVE-2013-0090HigMar 13, 2013
    risk 0.63cvss 8.8epss 0.38

    Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CCaret Use After Free Vulnerability."

  • CVE-2009-1547HigOct 14, 2009
    risk 0.63cvss 8.8epss 0.37

    Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream header that triggers memory corruption, aka "Data Stream Header Corruption Vulnerability."

  • CVE-2009-1123HigKEVJun 10, 2009
    risk 0.63cvss 7.8epss 0.05

    The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel…

  • CVE-2026-47281CriJun 9, 2026
    risk 0.62cvss 9.6epss 0.01

    Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.

  • CVE-2026-42904CriJun 9, 2026
    risk 0.62cvss 9.6epss 0.00

    Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network.

  • CVE-2026-41615CriMay 14, 2026
    risk 0.62cvss 9.6epss 0.01

    Exposure of sensitive information to an unauthorized actor in Microsoft Authenticator allows an unauthorized attacker to disclose information over a network.

  • CVE-2026-35428CriMay 7, 2026
    risk 0.62cvss 9.6epss 0.01

    Improper neutralization of special elements used in a command ('command injection') in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2026-33823CriMay 7, 2026
    risk 0.62cvss 9.6epss 0.01

    Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network.

  • CVE-2026-24303CriApr 23, 2026
    risk 0.62cvss 9.6epss 0.00

    Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.

  • CVE-2026-26135CriApr 3, 2026
    risk 0.62cvss 9.6epss 0.01

    Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to elevate privileges over a network.

  • CVE-2023-33150CriJul 11, 2023
    risk 0.62cvss 9.6epss 0.02

    Microsoft Office Security Feature Bypass Vulnerability

  • CVE-2016-3351MedKEVSep 14, 2016
    risk 0.62cvss 6.5epss 0.26

    Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."

  • CVE-2016-3324HigSep 14, 2016
    risk 0.62cvss 8.8epss 0.28

    Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

  • CVE-2016-4135HigJun 16, 2016
    risk 0.62cvss 8.8epss 0.17

    Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

  • CVE-2016-0100HigMar 9, 2016
    risk 0.62cvss 8.4epss 0.58

    Microsoft Windows Vista SP2 and Server 2008 SP2 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Library Loading Input Validation Remote Code Execution Vulnerability."

  • CVE-2013-7331MedKEVFeb 26, 2014
    risk 0.62cvss 6.5epss 0.58

    The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and…

  • CVE-2018-8420HigSep 13, 2018
    risk 0.61cvss 8.8epss 0.49

    A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka "MS XML Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012,…

  • CVE-2018-1026HigApr 12, 2018
    risk 0.61cvss 8.8epss 0.41

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Office. This CVE ID is unique from CVE-2018-1030.

  • CVE-2016-0088CriApr 12, 2016
    risk 0.61cvss 9.3epss 0.08

    Hyper-V in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows guest OS users to execute arbitrary code on the host OS via a crafted application, aka "Hyper-V Remote Code Execution Vulnerability."

  • CVE-2014-2815HigAug 12, 2014
    risk 0.61cvss 8.8epss 0.44

    Microsoft OneNote 2007 SP3 allows remote attackers to execute arbitrary code via a crafted OneNote file that triggers creation of an executable file in a startup folder, aka "OneNote Remote Code Execution Vulnerability."

  • CVE-2012-0003HigJan 10, 2012
    risk 0.61cvss 8.1epss 0.69

    Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote…

  • CVE-2009-2493HigJul 29, 2009
    risk 0.61cvss 8.8epss 0.43

    The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2;…

  • CVE-2009-0901HigJul 29, 2009
    risk 0.61cvss 8.8epss 0.42

    The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does…

  • CVE-2026-41090CriMay 22, 2026
    risk 0.60cvss 9.3epss 0.00

    Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network.

  • CVE-2026-40402CriMay 12, 2026
    risk 0.60cvss 9.3epss 0.00

    Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.

  • CVE-2026-40379CriMay 12, 2026
    risk 0.60cvss 9.3epss 0.01

    Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2026-33102CriApr 23, 2026
    risk 0.60cvss 9.3epss 0.00

    Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.

  • CVE-2026-32210CriApr 23, 2026
    risk 0.60cvss 9.3epss 0.01

    Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network.

Page 5 of 284