Vendor CVEs
Microsoft
All CVEs
14,318 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-54902 | Hig | 0.51 | 7.8 | 0.01 | Sep 9, 2025 | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-54900 | Hig | 0.51 | 7.8 | 0.01 | Sep 9, 2025 | Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-54899 | Hig | 0.51 | 7.8 | 0.01 | Sep 9, 2025 | Free of memory not on the heap in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-54898 | Hig | 0.51 | 7.8 | 0.01 | Sep 9, 2025 | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-54896 | Hig | 0.51 | 7.8 | 0.01 | Sep 9, 2025 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-54895 | Hig | 0.51 | 7.8 | 0.00 | Sep 9, 2025 | Integer overflow or wraparound in Windows SPNEGO Extended Negotiation allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-54894 | Hig | 0.51 | 7.8 | 0.00 | Sep 9, 2025 | Local Security Authority Subsystem Service Elevation of Privilege Vulnerability | ||
| CVE-2025-54111 | Hig | 0.51 | 7.8 | 0.00 | Sep 9, 2025 | Use after free in Windows UI XAML Phone DatePickerFlyout allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-54102 | Hig | 0.51 | 7.8 | 0.00 | Sep 9, 2025 | Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-54098 | Hig | 0.51 | 7.8 | 0.03 | Sep 9, 2025 | Improper access control in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-54092 | Hig | 0.51 | 7.8 | 0.00 | Sep 9, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-54091 | Hig | 0.51 | 7.8 | 0.00 | Sep 9, 2025 | Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-53801 | Hig | 0.51 | 7.8 | 0.00 | Sep 9, 2025 | Untrusted pointer dereference in Windows DWM allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-53800 | Hig | 0.51 | 7.8 | 0.00 | Sep 9, 2025 | No cwe for this issue in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-49692 | Hig | 0.51 | 7.8 | 0.00 | Sep 9, 2025 | Improper access control in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-55230 | Hig | 0.51 | 7.8 | 0.00 | Aug 21, 2025 | Untrusted pointer dereference in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-53789 | Hig | 0.51 | 7.8 | 0.00 | Aug 12, 2025 | Missing authentication for critical function in Windows StateRepository API allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-53773 | Hig | 0.51 | 7.8 | 0.03 | Aug 12, 2025 | Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-53761 | Hig | 0.51 | 7.8 | 0.00 | Aug 12, 2025 | Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-53759 | Hig | 0.51 | 7.8 | 0.00 | Aug 12, 2025 | Use of uninitialized resource in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-53741 | Hig | 0.51 | 7.8 | 0.00 | Aug 12, 2025 | Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-53739 | Hig | 0.51 | 7.8 | 0.01 | Aug 12, 2025 | Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-53738 | Hig | 0.51 | 7.8 | 0.00 | Aug 12, 2025 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-53737 | Hig | 0.51 | 7.8 | 0.01 | Aug 12, 2025 | Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-53735 | Hig | 0.51 | 7.8 | 0.01 | Aug 12, 2025 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-53734 | Hig | 0.51 | 7.8 | 0.00 | Aug 12, 2025 | Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-53732 | Hig | 0.51 | 7.8 | 0.00 | Aug 12, 2025 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-53730 | Hig | 0.51 | 7.8 | 0.00 | Aug 12, 2025 | Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-53729 | Hig | 0.51 | 7.8 | 0.00 | Aug 12, 2025 | Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-53726 | Hig | 0.51 | 7.8 | 0.00 | Aug 12, 2025 | Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-53725 | Hig | 0.51 | 7.8 | 0.00 | Aug 12, 2025 | Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-53724 | Hig | 0.51 | 7.8 | 0.00 | Aug 12, 2025 | Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-53723 | Hig | 0.51 | 7.8 | 0.00 | Aug 12, 2025 | Numeric truncation error in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-53155 | Hig | 0.51 | 7.8 | 0.00 | Aug 12, 2025 | Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-53154 | Hig | 0.51 | 7.8 | 0.00 | Aug 12, 2025 | Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-53152 | Hig | 0.51 | 7.8 | 0.00 | Aug 12, 2025 | Use after free in Desktop Windows Manager allows an authorized attacker to execute code locally. | ||
| CVE-2025-53151 | Hig | 0.51 | 7.8 | 0.00 | Aug 12, 2025 | Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-53149 | Hig | 0.51 | 7.8 | 0.01 | Aug 12, 2025 | Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-53141 | Hig | 0.51 | 7.8 | 0.00 | Aug 12, 2025 | Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-53133 | Hig | 0.51 | 7.8 | 0.00 | Aug 12, 2025 | Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-53132 | Hig | 0.51 | 7.8 | 0.00 | Aug 12, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-50176 | Hig | 0.51 | 7.8 | 0.00 | Aug 12, 2025 | Access of resource using incompatible type ('type confusion') in Graphics Kernel allows an authorized attacker to execute code locally. | ||
| CVE-2025-50173 | Hig | 0.51 | 7.8 | 0.00 | Aug 12, 2025 | Weak authentication in Windows Installer allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-50170 | Hig | 0.51 | 7.8 | 0.00 | Aug 12, 2025 | Improper handling of insufficient permissions or privileges in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-50168 | Hig | 0.51 | 7.8 | 0.01 | Aug 12, 2025 | Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-50155 | Hig | 0.51 | 7.8 | 0.00 | Aug 12, 2025 | Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-50153 | Hig | 0.51 | 7.8 | 0.00 | Aug 12, 2025 | Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-49761 | Hig | 0.51 | 7.8 | 0.00 | Aug 12, 2025 | Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-49707 | Hig | 0.51 | 7.9 | 0.00 | Aug 12, 2025 | Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally. | ||
| CVE-2025-49742 | Hig | 0.51 | 7.8 | 0.00 | Jul 8, 2025 | Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to execute code locally. |
- risk 0.51cvss 7.8epss 0.01
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.01
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.01
Free of memory not on the heap in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.01
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.01
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Integer overflow or wraparound in Windows SPNEGO Extended Negotiation allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.00
Use after free in Windows UI XAML Phone DatePickerFlyout allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.03
Improper access control in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Untrusted pointer dereference in Windows DWM allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
No cwe for this issue in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Improper access control in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Untrusted pointer dereference in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Missing authentication for critical function in Windows StateRepository API allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.03
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Use of uninitialized resource in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.01
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.01
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.01
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Numeric truncation error in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Desktop Windows Manager allows an authorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.01
Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Access of resource using incompatible type ('type confusion') in Graphics Kernel allows an authorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Weak authentication in Windows Installer allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Improper handling of insufficient permissions or privileges in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.01
Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.9epss 0.00
Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally.
- risk 0.51cvss 7.8epss 0.00
Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to execute code locally.
Page 61 of 287