VIR Vulnerability Intelligence Relay

Search

Found 1,572 results in 253ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-42827 medium 6.5 6.5 windows windows microsoft 12d ago Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-41104 critical 10.0 10.0 windows windows microsoft 12d ago Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an unauthorized attacker to disclose information over a network.
CVE-2026-40412 critical 10.0 10.0 windows windows microsoft 12d ago Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network.
CVE-2026-40411 critical 9.9 9.9 windows windows microsoft 12d ago Improper input validation in Azure Virtual Network Gateway allows an authorized attacker to execute code over a network.
CVE-2026-42901 critical 10.0 10.0 windows windows microsoft 12d ago Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-33843 critical 9.1 9.1 windows windows microsoft 12d ago Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-41090 critical 9.3 9.3 windows windows microsoft 12d ago Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network.
CVE-2026-47280 critical 10.0 10.0 windows windows microsoft 12d ago Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-23652 critical 10.0 10.0 windows windows microsoft 12d ago Improper neutralization of special elements used in a command ('command injection') in Microsoft Power Pages allows an unauthorized attacker to execute code over a network.
CVE-2026-45498 medium 4.0 5.5 KEV windows windows microsoft 15d ago Microsoft Defender contains an unspecified vulnerability that allows for denial of service.
CVE-2026-45494 medium 5.4 5.4 windows windows microsoft 16d ago Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2026-45492 medium 5.4 5.4 windows windows microsoft 16d ago Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-42822 critical 10.0 10.0 windows windows microsoft 16d ago Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-41615 critical 9.6 9.6 windows windows microsoft 20d ago Exposure of sensitive information to an unauthorized actor in Microsoft Authenticator allows an unauthorized attacker to disclose information over a network.
CVE-2026-42898 critical 9.9 9.9 windows windows microsoft 22d ago Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.
CVE-2026-42891 medium 6.5 6.5 windows windows microsoft 22d ago User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-42838 medium 5.4 5.4 windows windows microsoft 22d ago Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a netw…
CVE-2026-42833 critical 9.1 9.1 windows windows microsoft 22d ago Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.
CVE-2026-42830 medium 6.5 6.5 windows windows microsoft 22d ago Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-42823 critical 9.9 9.9 windows windows microsoft 22d ago Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.
CVE-2026-41614 medium 6.2 6.2 windows windows microsoft 22d ago Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally.
CVE-2026-41612 medium 5.5 5.5 windows windows microsoft 22d ago Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally.
CVE-2026-41610 medium 6.3 6.3 windows windows microsoft 22d ago Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-41103 critical 9.1 9.1 windows windows microsoft 22d ago Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-41100 medium 4.4 4.4 windows windows microsoft 22d ago Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.
CVE-2026-40421 medium 4.3 4.3 windows windows microsoft 22d ago Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2026-40416 medium 4.3 4.3 windows windows microsoft 22d ago User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-40379 critical 9.3 9.3 windows windows microsoft 22d ago Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-40374 medium 6.5 6.5 windows windows microsoft 22d ago Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network.
CVE-2026-35440 medium 5.5 5.5 windows windows microsoft 22d ago Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2026-35429 medium 4.3 4.3 windows windows microsoft 22d ago User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-33117 critical 9.1 9.1 windows windows microsoft 22d ago Security feature bypass vulnerability in Azure Key Vault Keys library for Java
CVE-2026-32185 medium 5.5 5.5 windows windows microsoft 22d ago Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.
CVE-2026-42826 critical 10.0 10.0 windows windows microsoft 27d ago Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose information over a network.
CVE-2026-35428 critical 9.6 9.6 windows windows microsoft 27d ago Improper neutralization of special elements used in a command ('command injection') in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-33844 critical 9.0 9.0 windows windows microsoft 27d ago Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.
CVE-2026-33823 critical 9.6 9.6 windows windows microsoft 27d ago Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network.
CVE-2026-33109 critical 9.9 9.9 windows windows microsoft 27d ago Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.
CVE-2026-21515 critical 9.9 9.9 microsoft 1mo ago Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network.
CVE-2026-35431 critical 10.0 10.0 microsoft 1mo ago Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-33819 critical 10.0 10.0 microsoft 1mo ago Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network.
CVE-2026-33102 critical 9.3 9.3 microsoft 1mo ago Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-32210 critical 9.3 9.3 microsoft 1mo ago Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-24303 critical 9.6 9.6 microsoft 1mo ago Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.
CVE-2026-40372 critical 9.1 9.1 microsoft 1mo ago Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-33822 medium 6.1 6.1 microsoft 2mo ago Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2026-33103 medium 5.5 5.5 microsoft 2mo ago Improper access control in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to disclose information locally.
CVE-2026-32226 medium 5.9 5.9 windows windows microsoft 2mo ago Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network.
CVE-2026-32196 medium 6.1 6.1 microsoft 2mo ago Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-32176 medium 6.7 6.7 microsoft 2mo ago Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.
CVE-2026-32167 medium 6.7 6.7 microsoft 2mo ago Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.
CVE-2026-26149 critical 9.0 9.0 microsoft 2mo ago Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to perform spoofing over a network.
CVE-2026-23653 medium 5.7 5.7 microsoft 2mo ago Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network.
CVE-2026-20945 medium 4.6 4.6 microsoft 2mo ago Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-32201 medium 6.5 8.0 KEV microsoft 2mo ago Microsoft SharePoint Server contains an improper input validation vulnerability that allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-25180 medium 5.5 5.5 FIX windows windows microsoft 3mo ago Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attacker to disclose information locally.
CVE-2025-60724 critical 9.8 9.8 FIX windows windows microsoft 7mo ago Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.
CVE-2025-53799 medium 5.5 5.5 FIX windows windows microsoft 9mo ago Use of uninitialized resource in Windows Imaging Component allows an unauthorized attacker to disclose information locally.
CVE-2025-53766 critical 9.8 9.8 FIX windows windows microsoft 10mo ago Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.
CVE-2023-36009 medium 5.5 5.5 microsoft 3y ago Microsoft Word Information Disclosure Vulnerability
CVE-2023-36897 medium 6.5 6.5 microsoft 3y ago Visual Studio Tools for Office Runtime Spoofing Vulnerability
CVE-2023-33162 medium 5.5 5.5 microsoft 3y ago Microsoft Excel Information Disclosure Vulnerability
CVE-2023-33151 medium 6.5 6.5 microsoft 3y ago Microsoft Outlook Spoofing Vulnerability
CVE-2023-33150 critical 9.6 9.6 microsoft 3y ago Microsoft Office Security Feature Bypass Vulnerability
CVE-2023-29333 low 3.3 3.3 microsoft 3y ago Microsoft Access Denial of Service Vulnerability
CVE-2023-23391 medium 5.5 5.5 microsoft 3y ago Office for Android Spoofing Vulnerability
CVE-2022-41105 medium 5.5 5.5 microsoft 4y ago Microsoft Excel Information Disclosure Vulnerability
CVE-2022-41104 medium 5.5 5.5 microsoft 4y ago Microsoft Excel Security Feature Bypass Vulnerability
CVE-2022-41103 medium 5.5 5.5 microsoft 4y ago Microsoft Word Information Disclosure Vulnerability
CVE-2022-41060 medium 5.5 5.5 microsoft 4y ago Microsoft Word Information Disclosure Vulnerability
CVE-2022-29107 medium 5.5 5.5 microsoft 4y ago Microsoft Office Security Feature Bypass Vulnerability
CVE-2022-26934 medium 6.5 6.5 windows windows microsoft 4y ago Windows Graphics Component Information Disclosure Vulnerability
CVE-2022-24511 medium 5.5 5.5 microsoft 4y ago Microsoft Office Word Tampering Vulnerability
CVE-2022-24462 medium 5.5 5.5 microsoft 4y ago Microsoft Word Security Feature Bypass Vulnerability
CVE-2022-24512 medium 6.3 6.3 rockyfedora fedora rhel microsoft 4y ago RHSA-2022:0830: .NET 5.0 security and bugfix update (Important)
CVE-2021-43255 medium 5.5 5.5 microsoft 5y ago Microsoft Office Trust Center Spoofing Vulnerability
CVE-2021-42295 medium 5.5 5.5 microsoft 5y ago Visual Basic for Applications Information Disclosure Vulnerability
CVE-2021-42293 medium 6.5 6.5 microsoft 5y ago Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability
CVE-2018-3639 medium 5.5 6.5 EXPFIX slesdebian debian rhel intelarmredhat 8y ago Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of i…
CVE-2017-11939 medium 6.5 6.5 microsoft 9y ago Microsoft Office 2016 Click-to-Run (C2R) allows an information disclosure vulnerability due to the way Microsoft Office enforces DRM copy/paste permissions, aka "Microsoft Office Information Disclosu…
CVE-2017-11934 medium 5.5 5.5 microsoft 9y ago Microsoft Office 2013 RT SP1, Microsoft Office 2013 SP1, and Microsoft Office 2016 allow an information disclosure vulnerability due to the way certain functions handle objects in memory, aka "Micros…
CVE-2017-11919 medium 5.3 5.3 windows windows microsoft 9y ago ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows …
CVE-2017-11906 medium 5.3 6.3 EXP windows windows microsoft 9y ago Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Serv…
CVE-2017-11887 medium 5.3 5.3 windows windows microsoft 9y ago Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows …
CVE-2017-11877 medium 5.5 5.5 microsoft 9y ago Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibi…
CVE-2017-11874 low 3.1 3.1 windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 1703, 1709, Windows Server, version 1709, and ChakraCore allows an attacker to bypass Control Flow Guard (CFG) to run arbitrary code on a target system, due to …
CVE-2017-11872 medium 6.5 6.5 windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to force the browser to send data that would otherwise be restricted to a destination website of the atta…
CVE-2017-11863 medium 6.1 6.1 windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to trick a user into loading a page containing malicious c…
CVE-2017-11848 medium 4.3 4.3 windows windows microsoft 9y ago Internet Explorer in Microsoft Microsoft Windows 7 SP1, Windows Server 2008 SP2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 20…
CVE-2017-11844 medium 4.3 4.3 windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edge handles …
CVE-2017-11834 medium 5.3 5.3 windows windows microsoft 9y ago Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Serv…
CVE-2017-11833 low 3.1 3.1 windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to determine the origin of all webpages in the affected br…
CVE-2017-11803 medium 4.3 4.3 windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edge handles …
CVE-2017-11791 low 3.1 3.1 windows windows microsoft 9y ago ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer i…
CVE-2017-11768 low 2.5 2.5 windows windows microsoft 9y ago Windows Media Player in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Wi…
CVE-2017-11767 critical 9.8 9.8 microsoft 9y ago ChakraCore vulnerable to privilege escalation
CVE-2017-8726 medium 4.3 4.3 windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how affected Microsoft s…
CVE-2017-11820 medium 5.4 5.4 microsoft 9y ago Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted …
CVE-2017-11794 medium 4.3 4.3 windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge …
CVE-2017-11790 medium 4.3 4.3 windows windows microsoft 9y ago Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 201…