VIR Vulnerability Intelligence Relay

Search

Found 593 results in 147ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-42827 medium 6.5 6.5 windows windows microsoft 12d ago Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-45498 medium 4.0 5.5 KEV windows windows microsoft 15d ago Microsoft Defender contains an unspecified vulnerability that allows for denial of service.
CVE-2026-45494 medium 5.4 5.4 windows windows microsoft 16d ago Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2026-45492 medium 5.4 5.4 windows windows microsoft 16d ago Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-42891 medium 6.5 6.5 windows windows microsoft 22d ago User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-42838 medium 5.4 5.4 windows windows microsoft 22d ago Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a netw…
CVE-2026-42830 medium 6.5 6.5 windows windows microsoft 22d ago Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-41614 medium 6.2 6.2 windows windows microsoft 22d ago Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally.
CVE-2026-41612 medium 5.5 5.5 windows windows microsoft 22d ago Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally.
CVE-2026-41610 medium 6.3 6.3 windows windows microsoft 22d ago Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-41100 medium 4.4 4.4 windows windows microsoft 22d ago Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.
CVE-2026-40421 medium 4.3 4.3 windows windows microsoft 22d ago Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2026-40416 medium 4.3 4.3 windows windows microsoft 22d ago User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-40374 medium 6.5 6.5 windows windows microsoft 22d ago Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network.
CVE-2026-35440 medium 5.5 5.5 windows windows microsoft 22d ago Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2026-35429 medium 4.3 4.3 windows windows microsoft 22d ago User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-32185 medium 5.5 5.5 windows windows microsoft 22d ago Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.
CVE-2026-33822 medium 6.1 6.1 microsoft 2mo ago Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2026-33103 medium 5.5 5.5 microsoft 2mo ago Improper access control in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to disclose information locally.
CVE-2026-32226 medium 5.9 5.9 windows windows microsoft 2mo ago Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network.
CVE-2026-32196 medium 6.1 6.1 microsoft 2mo ago Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-32176 medium 6.7 6.7 microsoft 2mo ago Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.
CVE-2026-32167 medium 6.7 6.7 microsoft 2mo ago Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.
CVE-2026-23653 medium 5.7 5.7 microsoft 2mo ago Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network.
CVE-2026-20945 medium 4.6 4.6 microsoft 2mo ago Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-32201 medium 6.5 8.0 KEV microsoft 2mo ago Microsoft SharePoint Server contains an improper input validation vulnerability that allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-25180 medium 5.5 5.5 FIX windows windows microsoft 3mo ago Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attacker to disclose information locally.
CVE-2025-53799 medium 5.5 5.5 FIX windows windows microsoft 9mo ago Use of uninitialized resource in Windows Imaging Component allows an unauthorized attacker to disclose information locally.
CVE-2023-36009 medium 5.5 5.5 microsoft 3y ago Microsoft Word Information Disclosure Vulnerability
CVE-2023-36897 medium 6.5 6.5 microsoft 3y ago Visual Studio Tools for Office Runtime Spoofing Vulnerability
CVE-2023-33162 medium 5.5 5.5 microsoft 3y ago Microsoft Excel Information Disclosure Vulnerability
CVE-2023-33151 medium 6.5 6.5 microsoft 3y ago Microsoft Outlook Spoofing Vulnerability
CVE-2023-29333 low 3.3 3.3 microsoft 3y ago Microsoft Access Denial of Service Vulnerability
CVE-2023-23391 medium 5.5 5.5 microsoft 3y ago Office for Android Spoofing Vulnerability
CVE-2022-41105 medium 5.5 5.5 microsoft 4y ago Microsoft Excel Information Disclosure Vulnerability
CVE-2022-41104 medium 5.5 5.5 microsoft 4y ago Microsoft Excel Security Feature Bypass Vulnerability
CVE-2022-41103 medium 5.5 5.5 microsoft 4y ago Microsoft Word Information Disclosure Vulnerability
CVE-2022-41060 medium 5.5 5.5 microsoft 4y ago Microsoft Word Information Disclosure Vulnerability
CVE-2022-29107 medium 5.5 5.5 microsoft 4y ago Microsoft Office Security Feature Bypass Vulnerability
CVE-2022-26934 medium 6.5 6.5 windows windows microsoft 4y ago Windows Graphics Component Information Disclosure Vulnerability
CVE-2022-24511 medium 5.5 5.5 microsoft 4y ago Microsoft Office Word Tampering Vulnerability
CVE-2022-24462 medium 5.5 5.5 microsoft 4y ago Microsoft Word Security Feature Bypass Vulnerability
CVE-2022-24512 medium 6.3 6.3 rockyfedora fedora rhel microsoft 4y ago RHSA-2022:0830: .NET 5.0 security and bugfix update (Important)
CVE-2021-43255 medium 5.5 5.5 microsoft 5y ago Microsoft Office Trust Center Spoofing Vulnerability
CVE-2021-42295 medium 5.5 5.5 microsoft 5y ago Visual Basic for Applications Information Disclosure Vulnerability
CVE-2021-42293 medium 6.5 6.5 microsoft 5y ago Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability
CVE-2018-3639 medium 5.5 6.5 EXPFIX slesdebian debian rhel intelarmredhat 8y ago Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of i…
CVE-2017-11939 medium 6.5 6.5 microsoft 9y ago Microsoft Office 2016 Click-to-Run (C2R) allows an information disclosure vulnerability due to the way Microsoft Office enforces DRM copy/paste permissions, aka "Microsoft Office Information Disclosu…
CVE-2017-11934 medium 5.5 5.5 microsoft 9y ago Microsoft Office 2013 RT SP1, Microsoft Office 2013 SP1, and Microsoft Office 2016 allow an information disclosure vulnerability due to the way certain functions handle objects in memory, aka "Micros…
CVE-2017-11919 medium 5.3 5.3 windows windows microsoft 9y ago ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows …
CVE-2017-11906 medium 5.3 6.3 EXP windows windows microsoft 9y ago Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Serv…
CVE-2017-11887 medium 5.3 5.3 windows windows microsoft 9y ago Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows …
CVE-2017-11877 medium 5.5 5.5 microsoft 9y ago Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibi…
CVE-2017-11874 low 3.1 3.1 windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 1703, 1709, Windows Server, version 1709, and ChakraCore allows an attacker to bypass Control Flow Guard (CFG) to run arbitrary code on a target system, due to …
CVE-2017-11872 medium 6.5 6.5 windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to force the browser to send data that would otherwise be restricted to a destination website of the atta…
CVE-2017-11863 medium 6.1 6.1 windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to trick a user into loading a page containing malicious c…
CVE-2017-11848 medium 4.3 4.3 windows windows microsoft 9y ago Internet Explorer in Microsoft Microsoft Windows 7 SP1, Windows Server 2008 SP2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 20…
CVE-2017-11844 medium 4.3 4.3 windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edge handles …
CVE-2017-11834 medium 5.3 5.3 windows windows microsoft 9y ago Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Serv…
CVE-2017-11833 low 3.1 3.1 windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to determine the origin of all webpages in the affected br…
CVE-2017-11803 medium 4.3 4.3 windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edge handles …
CVE-2017-11791 low 3.1 3.1 windows windows microsoft 9y ago ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer i…
CVE-2017-11768 low 2.5 2.5 windows windows microsoft 9y ago Windows Media Player in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Wi…
CVE-2017-8726 medium 4.3 4.3 windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how affected Microsoft s…
CVE-2017-11820 medium 5.4 5.4 microsoft 9y ago Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted …
CVE-2017-11794 medium 4.3 4.3 windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge …
CVE-2017-11790 medium 4.3 4.3 windows windows microsoft 9y ago Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 201…
CVE-2017-11777 medium 5.4 5.4 microsoft 9y ago Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted …
CVE-2017-11775 medium 5.4 5.4 microsoft 9y ago Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted …
CVE-2017-8758 medium 6.1 6.1 microsoft 9y ago Microsoft Exchange Server 2016 allows an elevation of privilege vulnerability when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Cross-Sit…
CVE-2017-8754 medium 4.2 4.2 windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the Edg…
CVE-2017-8745 medium 5.4 5.4 microsoft 9y ago An elevation of privilege vulnerability exists in Microsoft SharePoint Foundation 2013 Service Pack 1 when it does not properly sanitize a specially crafted web request to an affected SharePoint serv…
CVE-2017-8739 medium 4.3 4.3 windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that the Microsoft Edge scripting engine handles objects i…
CVE-2017-8736 medium 4.3 4.3 windows windows microsoft 9y ago Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 16…
CVE-2017-8735 medium 4.3 4.3 windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user by redirecting the user to a specially crafted website, due to the way that M…
CVE-2017-8733 medium 4.3 4.3 windows windows microsoft 9y ago Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 201…
CVE-2017-8724 medium 4.3 4.3 windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker to trick a user by redirecting the user to a specially crafted website, due to the way that Microsoft Edge parses HTTP content, …
CVE-2017-8723 medium 4.3 4.3 windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the Edg…
CVE-2017-8695 medium 5.3 5.3 windows windows microsoft 9y ago Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Off…
CVE-2017-8676 low 3.3 3.3 windows windows microsoft 9y ago The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, …
CVE-2017-8648 medium 4.3 4.3 windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows Version 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that Microsoft Edge handles objects in memory, aka "M…
CVE-2017-8643 medium 4.3 4.3 windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to leave a malicious website open during user clipboard activities, due to the way that Micro…
CVE-2017-8629 medium 5.4 5.4 microsoft 9y ago Microsoft SharePoint Server 2013 Service Pack 1 allows an elevation of privilege vulnerability when it fails to properly sanitize a specially crafted web request to an affected SharePoint server, aka…
CVE-2017-8597 medium 4.3 4.3 windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that Microsoft Edge handles objects in memory, aka…
CVE-2017-11761 medium 5.3 5.3 microsoft 9y ago Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016 allow an input sanitization issue with Microsoft Exchange that could potentially result in unintended Information Disclosure, aka "Mi…
CVE-2017-8662 medium 4.3 4.3 windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to disclose information due to how strings are validated in specific scenarios, aka "Microsoft Edge Information Disclosure Vulnerability…
CVE-2017-8659 medium 4.3 4.3 windows windows microsoft 9y ago ChakraCore information disclosure vulnerability
CVE-2017-8654 medium 5.4 5.4 microsoft 9y ago Microsoft SharePoint Server 2010 Service Pack 2 allows a cross-site scripting (XSS) vulnerability when it does not properly sanitize a specially crafted web request to an affected SharePoint server, …
CVE-2017-8652 medium 6.5 7.5 EXP windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka "Mi…
CVE-2017-8650 medium 5.4 5.4 windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exploit a security feature bypass due to Microsoft Edge not properly enforcing same-origin policies, aka "Microsoft Edge Security Fea…
CVE-2017-8644 medium 4.3 5.3 EXP windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka "Mi…
CVE-2017-8642 medium 6.1 6.1 windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to elevate privileges due to the way that Microsoft Edge validates JavaScript under specific conditions, aka "Microsoft Edge Elevation o…
CVE-2017-8637 medium 5.3 5.3 windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to bypass Arbitrary Code Guard (ACG) due to how Microsoft Edge accesses memory in code compiled by the Edge Just-In-Time (JIT) compiler,…
CVE-2017-8572 medium 5.5 5.5 microsoft 9y ago Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows an information disclosure vulnerability due to the way tha…
CVE-2017-0196 medium 6.5 6.5 microsoft 9y ago An information disclosure vulnerability in Microsoft scripting engine allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Inform…
CVE-2017-8621 medium 6.1 6.1 microsoft 9y ago Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an open redirect vulnerability that could lead to spoofing, aka "Microsoft…
CVE-2017-8611 medium 6.5 6.5 windows windows microsoft 9y ago Microsoft Edge on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows remote attackers to spoof web content via a crafted web site, aka "Microsoft Edge Spoofing Vulnerabil…
CVE-2017-8602 medium 6.5 6.5 windows windows microsoft 9y ago Microsoft browsers on Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow…
CVE-2017-8599 medium 6.5 6.5 windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when the Edge Content Security…
CVE-2017-8592 medium 6.5 6.5 windows windows microsoft 9y ago Microsoft browsers on when Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows RT 8.1, and Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server …