Search

Found 546 results in 104ms · Match type: Filtered list

CVE	Severity	CVSS	Risk	Flags	OS	Vendor	Published	Description
CVE-2026-42827	medium	6.5	6.5		windows	microsoft	12d ago	Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-45498	medium	4.0	5.5	KEV	windows	microsoft	15d ago	Microsoft Defender contains an unspecified vulnerability that allows for denial of service.
CVE-2026-45494	medium	5.4	5.4		windows	microsoft	16d ago	Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2026-45492	medium	5.4	5.4		windows	microsoft	16d ago	Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-42891	medium	6.5	6.5		windows	microsoft	22d ago	User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-42838	medium	5.4	5.4		windows	microsoft	22d ago	Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a netw…
CVE-2026-42830	medium	6.5	6.5		windows	microsoft	22d ago	Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-41614	medium	6.2	6.2		windows	microsoft	22d ago	Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally.
CVE-2026-41612	medium	5.5	5.5		windows	microsoft	22d ago	Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally.
CVE-2026-41610	medium	6.3	6.3		windows	microsoft	22d ago	Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-41100	medium	4.4	4.4		windows	microsoft	22d ago	Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.
CVE-2026-40421	medium	4.3	4.3		windows	microsoft	22d ago	Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2026-40416	medium	4.3	4.3		windows	microsoft	22d ago	User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-40374	medium	6.5	6.5		windows	microsoft	22d ago	Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network.
CVE-2026-35440	medium	5.5	5.5		windows	microsoft	22d ago	Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2026-35429	medium	4.3	4.3		windows	microsoft	22d ago	User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-32185	medium	5.5	5.5		windows	microsoft	22d ago	Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.
CVE-2026-33822	medium	6.1	6.1			microsoft	2mo ago	Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2026-33103	medium	5.5	5.5			microsoft	2mo ago	Improper access control in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to disclose information locally.
CVE-2026-32226	medium	5.9	5.9		windows	microsoft	2mo ago	Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network.
CVE-2026-32196	medium	6.1	6.1			microsoft	2mo ago	Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-32176	medium	6.7	6.7			microsoft	2mo ago	Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.
CVE-2026-32167	medium	6.7	6.7			microsoft	2mo ago	Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.
CVE-2026-23653	medium	5.7	5.7			microsoft	2mo ago	Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network.
CVE-2026-20945	medium	4.6	4.6			microsoft	2mo ago	Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-32201	medium	6.5	8.0	KEV		microsoft	2mo ago	Microsoft SharePoint Server contains an improper input validation vulnerability that allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-25180	medium	5.5	5.5	FIX	windows	microsoft	3mo ago	Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attacker to disclose information locally.
CVE-2025-53799	medium	5.5	5.5	FIX	windows	microsoft	9mo ago	Use of uninitialized resource in Windows Imaging Component allows an unauthorized attacker to disclose information locally.
CVE-2023-36009	medium	5.5	5.5			microsoft	3y ago	Microsoft Word Information Disclosure Vulnerability
CVE-2023-36897	medium	6.5	6.5			microsoft	3y ago	Visual Studio Tools for Office Runtime Spoofing Vulnerability
CVE-2023-33162	medium	5.5	5.5			microsoft	3y ago	Microsoft Excel Information Disclosure Vulnerability
CVE-2023-33151	medium	6.5	6.5			microsoft	3y ago	Microsoft Outlook Spoofing Vulnerability
CVE-2023-23391	medium	5.5	5.5			microsoft	3y ago	Office for Android Spoofing Vulnerability
CVE-2022-41105	medium	5.5	5.5			microsoft	4y ago	Microsoft Excel Information Disclosure Vulnerability
CVE-2022-41104	medium	5.5	5.5			microsoft	4y ago	Microsoft Excel Security Feature Bypass Vulnerability
CVE-2022-41103	medium	5.5	5.5			microsoft	4y ago	Microsoft Word Information Disclosure Vulnerability
CVE-2022-41060	medium	5.5	5.5			microsoft	4y ago	Microsoft Word Information Disclosure Vulnerability
CVE-2022-29107	medium	5.5	5.5			microsoft	4y ago	Microsoft Office Security Feature Bypass Vulnerability
CVE-2022-26934	medium	6.5	6.5		windows	microsoft	4y ago	Windows Graphics Component Information Disclosure Vulnerability
CVE-2022-24511	medium	5.5	5.5			microsoft	4y ago	Microsoft Office Word Tampering Vulnerability
CVE-2022-24462	medium	5.5	5.5			microsoft	4y ago	Microsoft Word Security Feature Bypass Vulnerability
CVE-2022-24512	medium	6.3	6.3		rocky fedora rhel	microsoft	4y ago	RHSA-2022:0830: .NET 5.0 security and bugfix update (Important)
CVE-2021-43255	medium	5.5	5.5			microsoft	5y ago	Microsoft Office Trust Center Spoofing Vulnerability
CVE-2021-42295	medium	5.5	5.5			microsoft	5y ago	Visual Basic for Applications Information Disclosure Vulnerability
CVE-2021-42293	medium	6.5	6.5			microsoft	5y ago	Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability
CVE-2018-3639	medium	5.5	6.5	EXPFIX	sles debian rhel	intelarmredhat	8y ago	Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of i…
CVE-2017-11939	medium	6.5	6.5			microsoft	9y ago	Microsoft Office 2016 Click-to-Run (C2R) allows an information disclosure vulnerability due to the way Microsoft Office enforces DRM copy/paste permissions, aka "Microsoft Office Information Disclosu…
CVE-2017-11934	medium	5.5	5.5			microsoft	9y ago	Microsoft Office 2013 RT SP1, Microsoft Office 2013 SP1, and Microsoft Office 2016 allow an information disclosure vulnerability due to the way certain functions handle objects in memory, aka "Micros…
CVE-2017-11919	medium	5.3	5.3		windows	microsoft	9y ago	ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows …
CVE-2017-11906	medium	5.3	6.3	EXP	windows	microsoft	9y ago	Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Serv…
CVE-2017-11887	medium	5.3	5.3		windows	microsoft	9y ago	Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows …
CVE-2017-11877	medium	5.5	5.5			microsoft	9y ago	Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibi…
CVE-2017-11872	medium	6.5	6.5		windows	microsoft	9y ago	Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to force the browser to send data that would otherwise be restricted to a destination website of the atta…
CVE-2017-11863	medium	6.1	6.1		windows	microsoft	9y ago	Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to trick a user into loading a page containing malicious c…
CVE-2017-11848	medium	4.3	4.3		windows	microsoft	9y ago	Internet Explorer in Microsoft Microsoft Windows 7 SP1, Windows Server 2008 SP2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 20…
CVE-2017-11844	medium	4.3	4.3		windows	microsoft	9y ago	Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edge handles …
CVE-2017-11834	medium	5.3	5.3		windows	microsoft	9y ago	Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Serv…
CVE-2017-11803	medium	4.3	4.3		windows	microsoft	9y ago	Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edge handles …
CVE-2017-8726	medium	4.3	4.3		windows	microsoft	9y ago	Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how affected Microsoft s…
CVE-2017-11820	medium	5.4	5.4			microsoft	9y ago	Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted …
CVE-2017-11794	medium	4.3	4.3		windows	microsoft	9y ago	Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge …
CVE-2017-11790	medium	4.3	4.3		windows	microsoft	9y ago	Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 201…
CVE-2017-11777	medium	5.4	5.4			microsoft	9y ago	Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted …
CVE-2017-11775	medium	5.4	5.4			microsoft	9y ago	Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted …
CVE-2017-8758	medium	6.1	6.1			microsoft	9y ago	Microsoft Exchange Server 2016 allows an elevation of privilege vulnerability when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Cross-Sit…
CVE-2017-8754	medium	4.2	4.2		windows	microsoft	9y ago	Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the Edg…
CVE-2017-8745	medium	5.4	5.4			microsoft	9y ago	An elevation of privilege vulnerability exists in Microsoft SharePoint Foundation 2013 Service Pack 1 when it does not properly sanitize a specially crafted web request to an affected SharePoint serv…
CVE-2017-8739	medium	4.3	4.3		windows	microsoft	9y ago	Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that the Microsoft Edge scripting engine handles objects i…
CVE-2017-8736	medium	4.3	4.3		windows	microsoft	9y ago	Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 16…
CVE-2017-8735	medium	4.3	4.3		windows	microsoft	9y ago	Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user by redirecting the user to a specially crafted website, due to the way that M…
CVE-2017-8733	medium	4.3	4.3		windows	microsoft	9y ago	Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 201…
CVE-2017-8724	medium	4.3	4.3		windows	microsoft	9y ago	Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker to trick a user by redirecting the user to a specially crafted website, due to the way that Microsoft Edge parses HTTP content, …
CVE-2017-8723	medium	4.3	4.3		windows	microsoft	9y ago	Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the Edg…
CVE-2017-8695	medium	5.3	5.3		windows	microsoft	9y ago	Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Off…
CVE-2017-8648	medium	4.3	4.3		windows	microsoft	9y ago	Microsoft Edge in Microsoft Windows Version 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that Microsoft Edge handles objects in memory, aka "M…
CVE-2017-8643	medium	4.3	4.3		windows	microsoft	9y ago	Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to leave a malicious website open during user clipboard activities, due to the way that Micro…
CVE-2017-8629	medium	5.4	5.4			microsoft	9y ago	Microsoft SharePoint Server 2013 Service Pack 1 allows an elevation of privilege vulnerability when it fails to properly sanitize a specially crafted web request to an affected SharePoint server, aka…
CVE-2017-8597	medium	4.3	4.3		windows	microsoft	9y ago	Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that Microsoft Edge handles objects in memory, aka…
CVE-2017-11761	medium	5.3	5.3			microsoft	9y ago	Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016 allow an input sanitization issue with Microsoft Exchange that could potentially result in unintended Information Disclosure, aka "Mi…
CVE-2017-8662	medium	4.3	4.3		windows	microsoft	9y ago	Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to disclose information due to how strings are validated in specific scenarios, aka "Microsoft Edge Information Disclosure Vulnerability…
CVE-2017-8659	medium	4.3	4.3		windows	microsoft	9y ago	ChakraCore information disclosure vulnerability
CVE-2017-8654	medium	5.4	5.4			microsoft	9y ago	Microsoft SharePoint Server 2010 Service Pack 2 allows a cross-site scripting (XSS) vulnerability when it does not properly sanitize a specially crafted web request to an affected SharePoint server, …
CVE-2017-8652	medium	6.5	7.5	EXP	windows	microsoft	9y ago	Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka "Mi…
CVE-2017-8650	medium	5.4	5.4		windows	microsoft	9y ago	Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exploit a security feature bypass due to Microsoft Edge not properly enforcing same-origin policies, aka "Microsoft Edge Security Fea…
CVE-2017-8644	medium	4.3	5.3	EXP	windows	microsoft	9y ago	Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka "Mi…
CVE-2017-8642	medium	6.1	6.1		windows	microsoft	9y ago	Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to elevate privileges due to the way that Microsoft Edge validates JavaScript under specific conditions, aka "Microsoft Edge Elevation o…
CVE-2017-8637	medium	5.3	5.3		windows	microsoft	9y ago	Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to bypass Arbitrary Code Guard (ACG) due to how Microsoft Edge accesses memory in code compiled by the Edge Just-In-Time (JIT) compiler,…
CVE-2017-8572	medium	5.5	5.5			microsoft	9y ago	Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows an information disclosure vulnerability due to the way tha…
CVE-2017-0196	medium	6.5	6.5			microsoft	9y ago	An information disclosure vulnerability in Microsoft scripting engine allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Inform…
CVE-2017-8621	medium	6.1	6.1			microsoft	9y ago	Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an open redirect vulnerability that could lead to spoofing, aka "Microsoft…
CVE-2017-8611	medium	6.5	6.5		windows	microsoft	9y ago	Microsoft Edge on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows remote attackers to spoof web content via a crafted web site, aka "Microsoft Edge Spoofing Vulnerabil…
CVE-2017-8602	medium	6.5	6.5		windows	microsoft	9y ago	Microsoft browsers on Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow…
CVE-2017-8599	medium	6.5	6.5		windows	microsoft	9y ago	Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when the Edge Content Security…
CVE-2017-8592	medium	6.5	6.5		windows	microsoft	9y ago	Microsoft browsers on when Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows RT 8.1, and Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server …
CVE-2017-8560	medium	6.1	6.1			microsoft	9y ago	Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlo…
CVE-2017-8559	medium	6.1	6.1			microsoft	9y ago	Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlo…
CVE-2017-8555	medium	4.3	4.3		windows	microsoft	9y ago	Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to trick a user into loading a page with malicious content when the Edge Content Security Policy (CSP) fails to properly validate certai…
CVE-2017-8551	medium	6.1	6.1			microsoft	9y ago	An elevation of privilege vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka "Microsoft SharePoint XSS vulnerability".
CVE-2017-8550	medium	5.4	6.4	EXP		microsoft	9y ago	A remote code execution vulnerability exists in Skype for Business when the software fails to sanitize specially crafted content, aka "Skype for Business Remote Code Execution Vulnerability".
CVE-2017-8545	medium	6.5	6.5			microsoft	9y ago	A spoofing vulnerability exists in when Microsoft Outlook for Mac does not sanitize html properly, aka "Microsoft Outlook for Mac Spoofing Vulnerability".