Filtered by vendor Microsoft
Subscribe
Total
24045 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-6300 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-05-26 | N/A | 8.8 HIGH |
| Use after free in CSS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2026-6296 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-05-26 | N/A | 9.6 CRITICAL |
| Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | |||||
| CVE-2026-32223 | 1 Microsoft | 4 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 and 1 more | 2026-05-26 | N/A | 6.8 MEDIUM |
| Heap-based buffer overflow in Windows USB Print Driver allows an unauthorized attacker to elevate privileges with a physical attack. | |||||
| CVE-2026-32077 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-05-26 | N/A | 7.8 HIGH |
| Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-26128 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-05-26 | N/A | 7.8 HIGH |
| Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-25187 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-05-26 | N/A | 7.8 HIGH |
| Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-20931 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-05-26 | N/A | 8.0 HIGH |
| External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network. | |||||
| CVE-2026-20864 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2026-05-26 | N/A | 7.8 HIGH |
| Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-45495 | 1 Microsoft | 1 Edge Chromium | 2026-05-26 | N/A | 8.8 HIGH |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||
| CVE-2026-45585 | 1 Microsoft | 4 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 and 1 more | 2026-05-22 | N/A | 6.8 MEDIUM |
| Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices. We are issuing this CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available. Mitigation FAQs Should I leverage the temporary mitigation? Microsoft recommends that you consider implementing these mitigations if you are concerned your devices and data are at risk of being compromised or stolen. For example, if your organization’s employees take their work devices home or on business travel. What impact to service availability/management could be caused by implementing the mitigations? Implementing these mitigations will not impact service availability or management operations. Do customers need to revert the changes made to mitigate the vulnerability once the security update to protect against this vulnerability is available? No. The security update will maintain the mitigation's behavior once the security update is installed. I am using TPM+PIN, am I at risk of this vulnerability being exploited No, if you are using TPM+PIN the vulnerability is not exploitable. | |||||
| CVE-2026-33117 | 1 Microsoft | 1 Azure Sdk For Java | 2026-05-22 | N/A | 9.1 CRITICAL |
| The Java Key Vault Keys library in the Azure SDK for Java contains an issue in the local cryptographic verification path where authentication tag comparison was implemented incorrectly. In affected applications that use the vulnerable local cryptography path, specially crafted encrypted input may bypass integrity verification checks. Operations delegated to the Key Vault service are not affected. The issue is addressed in version 4.10.6. | |||||
| CVE-2026-8992 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2026-05-22 | N/A | 8.8 HIGH |
| An improper certificate validation vulnerability in Ivanti Secure Access Client before 22.8R6 allows a remote unauthenticated attacker to execute arbitrary code. | |||||
| CVE-2025-30388 | 1 Microsoft | 18 365 Copilot, Office, Office Long Term Servicing Channel and 15 more | 2026-05-22 | N/A | 7.8 HIGH |
| Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally. | |||||
| CVE-2026-25180 | 1 Microsoft | 15 365 Copilot, Windows 10 1607, Windows 10 1809 and 12 more | 2026-05-22 | N/A | 5.5 MEDIUM |
| Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attacker to disclose information locally. | |||||
| CVE-2025-47164 | 1 Microsoft | 4 365 Apps, 365 Copilot, Office and 1 more | 2026-05-22 | N/A | 8.4 HIGH |
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-30386 | 1 Microsoft | 4 365 Apps, 365 Copilot, Office and 1 more | 2026-05-22 | N/A | 8.4 HIGH |
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-59227 | 1 Microsoft | 4 365 Apps, 365 Copilot, Office and 1 more | 2026-05-22 | N/A | 7.8 HIGH |
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-47953 | 1 Microsoft | 4 365 Apps, 365 Copilot, Office and 1 more | 2026-05-22 | N/A | 8.4 HIGH |
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | |||||
| CVE-2024-38250 | 1 Microsoft | 17 365 Copilot, Office, Office Long Term Servicing Channel and 14 more | 2026-05-22 | N/A | 7.8 HIGH |
| Windows Graphics Component Elevation of Privilege Vulnerability | |||||
| CVE-2025-26687 | 1 Microsoft | 17 365 Copilot, Office, Windows 10 1507 and 14 more | 2026-05-22 | N/A | 7.5 HIGH |
| Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network. | |||||