Filtered by vendor Microsoft
Subscribe
Total
24758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-53792 | 1 Microsoft | 1 Azure Portal | 2026-06-17 | N/A | 9.1 CRITICAL |
| Azure Portal Elevation of Privilege Vulnerability | |||||
| CVE-2025-53791 | 1 Microsoft | 1 Edge Chromium | 2026-06-17 | N/A | 4.7 MEDIUM |
| Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network. | |||||
| CVE-2025-53789 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2026-06-17 | N/A | 7.8 HIGH |
| Missing authentication for critical function in Windows StateRepository API allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-53788 | 1 Microsoft | 1 Windows Subsystem For Linux | 2026-06-17 | N/A | 7.0 HIGH |
| Time-of-check time-of-use (toctou) race condition in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-53787 | 1 Microsoft | 1 365 Copilot Chat | 2026-06-17 | N/A | 8.2 HIGH |
| Microsoft 365 Copilot BizChat Information Disclosure Vulnerability | |||||
| CVE-2025-53786 | 1 Microsoft | 2 Exchange Server, Exchange Server Subscription Edition | 2026-06-17 | N/A | 8.0 HIGH |
| On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot Fix. Microsoft made these changes in the general interest of improving the security of hybrid Exchange deployments. Following further investigation, Microsoft identified specific security implications tied to the guidance and configuration steps outlined in the April announcement. Microsoft is issuing CVE-2025-53786 to document a vulnerability that is addressed by taking the steps documented with the April 18th announcement. Microsoft strongly recommends reading the information, installing the April 2025 (or later) Hot Fix and implementing the changes in your Exchange Server and hybrid environment. | |||||
| CVE-2025-53784 | 1 Microsoft | 2 365 Apps, Office Long Term Servicing Channel | 2026-06-17 | N/A | 8.4 HIGH |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-53783 | 1 Microsoft | 5 Dynamics 365 Guides, Dynamics 365 Remote Assist, Teams and 2 more | 2026-06-17 | N/A | 7.5 HIGH |
| Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2025-53782 | 1 Microsoft | 2 Exchange Server, Exchange Server Subscription Edition | 2026-06-17 | N/A | 8.4 HIGH |
| Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally. | |||||
| CVE-2025-53781 | 1 Microsoft | 22 Dcadsv5-series Azure Vm, Dcadsv5-series Azure Vm Firmware, Dcasv5-series Azure Vm and 19 more | 2026-06-17 | N/A | 7.7 HIGH |
| Exposure of sensitive information to an unauthorized actor in Azure Virtual Machines allows an authorized attacker to disclose information over a network. | |||||
| CVE-2025-53779 | 1 Microsoft | 1 Windows Server 2025 | 2026-06-17 | N/A | 7.2 HIGH |
| Relative path traversal in Windows Kerberos allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2025-53778 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2026-06-17 | N/A | 8.8 HIGH |
| Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2025-53774 | 1 Microsoft | 1 365 Copilot Chat | 2026-06-17 | N/A | 6.5 MEDIUM |
| Microsoft 365 Copilot BizChat Information Disclosure Vulnerability | |||||
| CVE-2025-53773 | 1 Microsoft | 1 Visual Studio 2022 | 2026-06-17 | N/A | 7.8 HIGH |
| Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-53772 | 1 Microsoft | 1 Web Deploy 4.0 | 2026-06-17 | N/A | 8.8 HIGH |
| Deserialization of untrusted data in Web Deploy allows an authorized attacker to execute code over a network. | |||||
| CVE-2025-53771 | 1 Microsoft | 1 Sharepoint Server | 2026-06-17 | N/A | 6.5 MEDIUM |
| Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2025-53770 | 1 Microsoft | 1 Sharepoint Server | 2026-06-17 | N/A | 9.8 CRITICAL |
| Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation. | |||||
| CVE-2025-53769 | 1 Microsoft | 1 Windows Security App | 2026-06-17 | N/A | 5.5 MEDIUM |
| External control of file name or path in Windows Security App allows an authorized attacker to perform spoofing locally. | |||||
| CVE-2025-53768 | 1 Microsoft | 9 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 6 more | 2026-06-17 | N/A | 7.8 HIGH |
| Use after free in Xbox allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-53767 | 1 Microsoft | 1 Azure Openai | 2026-06-17 | N/A | 10.0 CRITICAL |
| Azure OpenAI Elevation of Privilege Vulnerability | |||||