Filtered by vendor Microsoft
Subscribe
Total
24740 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-47955 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2026-06-17 | N/A | 7.8 HIGH |
| Improper privilege management in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-47954 | 1 Microsoft | 1 Sql Server 2022 | 2026-06-17 | N/A | 8.8 HIGH |
| Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2025-47953 | 1 Microsoft | 4 365 Apps, 365 Copilot, Office and 1 more | 2026-06-17 | N/A | 8.4 HIGH |
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-47867 | 2 Microsoft, Trendmicro | 2 Windows, Apex Central | 2026-06-17 | N/A | 7.5 HIGH |
| A Local File Inclusion vulnerability in a Trend Micro Apex Central widget in versions below 8.0.6955 could allow an attacker to include arbitrary files to execute as PHP code and lead to remote code execution on affected installations. | |||||
| CVE-2025-47866 | 2 Microsoft, Trendmicro | 2 Windows, Apex Central | 2026-06-17 | N/A | 4.3 MEDIUM |
| An unrestricted file upload vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to upload arbitrary files on affected installations. | |||||
| CVE-2025-47865 | 2 Microsoft, Trendmicro | 2 Windows, Apex Central | 2026-06-17 | N/A | 7.5 HIGH |
| A Local File Inclusion vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to gain remote code execution on affected installations. | |||||
| CVE-2025-47827 | 2 Igel, Microsoft | 16 Igel Os, Windows 10 1507, Windows 10 1607 and 13 more | 2026-06-17 | N/A | 4.6 MEDIUM |
| In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image. | |||||
| CVE-2025-47733 | 1 Microsoft | 1 Power Apps | 2026-06-17 | N/A | 9.1 CRITICAL |
| Server-Side Request Forgery (SSRF) in Microsoft Power Apps allows an unauthorized attacker to disclose information over a network | |||||
| CVE-2025-47732 | 1 Microsoft | 1 Dataverse | 2026-06-17 | N/A | 8.7 HIGH |
| Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network. | |||||
| CVE-2025-47182 | 1 Microsoft | 1 Edge Chromium | 2026-06-17 | N/A | 5.6 MEDIUM |
| Improper input validation in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally. | |||||
| CVE-2025-47181 | 1 Microsoft | 1 Edge Update | 2026-06-17 | N/A | 8.8 HIGH |
| Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-47179 | 1 Microsoft | 3 Configuration Manager 2403, Configuration Manager 2409, Configuration Manager 2503 | 2026-06-17 | N/A | 6.7 MEDIUM |
| Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-47178 | 1 Microsoft | 1 Configuration Manager 2503 | 2026-06-17 | N/A | 8.0 HIGH |
| Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to execute code over an adjacent network. | |||||
| CVE-2025-47176 | 1 Microsoft | 2 365 Apps, Office Long Term Servicing Channel | 2026-06-17 | N/A | 7.8 HIGH |
| '.../...//' in Microsoft Office Outlook allows an authorized attacker to execute code locally. | |||||
| CVE-2025-47175 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2026-06-17 | N/A | 7.8 HIGH |
| Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-47174 | 1 Microsoft | 2 365 Apps, Office Long Term Servicing Channel | 2026-06-17 | N/A | 7.8 HIGH |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-47173 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2026-06-17 | N/A | 7.8 HIGH |
| Improper input validation in Microsoft Office allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-47172 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2026-06-17 | N/A | 8.8 HIGH |
| Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||||
| CVE-2025-47171 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2026-06-17 | N/A | 6.7 MEDIUM |
| Improper input validation in Microsoft Office Outlook allows an authorized attacker to execute code locally. | |||||
| CVE-2025-47170 | 1 Microsoft | 2 365 Apps, Office Long Term Servicing Channel | 2026-06-17 | N/A | 7.8 HIGH |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||||