Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Total 24077 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2026-8562 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2026-05-18 N/A 4.3 MEDIUM
Side-channel information leakage in Navigation in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-33518 3 Esri, Linux, Microsoft 3 Portal For Arcgis, Linux Kernel, Windows 2026-05-18 N/A 9.8 CRITICAL
An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privileges than expected.
CVE-2026-33519 4 Esri, Kubernetes, Linux and 1 more 4 Portal For Arcgis, Kubernetes, Linux Kernel and 1 more 2026-05-18 N/A 9.8 CRITICAL
An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials.
CVE-2026-40381 1 Microsoft 1 Azure Connected Machine Agent 2026-05-18 N/A 7.8 HIGH
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-32185 1 Microsoft 1 Teams 2026-05-18 N/A 5.5 MEDIUM
Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.
CVE-2026-40416 1 Microsoft 1 Edge Chromium 2026-05-18 N/A 4.3 MEDIUM
User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2020-17103 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2026-05-18 7.2 HIGH 7.0 HIGH
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2026-41101 1 Microsoft 1 Word 2026-05-16 N/A 7.1 HIGH
Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.
CVE-2026-41102 1 Microsoft 1 Powerpoint 2026-05-16 N/A 7.1 HIGH
Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally.
CVE-2026-41103 1 Microsoft 2 Confluence Saml Sso, Jira Saml Sso 2026-05-16 N/A 9.1 CRITICAL
Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-41100 1 Microsoft 1 365 Copilot 2026-05-16 N/A 4.4 MEDIUM
Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.
CVE-2026-41094 1 Microsoft 1 Data Formulator 2026-05-16 N/A 8.8 HIGH
Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network.
CVE-2026-42897 1 Microsoft 1 Exchange Server 2026-05-15 N/A 8.1 HIGH
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-41615 1 Microsoft 1 Authenticator 2026-05-15 N/A 9.6 CRITICAL
Exposure of sensitive information to an unauthorized actor in Microsoft Authenticator allows an unauthorized attacker to disclose information over a network.
CVE-2026-41086 1 Microsoft 1 Windows Admin Center 2026-05-15 N/A 8.8 HIGH
Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
CVE-2026-33821 1 Microsoft 1 Dynamics 365 Customer Insights 2026-05-15 N/A 7.7 HIGH
Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network.
CVE-2026-41089 1 Microsoft 6 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 3 more 2026-05-15 N/A 9.8 CRITICAL
Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.
CVE-2026-41095 1 Microsoft 6 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 3 more 2026-05-15 N/A 7.8 HIGH
Use after free in Data Deduplication allows an authorized attacker to elevate privileges locally.
CVE-2026-41096 1 Microsoft 6 Windows 11 23h2, Windows 11 24h2, Windows 11 25h2 and 3 more 2026-05-15 N/A 9.8 CRITICAL
Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.
CVE-2026-41097 1 Microsoft 11 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 8 more 2026-05-15 N/A 6.7 MEDIUM
Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.