Filtered by vendor Microsoft
Subscribe
Total
24077 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-8562 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-05-18 | N/A | 4.3 MEDIUM |
| Side-channel information leakage in Navigation in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2026-33518 | 3 Esri, Linux, Microsoft | 3 Portal For Arcgis, Linux Kernel, Windows | 2026-05-18 | N/A | 9.8 CRITICAL |
| An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privileges than expected. | |||||
| CVE-2026-33519 | 4 Esri, Kubernetes, Linux and 1 more | 4 Portal For Arcgis, Kubernetes, Linux Kernel and 1 more | 2026-05-18 | N/A | 9.8 CRITICAL |
| An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials. | |||||
| CVE-2026-40381 | 1 Microsoft | 1 Azure Connected Machine Agent | 2026-05-18 | N/A | 7.8 HIGH |
| Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-32185 | 1 Microsoft | 1 Teams | 2026-05-18 | N/A | 5.5 MEDIUM |
| Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally. | |||||
| CVE-2026-40416 | 1 Microsoft | 1 Edge Chromium | 2026-05-18 | N/A | 4.3 MEDIUM |
| User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2020-17103 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2026-05-18 | 7.2 HIGH | 7.0 HIGH |
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | |||||
| CVE-2026-41101 | 1 Microsoft | 1 Word | 2026-05-16 | N/A | 7.1 HIGH |
| Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally. | |||||
| CVE-2026-41102 | 1 Microsoft | 1 Powerpoint | 2026-05-16 | N/A | 7.1 HIGH |
| Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally. | |||||
| CVE-2026-41103 | 1 Microsoft | 2 Confluence Saml Sso, Jira Saml Sso | 2026-05-16 | N/A | 9.1 CRITICAL |
| Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network. | |||||
| CVE-2026-41100 | 1 Microsoft | 1 365 Copilot | 2026-05-16 | N/A | 4.4 MEDIUM |
| Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally. | |||||
| CVE-2026-41094 | 1 Microsoft | 1 Data Formulator | 2026-05-16 | N/A | 8.8 HIGH |
| Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2026-42897 | 1 Microsoft | 1 Exchange Server | 2026-05-15 | N/A | 8.1 HIGH |
| Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2026-41615 | 1 Microsoft | 1 Authenticator | 2026-05-15 | N/A | 9.6 CRITICAL |
| Exposure of sensitive information to an unauthorized actor in Microsoft Authenticator allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2026-41086 | 1 Microsoft | 1 Windows Admin Center | 2026-05-15 | N/A | 8.8 HIGH |
| Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2026-33821 | 1 Microsoft | 1 Dynamics 365 Customer Insights | 2026-05-15 | N/A | 7.7 HIGH |
| Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2026-41089 | 1 Microsoft | 6 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 3 more | 2026-05-15 | N/A | 9.8 CRITICAL |
| Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2026-41095 | 1 Microsoft | 6 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 3 more | 2026-05-15 | N/A | 7.8 HIGH |
| Use after free in Data Deduplication allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-41096 | 1 Microsoft | 6 Windows 11 23h2, Windows 11 24h2, Windows 11 25h2 and 3 more | 2026-05-15 | N/A | 9.8 CRITICAL |
| Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2026-41097 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 8 more | 2026-05-15 | N/A | 6.7 MEDIUM |
| Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. | |||||