Filtered by vendor Microsoft
Subscribe
Total
24081 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-41105 | 1 Microsoft | 1 Azure Monitor Action Group Notification System | 2026-05-14 | N/A | 8.1 HIGH |
| Server-side request forgery (ssrf) in Azure Notification Service allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2026-42891 | 1 Microsoft | 1 Edge Chromium | 2026-05-14 | N/A | 6.5 MEDIUM |
| User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2026-42838 | 1 Microsoft | 1 Edge Chromium | 2026-05-14 | N/A | 5.4 MEDIUM |
| Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network. | |||||
| CVE-2026-42830 | 1 Microsoft | 1 Azure Monitor Agent | 2026-05-14 | N/A | 6.5 MEDIUM |
| Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-42825 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-05-14 | N/A | 7.0 HIGH |
| Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-42823 | 1 Microsoft | 1 Azure Logic Apps | 2026-05-14 | N/A | 9.9 CRITICAL |
| Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2026-41614 | 1 Microsoft | 1 365 Copilot | 2026-05-14 | N/A | 6.2 MEDIUM |
| Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally. | |||||
| CVE-2026-33110 | 1 Microsoft | 1 Sharepoint Server | 2026-05-13 | N/A | 8.8 HIGH |
| Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||||
| CVE-2026-33112 | 1 Microsoft | 1 Sharepoint Server | 2026-05-13 | N/A | 8.8 HIGH |
| Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||||
| CVE-2026-35439 | 1 Microsoft | 1 Sharepoint Server | 2026-05-13 | N/A | 8.8 HIGH |
| Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||||
| CVE-2026-40368 | 1 Microsoft | 1 Sharepoint Server | 2026-05-13 | N/A | 8.0 HIGH |
| Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||||
| CVE-2026-40357 | 1 Microsoft | 1 Sharepoint Server | 2026-05-13 | N/A | 8.8 HIGH |
| Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||||
| CVE-2026-34690 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2026-05-13 | N/A | 7.8 HIGH |
| After Effects versions 26.0, 25.6.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2026-42899 | 3 Apple, Linux, Microsoft | 4 Macos, Linux Kernel, .net and 1 more | 2026-05-13 | N/A | 7.5 HIGH |
| Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network. | |||||
| CVE-2026-42893 | 1 Microsoft | 1 Outlook | 2026-05-13 | N/A | 7.4 HIGH |
| Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to perform tampering over a network. | |||||
| CVE-2026-34636 | 3 Adobe, Apple, Microsoft | 3 Premiere Pro, Macos, Windows | 2026-05-13 | N/A | 7.8 HIGH |
| Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2026-34637 | 3 Adobe, Apple, Microsoft | 3 Premiere Pro, Macos, Windows | 2026-05-13 | N/A | 7.8 HIGH |
| Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2026-34638 | 3 Adobe, Apple, Microsoft | 3 Premiere Pro, Macos, Windows | 2026-05-13 | N/A | 7.8 HIGH |
| Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2017-3076 | 5 Adobe, Apple, Google and 2 more | 7 Flash Player, Mac Os X, Chrome Os and 4 more | 2026-05-13 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the MPEG-4 AVC module. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-3030 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2026-05-13 | 9.3 HIGH | 7.8 HIGH |
| Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the AES module. Successful exploitation could lead to arbitrary code execution. | |||||