Filtered by vendor Microsoft
Subscribe
Total
22939 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-43468 | 1 Microsoft | 3 Configuration Manager 2403, Configuration Manager 2409, Configuration Manager 2503 | 2026-02-13 | N/A | 9.8 CRITICAL |
| Microsoft Configuration Manager Remote Code Execution Vulnerability | |||||
| CVE-2020-0919 | 1 Microsoft | 1 Windows App | 2026-02-12 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists in Remote Desktop App for Mac in the way it allows an attacker to load unsigned binaries, aka 'Microsoft Remote Desktop App for Mac Elevation of Privilege Vulnerability'. | |||||
| CVE-2026-24300 | 1 Microsoft | 1 Azure Front Door | 2026-02-12 | N/A | 9.8 CRITICAL |
| Azure Front Door Elevation of Privilege Vulnerability | |||||
| CVE-2026-21532 | 1 Microsoft | 1 Azure Functions | 2026-02-12 | N/A | 8.2 HIGH |
| Azure Function Information Disclosure Vulnerability | |||||
| CVE-2026-24302 | 1 Microsoft | 1 Azure Arc | 2026-02-12 | N/A | 8.6 HIGH |
| Azure Arc Elevation of Privilege Vulnerability | |||||
| CVE-2026-20960 | 1 Microsoft | 1 Power Apps | 2026-02-12 | N/A | 8.0 HIGH |
| Improper authorization in Microsoft Power Apps allows an authorized attacker to execute code over a network. | |||||
| CVE-2026-21218 | 3 Apple, Linux, Microsoft | 4 Macos, Linux Kernel, .net and 1 more | 2026-02-12 | N/A | 7.5 HIGH |
| Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2026-24307 | 1 Microsoft | 1 365 Copilot | 2026-02-12 | N/A | 9.3 CRITICAL |
| Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2026-24304 | 1 Microsoft | 1 Azure Resource Manager | 2026-02-12 | N/A | 9.9 CRITICAL |
| Improper access control in Azure Resource Manager allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2025-30398 | 1 Microsoft | 1 Nuance Powerscribe One | 2026-02-12 | N/A | 8.1 HIGH |
| Missing authorization in Nuance PowerScribe allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2026-21508 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-02-12 | N/A | 7.0 HIGH |
| Improper authentication in Windows Storage allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-21531 | 1 Microsoft | 1 Azure Conversation Authoring Client Library | 2026-02-12 | N/A | 9.8 CRITICAL |
| Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2026-21537 | 1 Microsoft | 1 Defender For Endpoint | 2026-02-11 | N/A | 8.8 HIGH |
| Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network. | |||||
| CVE-2026-21528 | 1 Microsoft | 1 Azure Iot Explorer | 2026-02-11 | N/A | 6.5 MEDIUM |
| Binding to an unrestricted ip address in Azure IoT SDK allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2026-21527 | 1 Microsoft | 1 Exchange Server | 2026-02-11 | N/A | 6.5 MEDIUM |
| User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2026-21523 | 1 Microsoft | 1 Visual Studio Code | 2026-02-11 | N/A | 8.0 HIGH |
| Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network. | |||||
| CVE-2026-21516 | 1 Microsoft | 1 Github Copilot | 2026-02-11 | N/A | 8.8 HIGH |
| Improper neutralization of special elements used in a command ('command injection') in Github Copilot allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2026-21512 | 1 Microsoft | 1 Azure Devops Server | 2026-02-11 | N/A | 6.5 MEDIUM |
| Server-side request forgery (ssrf) in Azure DevOps Server allows an authorized attacker to perform spoofing over a network. | |||||
| CVE-2026-21256 | 1 Microsoft | 1 Visual Studio 2022 | 2026-02-11 | N/A | 8.8 HIGH |
| Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2026-21518 | 1 Microsoft | 1 Visual Studio Code | 2026-02-11 | N/A | 6.5 MEDIUM |
| Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network. | |||||