Filtered by vendor Microsoft
Subscribe
Total
23246 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-21528 | 1 Microsoft | 1 Azure Iot Explorer | 2026-02-19 | N/A | 6.5 MEDIUM |
| Binding to an unrestricted ip address in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2025-68154 | 2 Microsoft, Systeminformation | 2 Windows, Systeminformation | 2026-02-19 | N/A | 8.1 HIGH |
| systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the `fsSize()` function in systeminformation is vulnerable to OS command injection on Windows systems. The optional `drive` parameter is directly concatenated into a PowerShell command without sanitization, allowing arbitrary command execution when user-controlled input reaches this function. The actual exploitability depends on how applications use this function. If an application does not pass user-controlled input to `fsSize()`, it is not vulnerable. Version 5.27.14 contains a patch. | |||||
| CVE-2026-0102 | 1 Microsoft | 1 Edge Chromium | 2026-02-19 | N/A | 3.1 LOW |
| Under specific conditions, a malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent. This could result in disclosure of stored autofill data such as addresses, email, or phone number metadata. | |||||
| CVE-2026-26119 | 1 Microsoft | 1 Windows Admin Center | 2026-02-19 | N/A | 8.8 HIGH |
| Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2025-53000 | 2 Jupyter, Microsoft | 2 Nbconvert, Windows | 2026-02-18 | N/A | 7.8 HIGH |
| The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows have a vulnerability in which converting a notebook containing SVG output to a PDF results in unauthorized code execution. Specifically, a third party can create a `inkscape.bat` file that defines a Windows batch script, capable of arbitrary code execution. When a user runs `jupyter nbconvert --to pdf` on a notebook containing SVG output to a PDF on a Windows platform from this directory, the `inkscape.bat` file is run unexpectedly. This issue has been patched in version 7.17.0. | |||||
| CVE-2026-0391 | 1 Microsoft | 1 Edge Chromium | 2026-02-18 | N/A | 6.5 MEDIUM |
| User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2008-0015 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2026-02-17 | 9.3 HIGH | 8.8 HIGH |
| Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability." | |||||
| CVE-2025-26637 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 22h2 and 9 more | 2026-02-16 | N/A | 6.8 MEDIUM |
| Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | |||||
| CVE-2025-32709 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2026-02-13 | N/A | 7.8 HIGH |
| Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-24054 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2026-02-13 | N/A | 6.5 MEDIUM |
| External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2025-59213 | 1 Microsoft | 3 Configuration Manager 2403, Configuration Manager 2409, Configuration Manager 2503 | 2026-02-13 | N/A | 8.8 HIGH |
| Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an unauthorized attacker to elevate privileges over an adjacent network. | |||||
| CVE-2025-48823 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2026-02-13 | N/A | 5.9 MEDIUM |
| Cryptographic issues in Windows Cryptographic Services allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2025-47964 | 1 Microsoft | 1 Edge Chromium | 2026-02-13 | N/A | 5.4 MEDIUM |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||||
| CVE-2025-47963 | 1 Microsoft | 1 Edge Chromium | 2026-02-13 | N/A | 6.3 MEDIUM |
| No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2025-47732 | 1 Microsoft | 1 Dataverse | 2026-02-13 | N/A | 8.7 HIGH |
| Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network. | |||||
| CVE-2025-47176 | 1 Microsoft | 2 365 Apps, Office Long Term Servicing Channel | 2026-02-13 | N/A | 7.8 HIGH |
| '.../...//' in Microsoft Office Outlook allows an authorized attacker to execute code locally. | |||||
| CVE-2025-29972 | 1 Microsoft | 1 Azure Storage Resource Provider | 2026-02-13 | N/A | 9.9 CRITICAL |
| Server-side request forgery (ssrf) in Azure Storage Resource Provider allows an authorized attacker to perform spoofing over a network. | |||||
| CVE-2025-29813 | 1 Microsoft | 1 Azure Devops | 2026-02-13 | N/A | 10.0 CRITICAL |
| Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network. | |||||
| CVE-2025-26647 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2026-02-13 | N/A | 8.8 HIGH |
| Improper input validation in Windows Kerberos allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2025-21389 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2026-02-13 | N/A | 7.5 HIGH |
| Uncontrolled resource consumption in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to deny service over a network. | |||||