Filtered by vendor Microsoft
Subscribe
Total
23319 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-1545 | 3 Linux, Microsoft, Wolfssl | 3 Linux Kernel, Windows, Wolfssl | 2026-01-27 | N/A | 5.9 MEDIUM |
| Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure. | |||||
| CVE-2025-54313 | 5 Alexghr, Homarr, Microsoft and 2 more | 8 Got-fetch, Homarr, Windows and 5 more | 2026-01-23 | N/A | 7.5 HIGH |
| eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows. | |||||
| CVE-2025-26627 | 1 Microsoft | 1 Azure Arc | 2026-01-20 | N/A | 7.0 HIGH |
| Improper neutralization of special elements used in a command ('command injection') in Azure Arc allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-10198 | 2 Lizardbyte, Microsoft | 2 Sunshine, Windows | 2026-01-20 | N/A | 7.8 HIGH |
| Sunshine for Windows, version v2025.122.141614, contains a DLL search-order hijacking vulnerability, allowing attackers to insert a malicious DLL in user-writeable PATH directories. | |||||
| CVE-2025-64663 | 1 Microsoft | 1 Azure Language | 2026-01-16 | N/A | 9.9 CRITICAL |
| Custom Question Answering Elevation of Privilege Vulnerability | |||||
| CVE-2024-58315 | 2 Microsoft, Tosi | 2 Windows, Tosibox Key | 2026-01-16 | N/A | 7.8 HIGH |
| Tosibox Key Service 3.3.0 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the service startup process by inserting malicious code in the system root path, enabling unauthorized code execution during application startup or system reboot. | |||||
| CVE-2025-64677 | 1 Microsoft | 1 Office Out-of-box Experience | 2026-01-16 | N/A | 8.2 HIGH |
| Improper neutralization of input during web page generation ('cross-site scripting') in Office Out-of-Box Experience allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2025-64675 | 1 Microsoft | 1 Azure Cosmos Db | 2026-01-16 | N/A | 8.3 HIGH |
| Improper neutralization of input during web page generation ('cross-site scripting') in Azure Cosmos DB allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2026-21221 | 1 Microsoft | 3 Windows 11 24h2, Windows 11 25h2, Windows Server 2025 | 2026-01-16 | N/A | 7.0 HIGH |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-43491 | 2 Hp, Microsoft | 2 Poly Lens Desktop, Windows | 2026-01-16 | N/A | 9.8 CRITICAL |
| A vulnerability in the Poly Lens Desktop application running on the Windows platform might allow modifications to the filesystem, which might lead to SYSTEM level privileges being granted. | |||||
| CVE-2026-20965 | 1 Microsoft | 1 Windows Admin Center | 2026-01-16 | N/A | 7.5 HIGH |
| Improper verification of cryptographic signature in Windows Admin Center allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-20949 | 1 Microsoft | 2 365 Apps, Office Long Term Servicing Channel | 2026-01-16 | N/A | 7.8 HIGH |
| Improper access control in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally. | |||||
| CVE-2026-20948 | 1 Microsoft | 5 365 Apps, Office, Office Long Term Servicing Channel and 2 more | 2026-01-16 | N/A | 7.8 HIGH |
| Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||||
| CVE-2026-20947 | 1 Microsoft | 1 Sharepoint Server | 2026-01-16 | N/A | 8.8 HIGH |
| Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||||
| CVE-2026-20946 | 1 Microsoft | 4 365 Apps, Excel, Office and 1 more | 2026-01-16 | N/A | 7.8 HIGH |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||||
| CVE-2026-20944 | 1 Microsoft | 2 365 Apps, Office Long Term Servicing Channel | 2026-01-16 | N/A | 8.4 HIGH |
| Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||||
| CVE-2026-20943 | 1 Microsoft | 3 Office, Office Deployment Tool, Sharepoint Server | 2026-01-16 | N/A | 7.0 HIGH |
| Untrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally. | |||||
| CVE-2026-20941 | 1 Microsoft | 3 Windows 11 24h2, Windows 11 25h2, Windows Server 2025 | 2026-01-16 | N/A | 7.8 HIGH |
| Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-20940 | 1 Microsoft | 10 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 7 more | 2026-01-16 | N/A | 7.8 HIGH |
| Heap-based buffer overflow in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-20939 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2026-01-16 | N/A | 5.5 MEDIUM |
| Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally. | |||||