Filtered by vendor Microsoft
Subscribe
Total
23389 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-27298 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2026-04-15 | N/A | 7.8 HIGH |
| Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2026-27299 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2026-04-15 | N/A | 6.3 MEDIUM |
| Adobe Framemaker versions 2022.8 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to access sensitive files or data on the system. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2026-27300 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2026-04-15 | N/A | 5.5 MEDIUM |
| Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2026-27301 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2026-04-15 | N/A | 5.5 MEDIUM |
| Adobe Framemaker versions 2022.8 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2026-25667 | 1 Microsoft | 1 .net | 2026-04-14 | N/A | 7.5 HIGH |
| ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrect exit condition for HTTP/3 Encoder/Decoder stream processing. | |||||
| CVE-2026-5877 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-04-14 | N/A | 8.8 HIGH |
| Use after free in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2026-5878 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-04-14 | N/A | 4.3 MEDIUM |
| Incorrect security UI in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2026-5880 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-04-14 | N/A | 4.3 MEDIUM |
| Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2026-5881 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-04-14 | N/A | 6.5 MEDIUM |
| Policy bypass in LocalNetworkAccess in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2026-5882 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-04-14 | N/A | 4.3 MEDIUM |
| Incorrect security UI in Fullscreen in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2026-32201 | 1 Microsoft | 1 Sharepoint Server | 2026-04-14 | N/A | 6.5 MEDIUM |
| Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2009-0238 | 1 Microsoft | 6 Excel, Excel Viewer, Office and 3 more | 2026-04-14 | 9.3 HIGH | 8.8 HIGH |
| Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC. | |||||
| CVE-2026-3775 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2026-04-14 | N/A | 7.8 HIGH |
| The application's update service, when checking for updates, loads certain system libraries from a search path that includes directories writable by low‑privileged users and is not strictly restricted to trusted system locations. Because these libraries may be resolved and loaded from user‑writable locations, a local attacker can place a malicious library there and have it loaded with SYSTEM privileges, resulting in local privilege escalation and arbitrary code execution. | |||||
| CVE-2026-3776 | 3 Apple, Foxit, Microsoft | 4 Macos, Pdf Editor, Pdf Reader and 1 more | 2026-04-14 | N/A | 5.5 MEDIUM |
| The application does not validate the presence of required appearance (AP) data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing its AP entry, the code continues to dereference the associated object without a prior null or validity check, which allows a crafted document to trigger a null pointer dereference and crash the application, resulting in denial of service. | |||||
| CVE-2026-3777 | 3 Apple, Foxit, Microsoft | 4 Macos, Pdf Editor, Pdf Reader and 1 more | 2026-04-14 | N/A | 5.5 MEDIUM |
| The application does not properly validate the lifetime and validity of internal view cache pointers after JavaScript changes the document zoom and page state. When a script modifies the zoom property and then triggers a page change, the original view object may be destroyed while stale pointers are still kept and later dereferenced, which under crafted JavaScript and document structures can lead to a use-after-free condition and potentially allow arbitrary code execution. | |||||
| CVE-2026-3778 | 3 Apple, Foxit, Microsoft | 4 Macos, Pdf Editor, Pdf Reader and 1 more | 2026-04-14 | N/A | 6.2 MEDIUM |
| The application does not detect or guard against cyclic PDF object references while handling JavaScript in PDF. When pages and annotations are crafted that reference each other in a loop, passing the document to APIs (e.g., SOAP) that perform deep traversal can cause uncontrolled recursion, stack exhaustion, and application crashes. | |||||
| CVE-2026-32169 | 1 Microsoft | 1 Azure Cloud Shell | 2026-04-14 | N/A | 10.0 CRITICAL |
| Server-side request forgery (ssrf) in Azure Cloud Shell allows an unauthorized attacker to elevate privileges over a network. | |||||
| CVE-2026-5894 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-04-14 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in PDF in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2026-5892 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-04-14 | N/A | 6.6 MEDIUM |
| Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to install a PWA without user consent via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2026-32191 | 1 Microsoft | 1 Bing Images | 2026-04-14 | N/A | 9.8 CRITICAL |
| Improper neutralization of special elements used in an os command ('os command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network. | |||||